Security Administrator/Information Security Specialist

Description

Title: Security Administrator/Information Security Specialist

Position Number: 0097556T

Hiring Unit: Information Technology Services, OVPIT & CIO

Location: UH System Offices, Manoa Campus

Date Posted: May 15, 2026

Closing Date: June 7, 2026

Band: B

Salary : salary schedules and placement information

Full Time/Part Time: Full-time

Month: 11-month

Temporary/Permanent: Temporary

Duties and Responsibilities (* denotes essential functions):

• A member of the UH Information Security team, oversees, manages & maintains the UH information security data protection/compliance program. Serves as asecurity Governance, Risk, Compliance (GRC) Analyst.
• Responsible for compliance with external regulations/laws/standards such as but not limited to the DOD Cybersecurity Maturity Model Certification program, GDPR, PCI-DSS, HIPAA, FERPA, NIST 800-171, HRS 487N, HRS 92F & UH policies/procedures across the UH system.
• Performs compliance risk assessments. Provides reports on a regular basis & keep UH officers/senior leadership & functional groups informed of the operation and progress of compliance efforts.
• Identifies potential compliance vulnerabilities & risk; develops/implements corrective action plans for resolution of issues.
• Provides guidance to management & employees to ensure compliance & reduction/minimization of risk to the University including but not limited to: Provides technical advice, problem-solving assistance, and answers to questions regarding the information security program, compliance programs, policies, standards and procedures.
• Consults and collaborates with other departments (e.g. Legal, Internal Audit, HR, treasury, data governance, etc.) to direct compliance issues to appropriate channels for clarification, guidance, investigation, and resolution.
• Develops & revises policies/procedures of the compliance operation of the Information Security Program to maintain currency & relevance; integrate into existing policies/procedures; communicate changes & provide guidance to affected groups.
• Monitors the performance of the compliance programs and takes appropriate steps to improve its effectiveness.
• Responds to alleged violations of rules/regulations, policies/procedures & standards by evaluating or recommending the initiation of investigative procedures. Ensure compliance Issues are being appropriately evaluated, investigated & resolved.
• Ensures proper reporting of violations or potential violations to duly authorized enforcement agencies as appropriate and/or required.
• Develop an effective compliance training program for specific regulations as necessary for UH employees and conduct ongoing training. Incorporate into general information security awareness training as appropriate.
• Participates in security incident responses & investigations, including any emergency situations, and provides remediation support.
• Assists with analyses and investigations of reports of inappropriate use of technology and institutional/personal information, any alleged computer or network security compromises, and assists with the reporting and resolution of such incidents.
• Manage & monitor security hardware & applications in cooperation with Information Technology Services (ITS) staff.
• Monitors security threats, trends, technological developments and emerging practices in the IT industry and higher education.
• Participate in projects related to the evaluation and implementation of security-related technologies.
• Follows and implements directives and guidance related to best practices from University of Hawai'i System Information Technology Services.
• Ensures the consistent adoption, implementation, and enforcement of recommendations issued through University of Hawai'i System Information Technology Service.
• Keeps abreast of recommendations issued through University of Hawai'i System Information Technology Service, and takes timely action as needed.
• Continuously monitor and lead initiatives to enhance system reliability, security, and operational efficiency. Supervise and mentor IT staff to assure that administrative directives and industry best practices are understood and followed.
• Other duties as assigned.

Minimum Qualifications

• Possession of a pertinent baccalaureate educational degree in Computer Sciences or Information Security or related field and 5 years of progressively responsible professional information technology experience with responsibilities for Information Security, of which 2 years of the experience must have been comparable in scope and complexity to the next lower pay band in the University of Hawai'i broadband system; or any equivalent combination of education and/or professional work experience which provides the required education, knowledge, skills and abilities as indicated.
• Considerable working knowledge of Information Security as demonstrated by the broad knowledge and understanding of the full range of pertinent standard and evolving information technology concepts, principles and methodologies.
• Considerable working knowledge and understanding of the broad technology, systems, hardware and software associated with Information Security.
• Demonstrated ability to recognize a wide range of intricate problems, use reasoning and logic to determine accurate causes, and apply principles and practices to determine, evaluate, integrate, and implement practical and thorough solutions in an effective and timely manner.
• Proven ability to comprehend, interpret and implement administrative directives and guidance to ensure IT operations align with organizational standards and industry best practices.
• Demonstrated ability to interpret and present information and ideas clearly and accurately in writing, verbally and by preparation of reports and other materials.
• Demonstrated ability to establish and maintain effective working relationships with internal and external organizations, groups, team leaders and members, and individuals.
• If applicable, for supervisory work, demonstrated ability to lead subordinates, manage work priorities and projects, and manage employee relations.
• Strong understanding of IT service management, cybersecurity principles, risk management, and compliance requirements. Demonstrated experience implementing and maintaining IT best practices, standards, and governance.
• Considerable knowledge of information security related standards.
• Considerable knowledge of international, federal, state and local laws, rules, regulations related to information security, privacy and higher education.
• Considerable working knowledge of current information security technologies and tools.
• Considerable knowledge of establishing/managing a GRC program for a large, decentralized organization.
• Working knowledge of computer forensics and investigative techniques.
• Experience with systems, systems administration, and network hardware and administration.
• Demonstrated ability to develop effective training materials.
• Demonstrated ability to develop and conduct effective in-person training/workshops.
• Demonstrated ability to combine and apply skill sets from many areas of IT.
• Demonstrated ability to speak, read, comprehend, interpret and write fluently in English.
• Demonstrated ability to establish and maintain effective working relationships in a positive, service-oriented manner with others.
• Demonstrated ability to work cooperatively with leadership, supervisor, project staff, and customers in a team environment to accomplish tasks and meet deadlines.
• Demonstrated ability to understand and follow oral and written instructions and documentation, write reports and procedures, and communicate effectively in a variety of situations.
• Demonstrated ability to learn and apply new technologies independently and in a timely manner using books, manuals, online research, and other resources.
• Working knowledge of common Internet protocols (such as TCP/IP) and applications.
• Working knowledge of one or more programming or scripting language.
• Ability to manage multiple projects.
• Ability to travel out-of-state.
• Ability to work a variable work schedule; and work outside normally scheduled work hours including day, night, weekend and/or holiday hours as directed.

Desirable Qualifications

• Certifications related to the information security area (e.g. CISSP, GIAC/GSEC, CISM, etc.)
• Working knowledge of configuring and implementing technical security solutions.
• Ability to supervise student employees.
• Prior cybersecurity experience in or with higher education.
• Masters or PhD in a related field.

To Apply:

.

Note: If you have not previously applied for a position using NeoGov, you will need to create an account.

Applicants must submit the following:

• Cover letter to the selection committee indicating interest in the position and how the minimum and desirable qualifications are met,
• Resume,
• The names and contact information (telephone number and email addresses) of at least three (3) professional references, and
• Copies of educational transcripts are acceptable; however, original official transcripts will be required at time of hire. Diplomas and copies will NOT be accepted. Transcripts issued from an institution outside of the United States of America (USA) require a course-by-course analysis with an equivalency statement from an agency having membership with the National Association of Credential Evaluation Services, Inc., verifying the degree equivalency to that of an accredited institution within the USA. Expense of the evaluation shall be borne by the applicant.

Late or incomplete applications will not be considered. The application will be considered incomplete if any of the required documents/materials are not included or are unreadable.

Please redact references to social security numbers and birthdate on submitted documents.

Employment may be contingent on verification of credentials and other background information, including the completion of a criminal history check.

Inquiries:

EEO, Clery Act, ADA