IT Security and Compliance Specialist

Located in the scenic Puget Sound area with nearby mountain ranges and Mount Rainier in the distance, Tacoma is surrounded by outdoor recreational opportunities such as hiking, boating and camping. Tacoma, Washington has been ranked as one of the most livable cities in the country, due to the increasing career opportunities, cultural diversity and community engagement, just to name a few.

Tacoma Community College (TCC) was built on the ancestral territory of Coast Salish peoples, specifically the Puyallup and Squaxin Island Tribes. The 1854 Medicine Creek Treaty forcibly removed them to Reservations to make way for colonizers; we recognize the privilege of utilizing this land has come at a great cost. We honor the resilience of the Puyallup and Squaxin Island people, who still live here, defend their rights, and contribute greatly to the well-being of our community. Our institution aims to increase partnerships and community ties with the local indigenous populations. Moreover, TCC stands in solidarity with Black Lives Matter and the Black community by further strengthening collaboration with the Black Student Union as well as community entities such as the Tacoma-Pierce County Black Collective, the Tacoma Urban League, and local black-owned businesses. In addition, we strongly support the Stop Asian Hate movement and have an active Asian Pacific Islander Student Club as well as an Asian and Pacific Islander Faculty and Staff Coalition. TCC is committed to developing more culturally responsive curricula by infusing and incorporating more educational content focused on the lives, experiences, and contributions of Native, Black, Asian, and other marginalized communities. We continually strive to become an anti-racist institution.

We are specifically focusing on improved support for traditionally marginalized populations, including Black/African- American, Indigenous, People of Color, Dreamers, justice-involved, immigrants and refugees, Veterans, people with disabilities, and the LGBTQ+ community. To this end, TCC seeks applicants who:

• Value intellectual curiosity and innovative teaching
• Welcome difference and model respectful interaction with others
• Recognize and honor the important role that diversity brings to an educational community
• Are committed to educating a racially and socioeconomically diverse student population
• Are committed to teaching in a community college setting
• Care deeply about student success
• Intentionally support and promote efforts related to equity, diversity, and inclusion
• Honor TCC's mission promoting equitable access to educational opportunities
• Reflect the diversity of our community

Position Summary:
The IT Security and Compliance Specialist leads the development, enhancements, and coordination of the College's cybersecurity processes. This position provides advanced monitoring, analysis, and assessment of security threats and risks, and leads the execution of plans to address security-related activities. This position leads cybersecurity efforts for applicable compliance frameworks. This position oversees compliance, identifying defense-in-depth strategies for layered security controls, monitoring of security posture, and ensures alignment with industry best practices and requirements for cybersecurity.

• Provide specialized support in multiple security or compliance tools/technologies and areas of cyber/information security support.
• Manage advanced-level tasks and processing of requests for Cybersecurity practices.
• Maintain documentation of a mature Cybersecurity program for accreditation and compliance concerns.
• Analyze and assess potential security risks. Work with partners to execute plans to deal with security-related activities based on best practice methodology.
• Develop technical and operational documentation for standards, processes and procedures; develop a security evaluation plan and test procedures to assess physical, technical, and administrative safeguards and controls as appropriate.
• Monitor services and audit cybersecurity systems for abnormal activity. Collaborate with partners to execute corrective or notification actions based on established procedures.
• Collaborate with IT Team Leads to evaluate, monitor, identify risks, requirements, and determine corrective actions for multiple systems; including, network, firewalls, operating systems, applications, cloud solutions, and evaluate solutions for viability, security and sustainability.
• Research, evaluate and recommend additional security practices, solutions, and technologies. Develop methodologies for selecting and implementing these measures to strengthen and secure the environment.
• Provide security-engineering services to new technology projects on a project-by-project basis; plan for and recommend security controls throughout the system's life cycle.
• Monitor access and use of systems and facilities based on approved policies.
• Investigate Information Security incidents to determine chain of events, the players involved, and the impact to the organization. Prepare information and present findings to incident response team.
• Periodically assess Web content filtering solution management and reporting.
• Periodically test, evaluate, assess, and certify security measures based on established guidelines of known and reasonably anticipated and reported threats.
• Perform security audits as requested, produce actionable threat intelligence, analyze, advise, and report results as needed.
• Provide recurring End User training content on safe computing practices and develop processes for sharing information regarding common vulnerabilities; administer security training to small and large groups.
• Periodically conduct and evaluate risk assessments either independently or with support of a third-party vendor. Assist with development and recommendations for risk mitigation plans and/or programs.
• Define and recommend Information Security requirements for new applications; assess security controls of new applications to establish compliance level and appropriate configuration.
• Attend Cybersecurity forums as assigned.
• Conduct annual security standards and remediate deficiencies. Perform comprehensive independent IT security audit per State standards.
• Ensure compliance with the latest Washington State Office of the Chief Information Officer (OCIO), State Board of Community & Technical Colleges Information Technology Division (SBCTC-ITD), and other applicable security standards (i.e., FERPA, HIPAA, PCI, etc.). Document and update security practices.
• Perform other related duties as assigned.

