Position Announcement - Privacy and Information Security Specialist

["Barnes, Joe" <jdbarns1 () ILLINOIS EDU>]

Good morning,

We have a new position at the University of Illinois within the Privacy and Security Office.  Please see details below. 
 The deadline to apply is March 23, 2017.  If interested or know anyone who might be, I ask that you please forward 
this note on.

Thanks
Joe


***********************************
Joe Barnes, CISSP
Chief Privacy & Security Officer
Technology Services at Illinois
University of Illinois at Urbana-Champaign




Privacy and Information Security Specialist
Office of the Chief Information Officer - Technology Services
University of Illinois at Urbana-Champaign


Technology Services at Illinois is the provider of campus-wide computing, networking, telephone, and instructional 
technology services supporting academic activities of faculty, staff, and students at the University of Illinois at 
Urbana-Champaign.

The University of Illinois at Urbana-Champaign is seeking a privacy and security professional who is self-motivated and 
has excellent interpersonal skills to serve as a Privacy and Information Security Specialist. This position is 
responsible for designing and facilitating technical and non-technical solutions related to sensitive data for a 
diverse set of customers across the University.

This individual will interact with faculty, staff, researchers, IT professionals, and vendors to analyze business, 
research, and compliance needs and in conjunction with appropriate stakeholders create scalable, secure, and usable 
solutions that enables the University to further its mission.  For this role, experience providing excellent customer 
services and working in a complex environment with competing priorities is a must.  Prior experience working to secure 
one or more types of sensitive data (FERPA, PCI, PII, PHI/HIPAA) is needed to be successful in this role.

Primary Position Function
Responsible for collaboration with the University to identify and reduce privacy and information security risk exposure 
and in an as needed basis response to and recovery from privacy or security incident investigations.

Major Duties and Responsibilities


*         Identify and analyze sensitive data and the environments in which they are processed, transmitted, or stored.

*         Execute the development and implementation of processes that support business and research needs across the 
University.

  *   Apply security knowledge, skills, and abilities on assignments, projects and programs at the discretion of the 
Chief Privacy and Security Officer.
  *   Design and advise on process, solutions, technical specifications, and implementation details to provide 
confidentiality, integrity, and availability of systems and process that involve sensitive data and/or mission critical 
systems.
  *   Work with operational security staff to implement proactive detection, automation, and defenses into the 
University IT infrastructure and respond to security incidents.
  *   Contribute to team discussions on formulating new or improving existing processes, policies, and standards.

*         Use discretion and maintain confidential information.

  *   Review existing and planned practices, policies, and standards with University stakeholder to implement 
University policy and standards.

*         Set and manage customer expectations through partnership with the Technology Services Service Center.

*         Advocate for Technology Services clients in service planning and deployment across the organization.

*         Resolve customer satisfaction issues.

*         Understand the overall processes and procedures of the organization and make recommendations in the continual 
improvement of those processes and procedures, providing for management analysis and recommendations on continual 
improvement.

*         Maintain professional expertise by attending outside seminars/courses and thorough review of published 
literature.
Specific Duties and Responsibilities for Health Insurance Portability and Accountability Act (HIPAA) and Protected 
Health Information (PHI)


  *   Consult with business and technical partners across campus regarding HIPAA & PHI privacy and security matters.
  *   Analyze existing solutions and advise privacy and security operations team on monitoring, detection, and response 
for HIPAA & PHI related processes and systems.
  *   Facilitate completion of vulnerability assessment and risk analyses of existing and planned HIPAA & PHI systems.
  *   Advise and support University general security and HIPAA training programs.
  *   Conduct partial and/or complete HIPAA & PHI privacy and security assessments and audits at the discretion of the 
Chief Privacy and Security Officer.

Organizational Chart

Vice Chancellor for Academic Affairs and Provost

Chief Information Officer
Chief Privacy and Security Officer
Senior IT Security Risk Analyst
Privacy and Information Security Specialist
Position Requirements and Qualifications

Education
Bachelor's degree.

Preferred Education
Bachelor's degree in a relevant field, including Computer Science, Engineering, Information Technology, or other 
relevant field.

Experience
*         Experience authoring and presenting a wide range of formal and informal business and technical communications 
tailored to individual or plural organizational audiences.

*         Demonstrated ability in effective communication and collaborating in a high performance team environment.

*         Demonstrated commitment to customer service.

*         Experience participating in diverse workgroups.

Preferred Experience
*         Experience with healthcare regulatory matters.
*         One or more years of experience in an academic campus IT environment.
*         Experience working with or for a dedicated IT security office.
*         Experience working with IT Security Incident Response.
*         Experience evaluating vulnerability scans in a professional environment.

Knowledge Requirements
*         Applied knowledge in one or more of the following domains including but not limited to Data Security, IT 
Systems and Operations, Network Security, Systems and Applications Security or Vulnerability Management.
*         Understand instructional design methodologies.

Preferred Knowledge Requirements
*         Experience and knowledge of HIPAA, HITECH, and related domestic privacy laws.
*         Familiarity working with a Security Event Management product.

Training
Preferred Training


*         CISSP, HCISSP, CHP, CEA, CRISC, MCA, CCSA, CISA, GSEC or similar certifications highly desired.

*         Project Management certification a plus.
Appointment Status and Salary
This is a full-time, benefits eligible academic professional position appointed on a 12-month basis.   The University 
Benefits package includes but not limited to 24 vacation days, 12 sick days, insurance (health, dental, vision, life) 
and  SURS retirement.   For other University provided benefits, please go to: https://nessie.uihr.uillinois.edu.  
Salary and position level are competitive and commensurate with qualifications and experience.  Applicants should have 
a current, valid legal authorization to work in the United States.  There will be no relocation costs included in this 
package.  The start date will be as soon as possible after the close date.
To Apply
For full consideration, complete applications should be received by March 23, 2017.  Please create a candidate profile 
at https://jobs.illinois.edu and upload a combined package of materials in one file:
1.            Letter of application
2.            Resume
3.            Names/contact information of three professional references
The online application will require the names and contact information for three professional references.  Three letters 
of recommendation will be required for all Search Finalists.  For further information regarding application procedures, 
please contact Lori Oakes at techsvc-hr () mx uillinois edu<mailto:techsvc-hr () mx uillinois edu> or call (217) 
333-4222.
The University of Illinois conducts criminal background checks on all job candidates upon acceptance of a contingent 
offer.
Illinois is an equal opportunity employer and all qualified applicants will receive consideration for employment 
without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a 
protected veteran, or status as a qualified individual with a disability. Illinois welcomes individuals with diverse 
backgrounds, experiences, and ideas who embrace and value diversity and inclusivity. 
(www.inclusiveillinois.illinois.edu<http://www.inclusiveillinois.illinois.edu>).


Human Capital Management and Organizational Effectiveness
Technology Services at Illinois
University of Illinois at Urbana-Champaign
1525 Digital Computing Lab
MC-256
Urbana, Illinois  61801
(217) 333-4222