Will vary based on candidate selection, Various Colleges, North Carolina
Closes: Friday, September 30, 2022
Target Start Date
Expected Work Hours
Bachelor's degree in computer science or a related IT field or related degree from an appropriately accredited institution and three years of progressive experience in IT security or closely related area including two years of supervisory experience; or Associate degree in computer science or a related IT field or related degree from an appropriately accredited institution and four years of progressive experience in IT security or closely related area which includes two years supervisory experience; or an equivalent combination of education and experience.
~THIS POSITION IS FOR MULTIPLE VACANCIES~
~THIS POSITION IS EXEMPT FROM THE STATE HUMAN RESOURCES ACT (EPA) per GS 115D-3~
DESCRIPTION OF WORK: The mission of the North Carolina Community College System is to open the door to high-quality, accessible educational opportunities that minimize barriers to post-secondary education, maximize student success, develop a globally and multi-culturally competent workforce, and improve the lives and well-being of individuals by providing:
- Education, training and retraining for the workforce including basic skills and literacy education, occupational and pre-baccalaureate programs.
- Support for economic development through services to and in partnership with business and industry and in collaboration with the University of North Carolina System and private colleges and universities.
- Services to communities and individuals which improve the quality of life.
The NCCCS is comprised of 58 community colleges serving 100 North Carolina counties and supported by the System Office located in Raleigh, NC.
This position reports to the Chief Information Security Officer (CISO) and is a member of the Information Security Office for the NCCCS System Office. The Information Security Office team is a security advisory team and assists in the prevention and response to cyberattacks, leveraging common security frameworks in collaboration with all community colleges for the benefit of students, employees, institutions, and citizens.
These ISO positions have an emphasis on cloud and infrastructure security along with the cybersecurity duties and responsibilities below.
Key areas of responsibility include, but are not limited to:
- Provide strategic and tactical cybersecurity leadership and counsel to the college CIO/IT leadership and key members of the college executive leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for a continuous improvement model for information technology security, while building relationships and goodwill.
- Provide technical leadership as the subject matter thought leader who has experience working on various cloud solutions utilized by the colleges including, but not limited to Microsoft Azure, Office 365, AWS and Google G-Suite platforms.
- Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire institution in support of academic and administrative information systems and technology. Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements based on system-wide policies and standards.
- Support education and awareness programs and advise on security issues, best practices, and vulnerabilities.
- Stay abreast of information security issues and regulatory changes affecting higher education at the system, state, and national level.
- Work with college leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the college to effectively address state and federal statutory and regulatory requirements. Develop and support a strategy for cohesively dealing with audits, compliance checks and external assessment processes for internal / external auditors, FERPA, PCI, HIPAA, FSA, GLBA, NIST 800-53/800-171 and other applicable standards.
- Support response to security incidents and act as the liaison to system and state resources, as needed, during significant information security incidents. Participate in Security Incident Response Teams (SIRT) as needed, or requested, in addressing and investigating security incidents.
- Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
The Knowledge, Skills and Abilities listed below, along with the Minimum Education and Experience requirements, are REQUIRED to qualify for this position. We will not review resumes in lieu of Experience and Education listed on the application.
To qualify for this position, applicants must document on the application that they possess ALL of the following:
- Demonstrated knowledge of cloud environments such as AWS, Azure or Google G-Suite.
- Demonstrated ability in problem solving, process improvement, and Project Management skills.
- Working knowledge of deploying, operating, and maintaining Enterprise and/or Local Information Security programs and controls.
- In-depth knowledge in the following information security areas: Security Governance and Management, Security Frameworks, Policies, and procedures, and Federal, State Privacy Laws and regulatory guidelines including FERPA, HIPPA, PCI-DSS, NIST 800-53/800-171 and the CIS Controls.
- Experience in risk management including vulnerability assessment, control assessment, likelihood determination and risk prioritization and demonstrated ability to conduct risk assessments, audits, and reviews.
- Demonstrated knowledge of network architecture and concepts, application architecture, and interoperability of these architectures with one another Network Protocols, Routers, and Switches skills.
- Understanding of computer and network forensics, system and network security, incident management, intrusion detection, vulnerability and patch management, log analysis, and related technologies.
- Demonstrated ability to work well on collaborative, cross-functional teams. Solid interpersonal skills with ability to work effectively with people of all levels of information technology expertise with a wide range of constituencies and organizational relationships.
- Excellent communication skills; interpersonal, organizational, and analytical skills, written and verbal communications and experience with management presentations.
Ideal candidates will have higher education or public sector experience.
To receive credit for your work experience and credentials, you must document on your application that you possess all the following:
- Knowledge of and experience with Federal cybersecurity regulations, standards, and frameworks (e.g.: NIST, CIS Controls, or ISO)
- Knowledge of and experience applying security control requirements for information security standards (e.g.: FERPA, HIPAA, PCI DSS, FSA, GLBA, or other federal compliance requirements)
- Demonstrated project management experience with cyber security program management, cyber exercise planning, incident response and monitoring, and security vulnerability/patch management
- Demonstrated supervisory experience leading a technical team in developing and transitioning cybersecurity capabilities
- Active security certification(s) (e.g.: CISSP, CCSP, CISM, GCSA, CEH, GCIA, GCIH, SANS)
How to Apply
STATE EMPLOYEE COMPENSATION & BENEFITS: We value our employees and offer a wide variety of competitive and family-friendly benefits. The state of North Carolina offers excellent comprehensive benefits. Employees can participate in health insurance options, standard and supplemental retirement plans, and the NCFlex program (numerous high-quality, low-cost benefits on a pre-tax basis). Employees also receive paid vacation, sick, and community service leave. In addition, paid parental leave, and personal observance is available to eligible employees. Some highlights include:
- The best-funded pension plan/retirement system in the nation according to Moody’s Investor’s Service
- Twelve (12) holidays/year
- Fourteen (14) vacation days/year which increase as the length of service increases and accumulate year-to-year
- Twelve (12) sick days/year which is cumulative indefinitely
- Longevity pays lump sum payout yearly (based on length of service beginning 10 years and up)
- 401K, 457, and 403(b) plans
Learn more about employee perks/benefits:
The North Carolina Community College System Office uses the Merit-Based Recruitment and Selection Plan to fill positions SUBJECT to the State Human Resources Act with the most qualified applicants. When a salary range or recruitment range is posted, the actual salary will be based on relevant competencies, knowledge, skills and abilities, internal equity, and budgetary considerations pertinent to the advertised position. All post-high school degrees must be from appropriately accredited institutions.
Individuals interested in applying for this position must complete the online process at https://www.nc.gov/jobs, Résumés will not be accepted in lieu of the application. Work history and credentials must appear on the application to receive consideration during the selection process.
Job Post Contact
CAROLE COX-CARROLL, RECRUITMENT ADMINISTRATOR
North Carolina Community College System
Human Resources | Caswell Building
5001 Mail Service Center | Raleigh, NC 27699-5001
Phone: (919) 807-7177 | Fax: (919) 807-7222