×

Please log in to continue...

Login

Security Compliance Engineer

Position Title

Security Compliance Engineer

The Opportunity

The Security Compliance Engineer will evaluate existing and emerging control requirements for information security components of regulation, compliance, framework against the Colorado School of Mines environment and lead the scoping, evaluation, and mitigation efforts for audit activities. This position will work with the information security team, Information and Technology Solutions (ITS), and external business units, to analyze, document, and implement policies, procedures, and configurations to meet compliance needs and address audit findings. The position will administer and optimize the vulnerability management and security training and awareness programs at Mines to ensure accurate and actionable output. The Security Compliance Engineer will perform a secondary role of operational system administration, service request support, and incident response support for security tools and services.

Responsibilities

Compliance Administration
Regulation, Compliance, and Framework

  • Performs comparative evaluation of information security posture, policies, procedures, configurations, and documentation against controls requirements in context of Mines business needs.
  • Translates evaluation into actionable and documented change to policy, procedure, and configuration. Collaborates with ITS staff and Mines business units to integrate and execute required changes to meet needs.
  • Collaborate with Mines Privacy/Compliance/Risk department to incorporate and execute information security components for organizational level efforts.

Audit

  • With guidance from leadership and input from peers in ITS and internal business units, acts as lead for information security components of voluntary and mandatory audit efforts to include scoping, evidence artifact collection, reports and findings evaluation, mitigation plans and requisite actions.

3 rd Party Data Processor

  • Evaluates, documents, and provides actionable insight regarding terms and conditions in context of engagements or deployments as they pertain the information security components of regulation, compliance, and framework concerning the transfer, processing, or control of Mine’s data with a 3 rd party data processor.

Documentation

  • Evaluates and updates documentation, including policies and procedures, to determine and maintain currency regarding information security related aspects of regulation, compliance, framework, and audit.
  • Primarily responsible for the onboarding and maintenance of documentation and evidence for tracking and reporting in Mines governance risk and compliance (GRC) tools

Security Awareness

  • Continuously develop and optimize the information security training and awareness initiative at Mines through the evaluation of phishing and training platform analytics and emerging industry trends.
  • Collaborate with peers to implement system configuration changes and communications to proactively optimize the efficacy of training and awareness efforts at Mines using a data driven approach.
  • Develop and maintain dashboards and reports which identify areas for continuous improvement, or areas of opportunity for improvement.

Vulnerability Program

  • Continuously optimize the vulnerability management program at Mines.
  • Collaborate with peers to ensure that systems are properly configured and produce accurate and actionable outputs.
  • Maintain notification and mitigation assignments, monitor mitigating actions, and escalate in the event of a lack of response to notifications.

Tier 3 Service Desk Support

  • Utilize an ITIL-based support structure to provide friendly, fast, and accurate responses to incidents and change requests.
  • Fulfill the tier 3 support role for information security related tickets.

Forensics and Incident Response Support

  • Provide incident management, investigation, containment, eradication, and recovery support as needed for alerts or events identified by Mines’ MDR provider, or tier 1 and 2 security personnel. This support may include any phase of incident support.
  • Be available outside business hours to support emergency incident response.
  • Support incident planning including incident preparation, identification, containment, eradication, and recovery plans.

Minimum Qualifications

Education and Experience:

  • Bachelor’s degree in Computer Science, Engineering, or other related field. Individuals without a degree, or a degree within these fields, may be considered if they demonstrate possession of substantially the same knowledge level as found in a degree but have attained advanced knowledge through a combination of work experience and intellectual instruction.
  • 3+ years of experience working in the field of information technology system administration.
  • 1+ years of experience working in the field of Information Security.
  • Previous experience supporting at least 4 of the following, related to information security:
    • Audit
    • Regulation
    • Compliance
    • Security framework
    • Vulnerability management
    • Security training and awareness
    • GRC or compliance program management platforms

Knowledge, Skills, and Abilities:

  • Excellent written and verbal communication skills.
  • Excellent critical thinking and decision-making capabilities.
  • Ability to work autonomously within boundaries of established goals and objectives.
  • Knowledge and experience with at least one common diagraming tool such as Visio or Lucidchart.
  • Ability to work effectively as part of a cross-functional collaborative problem-solving or design team.
  • Ability to work effectively on multiple projects and priorities at the same time.
  • Previous work experience using an IT ticketing system.

