201 Highway 321 South
Dallas, North Carolina, 28034
Closes: Monday, March 27, 2023
Target Start Date
Expected Work Hours
MINIMUM EDUCATION QUALIFICATIONS
- Bachelor’s degree from a nationally accredited institution required.
MINIMUM EXPERIENCE QUALIFICATIONS
- Eight years of experience in an IT or related discipline with at least five years of experience in cyber-security or related IT information security position required.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and ability to work under pressure in emergencies and communicate cyber security and risk-related concepts to colleagues required.
- Strong leadership skills that incorporate organizational, analytical, decision-making, and team-building skills.
- Experience in developing information security policies, procedures, standards, and guidelines, and successfully executing cyber security programs required.
- Comprehensive understanding of industry standards and requirements for information security management, state and federal statues, and third-party security assessments.
- Demonstrated experience in internet and network security products and platforms, including intrusion detection, intrusion prevention, incident response, vulnerability assessments and penetration testing.
- Advanced knowledge of attack vectors, threat trends, mitigation strategies, intrusion analysis, malware analysis, anomalous behavior, and incident response protocols.
- Excellent knowledge of information security alerts, threat trends, intrusion analysis, malware, anomalous behavior, forensic research, and incident response protocols.
- Ability to work nights and weekends as needed to resolve security related issues.
- Eligibility to obtain and maintain a Division of Criminal Investigation (DCI) certification required. In addition to the standard background check, this position requires having a clear fingerprint-based criminal records search through the State Bureau of Investigation (SBI).
- Generally, works in a traditional climate-controlled office environment and requires the ability to sit for extended periods.
- Some walking, standing, and bending required, and the ability to lift and maneuver items weighing up to 25 pounds.
- Work environment can be stressful at times in dealing with a wide variety of challenges and deadlines.
- Master’s degree from a nationally accredited institution in Information Technology or related field preferred.
- At least one-year experience in higher education preferred.
- CISSP, CISM, CISA, and/or CEH certification preferred.
- Secure Access Service Edge (SASE) and/or Certified Cloud Security Professional (CCSP) certification preferred
OPEN UNTIL FILLED
*Competitive Salary Commensurate with Experience*
The National Security Agency has designated Gaston College a National Center of Academic Excellence in Cyber Defense. Institutions receiving this designation have met rigorous requirements established by the NSA and have a commitment to “producing cybersecurity professionals that will reduce vulnerabilities in our national infrastructure,” as per the Centers of Academic Excellence in Cybersecurity.
Reporting to the President, lead, guide, and direct the development and management of a comprehensive cyber security program as part of the College’s designation as a National Center of Academic Excellence in Cyber Defense. Ensures the confidentiality, integrity, and protection of the College’s information resources including the effectiveness of existing security measures, recommending improvements to mitigate associated risks, and implementing a long-term strategic plan to ensure ongoing operating efficiency and regulatory compliance.
DUTIES AND RESPONSIBILITIES
Chief Information Security Officer (CISO)
- Lead the development of a comprehensive cyber security program which includes assessing current security practices, procedures, and status and recommending effective policies and strategies for long-term protection of the College’s data resources and compliance with federal, state, and local regulations.
- Develop a cybersecurity architecture roadmap to identify security controls and assess appropriate technologies that will strengthen and enforce the College’s short and long-term security priorities.
- Develop, implement, and manage a comprehensive cyber security risk-based program to ensure the confidentiality, integrity, and availability of information assets, including the reporting of findings with appropriate mitigation strategies.
- Serve as expert advisor to senior leadership in the development, implementation, and maintenance of the College’s data to ensure best practices control objectives are achieved in protecting information assets.
- Advise senior leadership on cybersecurity issues, vulnerabilities, and overall security strategies and prepare and present briefing materials concerning security exposure, risks, and impact to the College.
- Lead the management of internal/external threats and vulnerability assessments including analysis and recommendations of risk mitigation strategies to certify that the College’s technical infrastructure and data are adequately protected from known and potential threats and vulnerabilities.
- Establish and implement incident management processes to effectively identify, respond, contain, and communicate suspected or confirmed incidents.
- Develop and maintain a metrics and reporting framework to measure the efficiency and effectiveness of cyber security programs.
- Lead the management of security prevention and detection solutions, including internal and external systems, to ensure adequate protection for the College’s network infrastructure and applications.
- Manage the college’s Cyber Security Center and prioritize mitigation based on risk and severity.
- Lead the development and execution of cybersecurity simulations, tests, and tabletop exercises. Present results to senior leadership with recommended actions.
- Ensure server and PC workstation vulnerabilities are identified and mitigated.
- Respond to emergency situations as needed, to identify, assess, and mitigate critical security issues.
- Lead information security awareness training for the College’s employees and students to comply with standards and regulations including the North Carolina Community College Information Security Manual and Payment Card Institute’s Data Security Standards.
- Research industry best practices to ensure appropriate products and standards are implemented to protect the College from vulnerabilities and unauthorized access.
- Coordinate the development of the information technology systems disaster preparedness and business continuity plans for resumption of critical services. Ensure plans are updated and cyber security related training and exercises are conducted to confirm preparedness.
- Ensure appropriate cyber security controls are integrated in software applications used by the College.
- Develop an information security budget and manage expenses including identification of any variances.
- Oversee processes for ensuring authorized access to college resources including permission violations and approving the revoking of permissions as needed.
- Ensure compliance with information security standards including the NC Department of IT, General Data Protection Regulation (GDPR), Gramm-Leach-Bliley Act (GLBA), National Institute of Technology’s (NIST), Cyber Security Framework (CSF) standards and the Payment Card Institute (PCI) by overseeing inclusion of security protocols with IT infrastructure, data protection, and hardening of software applications.
Executive Director - Cyber Security Center
- Obtaining new grants and maintaining the program grant governance,
- Meeting and maintaining all requirements and reporting for National Security Agency ("NSA") Center of Academic Excellence ("CAE") designation
- Coordinating efforts with the Assistant Director of the GC Cyber Center in curriculum offerings and CAE designation
- Developing and implementing continuing education offerings through the GC Cyber Center
- Representing GC in coordination/participation with the Carolina Cyber Network (CCN)
- Researching and investigating grants associated with the GC Cyber Center
- Maintain a high standard of professional and ethical practice in representing the College. Maintain confidentiality of relevant information. Demonstrate a thorough knowledge of the field or discipline with continued adherence to professional accountability. Establish and maintain effective working relationships and partnerships. Accept responsibility for managing situations and problems. Work cooperatively with team members and colleagues and contribute positively and constructively to the achievement of team and College objectives. Adhere to the College’s policies, procedures, and other established guidelines.
- Serve on various College committees as required.
- Perform other duties as assigned.
How to Apply
Job Post Contact