PD -HEO9-Information Security Administrator-

Document Sample
PD -HEO9-Information Security Administrator- Powered By Docstoc
					                                                                                                   Duty Statement

Position Details

Position Title:                          Information Security Administrator

PSU Name:                                Information and Communications Technology (ICT)
Department:                              Service Management
Team:                                    ICT Service Management – IT Security

Position Classification:                 HEO 9

Primary Function:                       ICT assists the University in achieving its strategic objectives. It prioritises services
                                        that support research & innovation, learning & teaching, and the student experience.
                                        It aims to increase the University’s ability to respond to technological innovation and
                                        return on technology investment, balanced by managing cost improving efficiency of
                                        University processes.

                                        The Information Security Administrator position is part of a team that focuses on the
                                        role of Information Security operations.

                                        This position is responsible for the development and coordination of security
                                        compliance efforts around ICT security access, audit response, security awareness,
                                        information security policies and standards, information classification, policy
                                        exception oversight, and information security risk management.

 Position Scope

 Reports to:                             Manager, IT Security

 Supervises:                             No staff supervised

 Estimated number of staff in this unit:                             3

 Estimated financial budget this role is responsible for:            N/A

 Primary Internal Contacts / Stakeholders:                           other parts of ICT

 Primary External Contacts / Stakeholders:                           CSO and other University staff

 Selection Criteria

The selection criteria must be consistent with the duties of the job listed overleaf. These criteria are to be used for the
advertisement, for short listing, in the interview process and for short-term appointments on nomination.


Essential (important factors which are required to do the job)
Skills/techniques:

 1. Demonstrated ability to establish and exceed client needs.
 2. Track record of keeping up to date with skills, knowledge and experience to facilitate continuous improvement of
    IT practices, processes and procedures. Applies this in day to day work.
 3. Demonstrated ability to manage resources and improve the quality of work including coordinating activities,
    budgets, facilities or other resources for consistent, repeatable and commercially sound solutions / systems and
    processes.
 4. Demonstrated contribution to the achievement of whole of business and team outcomes, contributing to the
    provision of cohesive end-to end IT services.
 5. Strong understanding of firewalling technologies, specifically Cisco ASA Firewalls, including the ability to
    troubleshoot and manage the firewall and supporting infrastructure
 6. Strong understanding of the relevant security concepts relating to Cisco IOS
 7. Strong understanding of Cisco VPN termination hardware

 1/12/09                                 Equal employment opportunity is University policy                                    Page 1 of 4
 8. Understanding of Strong Authentication systems, such as RSA SecurID
 9. Strong understanding of Anti Malware solutions, including endpoint and gateway solutions
 10. Strong understanding of and ability to troubleshoot problems with major client Operating Systems (OSX,
     Windows, Linux) and TCP/IP networking
 11. Sound knowledge of standard software packages used at the University of Sydney (e.g. MS Office, Outlook,
     Entourage, Internet Browsers etc)
 12. Understanding of messaging services such as Exchange, Sydney Mail and Unix-based mail services
 13. Understanding of directory services such as Active Directory and LDAP.
 14. Understanding of change management practices and theory and ability to successfully co-ordinate tasks from
     other groups towards the delivery of small-medium initiatives (e.g. hardware refreshes, software refreshes)
 15. Demonstrated ability to work independently with minimal supervision and allocate priorities
 16. Demonstrated capacity to develop technology-focused solutions for educational purposes.

 Experience

 1. Significant hands-on experience in a Security analyst/consultancy/project management related role in corporate,
    government or integrator type role.
 2. Demonstrated ability to develop solution documentation, such as operation procedures and processes
 3. Understanding of compliance regulations such as the Privacy Act & PCI and the implementation of subsequent
    controls to ensure compliance.
 4. Broad security technology understanding across applications and infrastructure (Linux/Unix, Windows, networks)
 5. Membership/key influencer within a business wide security dedicated forum
 6. Providing security advice to relevant committees, such as Change Advisory Board, Architecture Review Groups.
 7. Significant Experience translating client requirements into technical recommendations
 8. Significant experience providing computer support/troubleshooting

 Training/qualifications (or equivalent experience):

     1. Appropriate tertiary qualifications
     2. CISSP or equivalent Security Industry Certification
     3. Security Vendor certifications

Desirable (additional factors which are useful to do the job)
Skills/techniques:



 Work Performed

The duties and responsibilities of this position are numbered in order of importance. They include the major
accountabilities of the position and the frequency that each task is generally performed. (eg on a daily, weekly, monthly
or yearly basis, or as required)

      Tasks/Activities                                                                                    Frequency
 1. Firewall Management:                                                                                  Ongoing
      Taking ownership of technical support issues and problems experienced in the ICTs firewall
         environment, specifically in the configuration and change of the service to support ICT’s
         firewall service. This support is expected to be provided as a priority. The
         development/maintenance of support documentation will be required.