Duties of the position require the following knowledge, skills, and abilities:

• Effectively carry out work processes to achieve individual and organizational goals.
• Manage personal time and projects wisely; set priorities, make appropriate decisions to complete assigned tasks and solve problems efficiently and promptly.
• Identify and understand issues, challenges, and learning opportunities; be proactive and strategic with solutions.
• Communicate promptly and responsively to the needs of the department and College community.
• Ability to establish and maintain positive working relationships with students, colleagues, and staff.
• Practice ethics, integrity, and sound professional judgment.
• An appreciation of diversity and a commitment to cultural awareness and sensitivity in the workplace.
• Diligently works to meet the needs of a diverse college community with a variety of skills and abilities. Advocates for, and contributes to, IT Accessibility goals and initiatives.
• Excellent customer service skills, including establishing, building, and maintaining internal/external customer satisfaction.
• Possess advanced skills in multiple security or compliance tools/technologies and areas of cyber/information security support.
• Knowledge of technical and security issues regarding local and wide area networks, e-mail systems, virus scanning, continuity of operations, and audit best practices.
• Advanced understanding of application development practices, systems administration and networking, and current trends in information security and risk analysis.
• Capable of composing written materials concisely, including policies, procedures, SOPs, and correspondence, all of which clearly articulate complex compliance requirements to both technical and non-technical audiences.
• Analytical skills demonstrating the ability to define, collect, and analyze data, establish facts, draw valid conclusions, and make fact-based decisions.
• Ability to identify key security issues quickly and the capacity to collaboratively develop effective strategic solutions that are feasible for the campus, while maintaining the integrity of the college's core mission and values.
• A commitment to establishing and maintaining a strong information security environment at the college, while preserving and supporting the primary, service-oriented functions of IT and the college.
• Proficient at working collaboratively with the disparate needs, skill levels, and expectations of campus units and technology users outside IT; can make timely and informed decisions when working towards goal/task completion.
• Ability to communicate effectively and comfortably with individuals, and in any group, at all levels in the organization, including executive management; ability to effectively exchange messages in a variety of contexts using multiple methods.
• Ability to work successfully with a diverse group of staff, managers, and administrators having primary responsibility for hands-on management of information security within the IT units.
• Demonstrates responsible personal and professional conduct, which contributes to the overall mission and goals; accepts personal responsibility for the quality and timeliness of work; earns trust, respect, and confidence from the College community.

Duties of the position required experience:

• Demonstrated success working effectively with ethnically and cultrally diverse populations.
• Bachelor's degree in business, information technology, computer science, computer engineering, or relevant field OR 4 years of equivalent IT security or networking work experience
• OR Equivalent education, certification, or experience.
• Experience in an information technology setting or department.
• 2 years of experience configuring, securing, and monitoring IT systems.
• Demonstrated experience with at least two of the following:
  • Network security and firewalls
  • Security monitoring and incident response
  • Risk assessment and mitigation
  • Compliance frameworks (e.g., FERPA, HIPAA, PCI, etc.,)

• Successful completion of a criminal history background check prior to employment.

Complete application packages must include the following:

1. Tacoma Community College online application form.
2. Resume and cover letter- In your cover letter, describe how your background and experience align with the responsibilities for this position.
3. Copies ofunofficialtranscripts from all colleges and universities attended.
4. Diversity Statement: At TCC, we celebrate our diverse community, and we believe our people are our greatest asset. We stand for social justice, implement best practices to advance equity, diversity, and inclusion, and collaborate to dismantle systemic racism. Please attach a statement (maximum 750 words) describing how you've demonstrated your commitment to diversity and social justice and how this will inform your work as an academic advisor.