IT Cybersecurity & Compliance Specialist Position Available In Buncombe, North Carolina

IT Cybersecurity & Compliance Specialist Applicants should submit a resume/cv, cover letter, and names and complete contact information for at least three professional references, including email addresses and phone numbers.
Posting Details
Posting Information Posting Number

PG193890EP

Internal Recruitment No
Working Title IT Cybersecurity & Compliance Specialist
Anticipated Hiring Range $95,000

• $115,000
  Work Schedule Monday
• Friday, 8:00 am
• 5:00 pm
  Job Location Asheville, NC
  Department NC Institute of Climate Studies
  About the Department The North Carolina Institute for Climate Studies (NCICS) is a UNC inter-institutional research institute whose primary focus is to promote the discovery of new knowledge about global, regional, and local climate variability and its impacts; and to provide information that is critical for determining trends and validating climate forecasts at all these spatial scales.

A primary activity of NCICS is the operation of the NOAA Cooperative Institute for Satellite Earth Systems Science (CISESS) formed through a consortium of academic, non-profit, and community organizations with leadership from the University of Maryland, College Park (UMCP) and North Carolina State University (NCSU) on behalf of the University of North Carolina (UNC) System. CISESS provides foci for collaborative research and associated activities in support of NOAA mission goals related to meteorological satellite and climate data and information research and development. Essential Job Duties The North Carolina Institute for Climate Studies IT Cybersecurity and Compliance Specialist will plan, coordinate and implement security measures to protect information and information processing assets. This position will be pivotal in safeguarding our information systems and assets against unauthorized access, attacks, and data breaches. This role will collaborate with cross-functional teams to enhance our security frameworks, manage risk, and ensure compliance with national and international information security standards. The incumbent will work with both technical and non-technical staff, ensuring that our systems are secure and compliant with federal and organizational standards. Key responsibilities for this position include:

Security Implementation:

This role leverages a robust understanding of OS, application, network, and distributed computing security. You will design and implement controls to protect sensitive data and ensure secure access to our networks and systems.

Endpoint Protection:

Develop strategies and implement solutions for comprehensive endpoint protection.
Single Sign On (SSO) and Identity Access Management (IAM): Manage and improve single sign on and identity access controls, including integration with IAM providers, to ensure secure and efficient access management.

Compliance and Standards:

Ensure all systems meet compliance requirements with an emphasis on cloud environments and federal computing standards. Utilize policy-as-code approaches to automate and enforce security policies.

Education and Training:

Lead educational initiatives on security practices for a diverse range of institute staff, from technical to non-technical roles.

Vulnerability and Threat Management:

Proactively scan for vulnerabilities within the system infrastructure and implement appropriate measures to mitigate identified risks. Manage ongoing threats and coordinate incident responses to minimize impact on institute activity.

Disaster Recovery and Continuity:

Lead in the planning and execution of disaster recovery strategies and continuity plans. Ensure all systems and protocols are in place to maintain operations in the event of a crisis.

Research and Development:

Stay abreast of the latest cybersecurity technologies and trends. Evaluate and recommend new security tools and techniques to strengthen our security infrastructure.

Other Responsibilities Other Responsibilities:

 Provide clear recommendations to institute and NOAA leadership regarding security threats, proactive mitigation, and risk management. Qualifications Minimum Education and Experience BS in Computer Science or related field or an Associate degree in a related field plus three years of relevant experience.
At least 3 years of experience in IT security, focusing on cloud security, endpoint protection, identity access management, or penetration testing. Other Required Qualifications Strong knowledge of secure coding practices and languages, with familiarity in security best practices and standards.
Proficiency in remote access security practices.
Understanding of encryption and programming concepts related to security. Preferred Qualifications Experience with federal computing requirements and implementation of x509 security certificates.
Proficient with identity providers, Jamf, AWS, MacOS, Linux, CI/CD pipelines, Containers, and Kubernetes
Proficient with system intelligence / security information and event management (SIEM) tools.
CISSP Certification.
Familiarity with compliance paradigms across various standards.
Experience in handling large-scale security incidents and crisis management. Preferred Soft Skills
Self-starter with the ability to take initiative and enforce policies when necessary.
Leadership skills with the capacity to take charge in crisis situations.
Excellent written and verbal communication skills, capable of documenting and explaining security measures and compliance clearly.
Ability to work independently as well as part of a team. Required License(s) or Certification(s) N/A Valid NC Driver’s License required No
Commercial Driver’s License required No
Recruitment Dates and Special Instructions Job Open Date 01/09/2025
Anticipated Close Date Open until filled
Special Instructions to Applicants Applicants should submit a resume/cv, cover letter, and names and complete contact information for at least three professional references, including email addresses and phone numbers.
Position Details Position Number 00111236
Position Type Exempt Professional Staff
Full Time Equivalent (FTE) (1.0 = 40 hours/week) 1.0
Appointment 12 Month Recurring
Mandatory Designation

• Adverse Weather Non Mandatory
• Adverse Weather
  Mandatory Designation
• Emergency Events Non Mandatory
• Emergency Event
  Department ID 063001
• NC Institute of Climate Studies
  EEO