Preferred Qualifications

Education and Experience:

  • Master’s degree in information security or a related field.
  • Experience in higher education.
  • Demonstrable experience in one or more of the following:
    • FERPA
    • CMMC
    • CIS CSC
    • NIST 171
    • NIST CSF
    • NIST 800-53
    • GLBA
    • PCI
    • FedRamp
  • Experience with one or more of the following platforms:
    • Knowbe4
    • Rapid7 InsightVM
    • MetricStream
    • FutureFeed

Certifications and Licenses:

  • Security certification including CISSP, CRISC, CGRC, or equivalent level of certification.

About Mines & Golden, CO

When the world looks for answers, the world looks to Mines.
Colorado School of Mines is a top-ranked public university solving the grand challenges facing our society, particularly those related to the Earth, energy and the environment. Founded in 1874 with specialties in mining and metallurgy, Mines’ scope and mission have continually expanded to meet the needs of industry and society. Today, we are the No. 38 public university in the nation, recognized for our innovation and undergraduate teaching in science, technology engineering and math (U.S. News and World Report, 2023).
Mines graduates are change makers, boundary breakers and problem solvers. Since our earliest days, a Mines education has been and continues to be a transformational opportunity, with one of the strongest returns on investment out there for talented STEM students of all backgrounds.
At the same time, Mines faculty members are pushing their fields in new directions, whether that’s manufacturing, space resources, quantum engineering, carbon capture or more. Mines was recently classified as a R1 “Very High Activity” research institution by Carnegie, a notable feat for any university but particularly one of our size.
That size – roughly 7,000 undergraduate and graduate students – also translates to a close-knit campus community, where employees have opportunities to get involved in multiple ways, continued professional learning is valued and everyone can make an impact.
Community Alliance groups bring together employees for professional development, networking, cultural awareness and community involvement, and all Mines employees also have access to the wealth of activities happening every day on campus – nationally-renowned speakers, special events and Mines traditions like Engineering Days, just to name a few.
And don’t get us started on our hometown. We are located in the heart of Golden, Colorado –with its charming historic downtown and nearby hiking trails – and in close proximity to all that Denver and the Rocky Mountains have to offer. That includes the sunny, high-altitude climate and outstanding outdoor recreation opportunities that make the Denver area an ideal place to live, work and play.
Are you looking for an inspiring, mission-driven workplace where you can contribute to solving the world’s problems and educating the next generation of change makers? Are you an individual who values a diverse and inclusive community, where our different perspectives, experiences and cultures enrich the educational and work experience?
Look to Mines.

Equal Opportunity

Colorado School of Mines is committed to equal opportunity for all persons. Mines does not discriminate on the basis of age, sex, gender (including gender identity and gender expression), ancestry, creed, marital status, race, ethnicity, religion, national origin, disability, sexual orientation, genetic information, veteran status or current military service. Further, Mines does not retaliate against community members for filing complaints regarding or implicating any of these protected statuses.
Mines’ commitment to nondiscrimination, affirmative action, equal opportunity and equal access is reflected in the administration of its policies, procedures, programs and activities and in its efforts to achieve a diverse student body and workforce.
Through its policies, procedures and resources, Mines complies with federal law, Colorado state law, administrative regulations, executive orders and other legal requirements to prevent discrimination (including harassment or retaliation) within the Mines campus community and to address potential allegations of inequity or concerns for safety.

Pay Range

$92000 – $112,500
Mines takes into consideration a combination of candidate’s education, training and experience as well as the position’s scope and complexity, the discretion and latitude required in the role, work location, and external market and internal value when determining a salary level for potential new employees.

Total Rewards

Colorado School of Mines offers a robust portfolio of benefits for all employees. For this role, that includes:

  • Fully paid health and dental premiums
  • Generous sick/vacation time: 13 paid holidays per year – including a week-long winter break for entire campus.
  • Fully vested retirement plan on first day of employment, with generous employer contribution
  • Tuition benefits (6 credits per year for employees, 50 percent discount for dependents)
  • Free RTD Ecopass

All Mines employees also have access to discount programs through the State of Colorado and free tickets for Mines Athletics home games, as well as access to the on-campus Recreation Center (fitness classes and training, swimming pool and more), equipment rentals through the Outdoor Rec Center, the Colorado State Employee Assistance Program (CSEAP), and backup child and elder care. Coming soon is an on-campus daycare center. For more information about benefits at Mines, go to mines.edu/human-resources/benefits .

Job Category
Job Type
Salary
Country
City
Career Level
Company
JOB SOURCE