Position Description

This position is responsible for establishing and enforcing information security policies to protect the college's computer infrastructure, networks and data against cyber-attacks and internal threats. The primary functions of this position includes validating the effectiveness of existing security measures and developing an overall strategy to ensure the college's long-term operating efficiency and regulatory compliance. 

Responsibilities and Duties (*Essential Functions)

To perform this job successfully, an individual must be able to perform the essential job functions satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary job functions herein described.

*Responsible for developing a comprehensive security program specific to the college that assesses current security vulnerabilities and recommends effective strategies for long-term protection of the institution's IT and data resources.
 
*Serves as primary point-of-contact in reviewing threats and vulnerabilities and ensuring servers and firewalls are properly configured and managed.
 
*Researches industry best practices to ensure appropriate products and standards are implemented to protect the college from vulnerabilities and unauthorized access.
 
*Provides leadership and oversight on incident response initiatives ensuring all incidents are reported, documented and resolved in accordance with governance policies and procedures.
 
*Responsible for the management, design, and support of security prevention and detection system solutions that ensure adequate protection for the college's network infrastructure and systems.
 
*Responsible for the execution of threat and vulnerability assessments and analyzing results to make recommendations for risk mitigation strategies to certify the college's technical infrastructure and data are adequately protected from known/potential threats and vulnerabilities.
 
*Responds to emergency situations as needed to resolve critical security issues.
  
*Manages and coordinates disaster preparedness and recovery plans for resumption of critical ITS services.

Oversees compliance of security awareness training across the college's employees, faculty and students to comply with North Carolina Community Colleges Information Security Manual and Payment Card Institute's Data Security Standards.
 
Works directly with the System Administrators and IT Engineers to ensure server vulnerabilities are identified and mitigated.
 
Prepares briefing materials to present to college leadership concerning vulnerabilities, security exposures, risks and impact of each to the institution.
 
Oversees processes for ensuring authorized access to college resources including permission violations and approving the revoking of permissions as needed.
 
Manages departmental risk assessments, security reporting and incident management as established by state guidelines and internal policies.
 
Ensure compliance with a variety of information security standards including the NC Department of IT, General Data Protection Regulation (GDPR), National Institute of Technology's (NIST) Cyber Security Framework (CSF) standards and the Payment Card Institute (PCI) by overseeing inclusion of security protocols within IT infrastructure, data protection and hardening of software applications.
 
Completes an applied benchmarking project on annual basis 

Qualifications

Knowledge, Skills, and Abilities

Demonstrated experience in Internet and network security products and platforms, including intrusion detection, intrusion prevention, incident response, vulnerability assessments and penetration testing.
 
Comprehensive understanding of industry standards and requirements for information security management, state and federal statutes and third-party security assessments.
 
Strong leadership skills and ability to work effectively with college leaders and IT engineering, operations, and support staff.
 
Excellent knowledge of information security alerts, threat trends, intrusion analysis, malware, anomalous behavior, forensic research and incident response protocols.
 
Strong analytical, project management and team-oriented interpersonal skills.
 
Experience developing departmental policies, procedures, standards and guidelines.
 
Proven ability to work under pressure in emergencies and communicate security-related concepts to technical and non-technical staff.