Information Security Officer

Website University of North Carolina Asheville

Pay Range: $68,000-$81,450

UNCA Overview

UNC Asheville is committed to promoting diversity and a work environment that encourages knowledge of, respect for, and the ability to engage with those of other cultures or backgrounds. Staff members are encouraged to take an active role to engage in the institution’s efforts in promoting diversity and inclusion throughout the workplace. The successful candidate will be expected to foster an inclusive work culture where uniqueness of beliefs, backgrounds, talents, capabilities and ways of living are respected and welcomed.

Located in the Blue Ridge Mountains in Western North Carolina, UNCAsheville is the designated public liberal arts campus in the University of North Carolina system. UNC Asheville is nationally known for the quality of our student-centered teaching, mentoring of undergraduates in research, interdisciplinary learning, and striving to be an inclusive campus community.

UNC Asheville’s commitment to increasing and sustaining the diversity of our faculty, staff, and students is reflected in our strategic plan goals of diversity and inclusion, and social sustainability. ( Women, traditionally under-represented minorities, and people with disabilities are encouraged to apply.

Position Summary

The Information Security Officer plays an integral part in the development, implementation, and compliance of technical security across UNC Asheville. The officer is responsible for managing security risks related to information security, business continuity planning, crisis management, privacy, and compliance. In addition, the officer ensures all staff members are trained on enterprise and governmental security requirements through awareness programs.

In conjunction and in collaboration with other ITS systems and applications administrators, this position will assist in conducting network and information systems audits meant to identify, harden, and mitigate against potential and actual security threats in the form of scanning, monitoring, and testing the UNC Asheville network and systems for vulnerabilities. This position shall assist ITS management in ensuring the compliance of University systems to federal, state and local laws, rules and ordinances; will develop controls to enforce IT security policies and compliance; will advise on the development, documentation and maintenance of disaster recovery plans; and may review risk assessments and support cyber incident response plans.

The Information Security Officer should have knowledge and implementation experience of/with security tools including but not limited to: vulnerability scanning, prevention, penetration testing, firewall administration, etc. that are utilized to protect, prevent, and remediate IT security threats.


Bachelor’s degree in Computer Science, Computer Engineering or an Information Security degree or closely related field from an appropriately accredited institution; or Bachelor’s degree from an appropriately accredited institution and three years of progressive experience in IT Security or closely related area.


  • Bachelor’s degree in Computer Science, Computer Engineering, or Information Security: Master’s degree preferred
  • Professional experience in running the information security office analyzing and applying information security, risk management, and privacy practices
  • Strong decision-making capabilities, with a proven ability to weigh relative costs/benefits of potential actions and identify most appropriate options
  • Experience working in a higher education environment preferred
  • Consulting and general industry experience
  • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the University community

Skills and Abilities

  • A proven ability to analyze user department needs, make proactive recommendations to improve existing processes and identify where technology changes may reduce security risks
  • Knowledge and experience with the Banner SIS/ERP system, Windows, Linux, Oracle, Microsoft SQL Server, Cisco Networking and Firewalls, and web technologies are preferred
  • Knowledge of national and international regulatory compliances and frameworks such as ISO, SOX, GDPR, CCPA, HIPAA, and/or PCI D is preferred
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
  • Ability to respond to high pressure dynamic changing environments
  • Have the ability to work as a team member and exhibit the ability to advance technical skills

To apply for this job please visit