Southern Wake Campus
9101 Fayetteville Road
Raleigh, NC 27603
Closes: Friday, August 14, 2020
Target Start Date
Expected Work Hours
Four years' experience in an IT related discipline with at least 2 years cyber-security or related IT information security role.
Ability to work nights and weekends as needed to resolve security related issues.
Master's degree in Cyber-Security or related field.
CISSP, CISM or CEH certification.
PMITS, PMP or CAPM certification.
One or more years' experience in higher education.
This position is responsible for establishing and enforcing information security policies to protect the college's computer infrastructure, networks and data against cyber-attacks and internal threats. The primary functions of this position includes validating the effectiveness of existing security measures and developing an overall strategy to ensure the college's long-term operating efficiency and regulatory compliance.
Responsibilities and Duties (*Essential Functions)
To perform this job successfully, an individual must be able to perform the essential job functions satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary job functions herein described.
*Develops a comprehensive security program specific to the college that assesses current security posture and recommends effective policies and strategies for long-term protection of the institution's data resources and compliance with federal, state and local regulations.
*Advises the CIO and senior ITS leadership on all cybersecurity issues, vulnerabilities and overall security strategies.
*Performs a leading role in overseeing cyber security threats, penetration tests and other vulnerabilities including managing the College's mitigation responses.
*Collaborates with ITS engineers to ensure all wide and local network components are properly configured and protected from cyber threats.
*Coordinates with application development staff to ensure appropriate information security controls are integrated in software applications used by the College.
*Researches industry best practices to ensure appropriate products and standards are implemented to protect the college from vulnerabilities and unauthorized access.
*Leads and oversees incident response initiatives ensuring all incidents are reported, documented and resolved in accordance with governance policies and procedures.
*Manages security prevention and detection solutions, including internal and external systems, to ensure adequate protection for the college's network infrastructure and applications.
*Coordinates the execution of internal/external threat and vulnerability assessments. Oversees analysis of assessment results and recommends risk mitigation strategies to certify the college's technical infrastructure and data are adequately protected from known and potential threats and vulnerabilities.
*Responsible for the department's disaster preparedness and business continuity plans for resumption of critical ITS services. Coordinates with all areas of ITS to ensure plans are updated and exercises are conducted to ensure preparedness.
*Ensures server and PC workstation vulnerabilities are identified and mitigated.
*Responds to emergency situations as needed, during and after normal business hours, to identify, assess and mitigate critical security issues.
Oversees compliance of security awareness training across the college's employees, faculty and students to comply with North Carolina Community Colleges Information Security Manual and Payment Card Institute's Data Security Standards.
Oversees the development and execution of cybersecurity simulations, tests and tabletop exercises. Presents results to CIO and ITS senior leadership with recommended actions.
Prepares briefing materials to present to college leadership concerning vulnerabilities, security exposures, risks and impact of each to the institution.
Oversees processes for ensuring authorized access to college resources including permission violations and approving the revoking of permissions as needed.
Manages departmental risk assessments, security reporting and incident management as established by state guidelines and internal policies.
Ensures compliance with information security standards including the NC Department of IT, General Data Protection Regulation (GDPR), Gramm-Leach-Bliley Act (GLBA), National Institute of Technology's (NIST) Cyber Security Framework (CSF) standards and the Payment Card Institute (PCI) by overseeing inclusion of security protocols within IT infrastructure, data protection and hardening of software applications.
Knowledge, Skills, and Abilities
Demonstrated experience in Internet and network security products and platforms, including intrusion detection, intrusion prevention, incident response, vulnerability assessments and penetration testing.
Comprehensive understanding of industry standards and requirements for information security management, state and federal statutes and third-party security assessments.
Strong leadership skills and ability to work effectively with college leaders and IT engineering, operations, and support staff.
Excellent knowledge of information security alerts, threat trends, intrusion analysis, malware, anomalous behavior, forensic research and incident response protocols.
Strong analytical, project management and team-oriented interpersonal skills.
Experience developing departmental policies, procedures, standards and guidelines.
Proven ability to work under pressure in emergencies and communicate security-related concepts to technical and non-technical staff.