Job Summary 

This position is responsible for enforcing information security policies to protect the college's computer infrastructure, networks and data against cyber-attacks and internal threats. The primary functions of this position include monitoring cyber security threats and performing pre-established measures to mitigate impact of the threats.

Responsibilities and Duties (*Essential Functions)

To perform this job successfully, an individual must be able to perform the essential job functions satisfactorily.  Reasonable accommodations may be made to enable individuals with disabilities to perform the primary job functions herein described.  

*Assists in developing a comprehensive security program that assesses current security vulnerabilities and researches effective strategies for long-term protection of the institution's IT and data resources.
 
*Serves as primary point-of-contact in reviewing threats and vulnerabilities and ensuring servers and firewalls are properly configured and managed.
 
*Researches industry best practices to ensure appropriate products and standards are implemented to protect the college from vulnerabilities and unauthorized access.
 
*Responsible for ensuring threat and vulnerability incidents are reported, documented and resolved in accordance with established governance policies and procedures.
 
*Works directly with the System Administrators and IT Engineers to ensure server and PC workstation vulnerabilities are identified and mitigated.
 
*Responsible for monitoring of the College's security prevention and detection solutions, both internal systems and external, third-party services that provides protection for the college's network infrastructure and systems.
 
*Responsible for executing threat and vulnerability assessments and analyzing results in order to recommend strategies to certify the college's technical infrastructure and data are adequately protected from known/potential threats and vulnerabilities.
 
*Coordinates with other ITS staff to ensure servers and PC workstations are appropriately patched, vulnerabilities identified and mitigation strategies deployed.
 
*Assists the Senior Cyber Security Engineer in ensuring the department's disaster preparedness and business continuity plans are updated and accurate. Conducts business continuity scenario exercises with ITS staff to ensure preparedness.
 
*Serves a primary point of contact in emergency situations for information security threats. Responses are required during and after normal business hours to identify, assess and mitigate critical security issues.

Researches and coordinates compliance of security awareness training across the college's employees, faculty and students to comply with North Carolina Community Colleges Information Security Manual and Payment Card Institute's Data Security Standards.
 
Develops and executes cybersecurity simulations, tests and tabletop exercises.  Accumulates results and prepares briefings for review by ITS management including recommended actions.
 
Prepares briefing materials to present to ITS Department leadership concerning vulnerabilities, security exposures, risks and impact of each to the institution.
 
Develops and monitors processes for ensuring authorized access to college resources including permission violations and approving the revoking of permissions as needed.
 
Participates in departmental risk assessments, security reporting and incident management as established by state guidelines and internal policies.
 
Ensures compliance with a variety of information security standards including the NC Department of IT, General Data Protection Regulation (GDPR), National Institute of Technology's (NIST) Cyber Security Framework (CSF) standards and the Payment Card Institute (PCI) by implementing and managing security protocols within IT infrastructure, data protection and hardening of software applications.

Knowledge, Skills, and Abilities

Demonstrated experience in Internet and network security products and platforms, including intrusion detection, intrusion prevention, incident response, vulnerability assessments and penetration testing.

General understanding of industry standards and requirements for information security management, state and federal statutes and third-party security assessments.

Ability to work effectively with college leaders and IT engineering, operations, and support staff.

Demonstrated knowledge of information security alerts, threat trends, intrusion analysis, malware, anomalous behavior, forensic research and incident response protocols.

Strong analytical, project management and team-oriented interpersonal skills.

Proven ability to work under pressure in emergencies and communicate security-related concepts to technical and non-technical staff.