


Risk assessment and management methodology.Information systems auditing, monitoring, controlling, and assessment process.Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations.Four Years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management. Relevant experience may substitute for the degree requirement on a year-for-year basis. Associate’s Degree in Computer Information Systems or related discipline. Physical skills are required for keyboarding and operating complex network and computing equipment. There is occasional travel between campuses or to off-site meetings. Position requires routine periods of standing and walking, lifting of equipment (30-50 pounds) and physical agility. Working conditions may require various shifts and/or weekends to provide incident response operations, business continuity plans, or disaster recovery operations. Work is performed in an office environment or using standard information technology equipment combined with specialized information security products. Work environment includes frequent disruptions and changes in priorities. Work Environment and Physical Requirements Performs other related duties as assigned.Remains current on best practices and technological advancements and acts as the College’s technical resource for security assessment and regulatory compliance.Trains, guides, and acts as a resource on security assessment functions to other departments within the College.Assists other staff in the management and oversight of security program functions.Provides remediation guidance and prepares management reports to track remediation activities. Documents and reports control failures and gaps to stakeholders.Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks. Performs and investigates internal and external information security risk and exceptions assessments.Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports. Defines and documents business process responsibilities and ownership of the controls in GRC tool.Develops reporting metrics, dashboards, and evidence artifacts. Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing.Improves PCC’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities. Evaluates risks and develops security standards, procedures, and controls to manage risks.Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances College business objectives.The Information Security Assessment Specialist takes a lead role in ensuring the security of all protected information collected, used, maintained, or released by PCC. The incumbent works with internal audit, external audit firms, and regulatory agencies to provide supportive documentation as applicable. This position ensures compliance with PCC’s internal controls, regulatory and information security policies and procedures. The Information Security Assessment Specialist updates and maintains control matrices and spreadsheets and provides recommendations for management’s consideration. Under the direction of management, the incumbent coordinates and performs PCC’s security assessment functions and control testing reporting and activities in accordance with PCC’s Internal Controls compliance, regulatory and departmental policy and procedures. PCC / Human Resources / Employment / Classified Job Classifications / Information Security Governance, Risk, and Compliance (GRC) Specialist Title: Information Security GRC Specialist Class: Classified Exempt Status: Non-exempt Grade: 26 Job Summary
