The University of New Mexico (UNM) Health and Health Sciences Information Technology (HHS IT) Information Security Office (ISO), supports both the health and health sciences enterprise components. The ISO is seeking a Cloud Security Specialist who can provide cloud security expertise for IT services in the clinical, academic, research and administrative areas across the enterprise, particularly as it envisions its use of cloud services to support the mission. HHS IT has moved from an on-premises to a hybrid environment based primarily on Microsoft Azure and 365 and seeks to improve and enhance its technical information security in this expansive new environment. They will foster a sense of collaboration and transparency between IT security and leaders.

Under general direction the position will provide technical and strategic cybersecurity leadership in the development and implementation of complex/large IT initiatives. They will interface with leadership and other professionals to identify key strategic cybersecurity requirements and implementation strategies to ensure that on premises, cloud-based systems, and data are protected. They will establish the processes required for the successful development and implementation of complex projects where cybersecurity is paramount. This position will report directly to the ISO and is a hybrid position, working both on campus and remote.

This Cloud Security Specialist will:

• Provides technical information security leadership on a variety of highly specialized project-related activities requiring expertise in specific scientific/technical areas for core information technology systems and services.

• Serves as subject matter expert in a multi-disciplinary design group.

• May oversee the supervision and mentoring of personnel, which includes work allocation, training, promotion, enforcement of internal procedures and controls, problem resolution; and, motivates employee to achieve peak productivity and performance.

• Provides advice and recommendations to the Information Security Officer on security matters of interest and concern, and expert recommendations to leadership, IT managers and peers concerning technical and programmatic information security to help ensure that systems and data are secure across the enterprise.

• Oversees the enterprise vulnerability management program, working with the Information Security Officer and the technical staff performing vulnerability-related tasks to identify and remediate vulnerabilities on a timely basis and measure program effectiveness through clear and actionable metrics.

• Coordinates incident response, including planning, documentation, training and execution of appropriate incident response to a wide range of information security scenarios.

• Assesses information security risk for specific systems and environments and provides guidance and recommendations to improve the overall risk assessment processes.

• Evaluates the effectiveness of security controls and give recommendations for remediation and enhancements, particularly in the cloud environment.

• Develops briefs, reports, training/awareness notices, and other documents concerning information security topics. Leads and/or supports various ad hoc and standing committees concerning information security topics.

See the Position Description for additional information.

• Must pass a pre-employment criminal background check.
• May be required to pass post-offer, pre-employment physical examination and medical history check.

Bachelor's degree; at least 5 years of experience directly related to the duties and responsibilities specified.

Completed degree(s) from an accredited institution and/or experience that is directly related to the duties and responsibilities specified may be interchangeable on a year-for-year basis.

Preferred Qualifications:

• Experience evaluating technical information security controls for new and/or existing on-premise cloud services and projects, preferably in a fairly large domain with more than 20,000 endpoints, IT network environment.
• Experience as technical SME on cloud security, specifically within Microsoft Azure.
• Experience working with enterprise vulnerability systems and programs.
• Experience leading or participating on incident response, including planning, documentation, training and execution.
• Ability to communicate about complex technical topics in a way appropriate to audiences with varying backgrounds and knowledge of IT and security, both in writing and in meetings or other venues.
• Ability to foster and maintain beneficial relationships with diverse staff at various organizational levels.
• Certified Information Systems Security Professional or other advanced security and/or IT certification.
• Bachelor’s degree in a related field.

Only applications submitted through the official UNMJobs site will be accepted. If you are viewing this job advertisement on a 3rd party site, please visit UNMJobs to submit an application.

Positions posted with a Staff Type of Regular or Term are eligible for the Veteran Preference Program. See the Veteran Preference Program webpage for additional details.

The University of New Mexico is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability, or any other protected class.

The University of New Mexico requires all regular staff positions successfully pass a pre-employment background check. This may include, but is not limited to, a criminal history background check, New Mexico Department of Health fingerprint screening, New Mexico Children, Youth, and Families Department fingerprint screening, verification of education credentials, and/or verification of prior employment. For more information about background checks, visit https://policy.unm.edu/university-policies/3000/3280.html. Refer to https://policy.unm.edu/university-policies/3000/3200.html for a definition of Regular Staff.