 2. Support for ICT Malware Solution:                                                                     Ongoing
      Taking responsibility for the successful management of the ICT malware solution.
      The development/maintenance of support documentation will be required.

 3. Support for Incident Response activity:                                                               As required
      Taking ownership of Security related Incident response activity, as authorised by the IT
        Security Manager. This support is expected to be provided as a priority.
      Taking responsibility for Incident Response process.
      Produce the relevant incident response reports.
      Maintain confidentiality and integrity throughout the process.

 4. Support for ICT Email Gateway:                                                                        Ongoing
      Taking responsibility for the successful management of the security and policies for ICT’s
        email gateway solution.

 1/12/09                            Equal employment opportunity is University policy                       Page 2 of 4
         The development/maintenance of support documentation will be required.

5. RSA infrastructure management:                                                                         Ongoing
     Taking responsibility for the successful management of the RSA (or similar) infrastructure.
     The development/maintenance of support documentation will be required.

6. Network Access Management:                                                                             Ongoing
     Taking responsibility for the successful management of the provision of DNS/DHCP and IP
       addressing for ICT. The development/maintenance of support documentation will be
       required.

7. Support for the VPN Remote Access Solution                                                             Ongoing
     Taking responsibility for the successful management of the ICT VPN remote access solution.
     The development/maintenance of support documentation will be required.
8. Establishes and exceeds client needs (internal and external) by:                                       Ongoing
     Delivering and supporting solutions which meet client needs (coaches, conducts detailed
       needs analyses, delivers to commitments);
     Providing reliable, consistent and professional service (keeping the client regularly informed);
     Listening to the client;
     Taking responsibility for resolving issues;
     Establishing and maintaining effective internal / external relationships.


9. Keeps up to date with skills, knowledge and experience to facilitate continuous                        Ongoing
improvement of ICT practices, processes and procedures. Applies this in day to day work by:

         Keeping abreast of contemporary IT industry trends;
         Recommending means to improve processes and procedures;
         Implementing improved ways of doing things based on contemporary IT practices;
         Seeking new ideas to improve processes and procedures from colleagues;
         Contributing ideas and suggestions as part of the consultative processes associated with
          work place change;
         Learning from mistakes.


10. Manages resources and improves the quality of work including coordinating activities,                 Ongoing
budgets, facilities or other resources for consistent, repeatable and commercially sound
solutions / systems and processes by:

         Adopting consistent ways of doing things;
         Continuously improving the way things are done within individual area of accountability
          (eliminating ineffective and unnecessary technologies and processes, focuses on quality);
         Delivering commercially sound solutions (based on return on investment, balancing cost and
          quality, complies with policy and practice, etc.)

11. Actively contributes to the achievement of team outcomes, contributing to the provision               Ongoing
of cohesive end-to end ICT services being provided to the University by:

         Supporting the “One ICT” mission strategy;
         Seeking to assist and co-operate with other ICT team members within the Service
          Management department and other departments within ICT;
         Taking responsibility for understanding and contributing to ICT’s / the University’s business
          goals;
         Making effective decisions within ones area of accountability (acts quickly and decisively,
          engages stakeholders, considers the impact on others);
         Working with other departments and teams to assist in making end-to-end processes more
          effective (takes accountability for their individual part in the process);
         Giving and seeking constructive feedback regularly;
         Keeping others informed / involves stakeholders in decision making;
         Communicating effectively (eg. provides context, tailors messages to the audience, keeps
          others informed, actively listens and clarifies to ensure the audience understands their
          message).


1/12/09                              Equal employment opportunity is University policy                     Page 3 of 4
 12. Out of hours work, such as rostered on-call work and response to Priority 1 incidents.                   As required


 13. Any other duties appropriate with this classification as may be assigned by the manager                  As required
 or Director.

 14. Comply with Equal Employment Opportunity and Affirmative Action by:                                      Ongoing

 Observing and applying EEO and AA policy and procedures when liaising with staff, students and
 outside contacts.




 Signature

I confirm that this Duty Statement reflects the inherent requirements and true priorities of this position. Only relevant
skills and experience have been specified as essential or desirable.

Head of Department/Unit:

Name: __________________________________                                          Signature: _____________________

Date: __________________________________



 Organisation Chart




 1/12/09                             Equal employment opportunity is University policy                          Page 4 of 4

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:4
posted:12/20/2011
language:
pages:4