~READVERTISEMENT – PREVIOUS APPLICANTS NEED NOT REAPPLY~
~THIS POSITION IS EXEMPT FROM THE STATE HUMAN RESOURCES ACT (EPA) per GS 115D-3~

The mission of the North Carolina Community College System is to open the door to high-quality, accessible educational opportunities that minimize barriers to post-secondary education, maximize student success, develop a globally and multi-culturally competent workforce, and improve the lives and well-being of individuals by providing: 

• Education, training and retraining for the workforce including basic skills and literacy education, occupational and pre-baccalaureate programs. 
• Support for economic development through services to and in partnership with business and industry and in collaboration with the University of North Carolina System and private colleges and universities. 
• Services to communities and individuals which improve the quality of life. 

The NCCCS is comprised of 58 community colleges serving 100 North Carolina counties and supported by the System Office located in Raleigh, NC.  

This position reports to the Chief Information Security Officer (CISO) and is a member of the Information Security Office for the NCCCS System Office. The Information Security Office team is a security advisory team and assists in the prevention and response to cyberattacks, leveraging common security frameworks in collaboration with all community colleges for the benefit of students, employees, institutions, and citizens.

These ISO positions have an emphasis on cloud and infrastructure security along with the cybersecurity duties and responsibilities below.

Key areas of responsibility include, but are not limited to:

• Provide strategic and tactical cybersecurity leadership and counsel to the college CIO/IT leadership and key members of the college executive leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for a continuous improvement model for information technology security, while building relationships and goodwill.
• Provide technical leadership as the subject matter thought leader who has experience working on various cloud solutions utilized by the colleges including, but not limited to Microsoft Azure, Office 365, AWS and Google G-Suite platforms.
• Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire institution in support of academic and administrative information systems and technology. Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements based on system-wide policies and standards.
• Support education and awareness programs and advise on security issues, best practices, and vulnerabilities.
• Stay abreast of information security issues and regulatory changes affecting higher education at the system, state, and national level.
• Work with college leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the college to effectively address state and federal statutory and regulatory requirements. Develop and support a strategy for cohesively dealing with audits, compliance checks and external assessment processes for internal / external auditors, FERPA, PCI, HIPAA, FSA, GLBA, NIST 800-53/800-171 and other applicable standards.
• Support response to security incidents and act as the liaison to system and state resources, as needed, during significant information security incidents. Participate in Security Incident Response Teams (SIRT) as needed, or requested, in addressing and investigating security incidents.
• Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.

KNOWLEDGE/SKILLS/AND ABILITIES:

The Knowledge, Skills and Abilities listed below, along with the Minimum Education and Experience requirements, are REQUIRED to qualify for this position.  We will not review resumes in lieu of Experience and Education listed on the application.

To qualify for this position, applicants must document on the application that they possess ALL of the following:

• Demonstrated knowledge of cloud environments such as AWS, Azure or Google G-Suite.
• Demonstrated ability in problem solving, process improvement, and Project Management skills.
• Working knowledge of deploying, operating, and maintaining Enterprise and/or Local Information Security programs and controls.
• In-depth knowledge in the following information security areas: Security Governance and Management, Security Frameworks, Policies, and procedures, and Federal, State Privacy Laws and regulatory guidelines including FERPA, HIPPA, PCI-DSS, NIST 800-53/800-171 and the CIS Controls.
• Experience in risk management including vulnerability assessment, control assessment, likelihood determination and risk prioritization and demonstrated ability to conduct risk assessments, audits, and reviews.
• Demonstrated knowledge of network architecture and concepts, application architecture, and interoperability of these architectures with one another Network Protocols, Routers, and Switches skills.
• Understanding of computer and network forensics, system and network security, incident management, intrusion detection, vulnerability and patch management, log analysis, and related technologies.
• Demonstrated ability to work well on collaborative, cross-functional teams. Solid interpersonal skills with ability to work effectively with people of all levels of information technology expertise with a wide range of constituencies and organizational relationships.
• Excellent communication skills; interpersonal, organizational, and analytical skills, written and verbal communications and experience with management presentations.

PREFERENCES:

Ideal candidates will have higher education or public sector experience.

To receive credit for your work experience and credentials, you must document on your application that you possess all the following: 

• Knowledge of and experience with Federal cybersecurity regulations, standards, and frameworks (e.g.: NIST, CIS Controls, or ISO)
• Knowledge of and experience applying security control requirements for information security standards (e.g.: FERPA, HIPAA, PCI DSS, FSA, GLBA, or other federal compliance requirements)
• Demonstrated project management experience with cyber security program management, cyber exercise planning, incident response and monitoring, and security vulnerability/patch management
• Demonstrated supervisory experience leading a technical team in developing and transitioning cybersecurity capabilities
• Active security certification(s) (e.g.: CISSP, CCSP, CISM, GCSA, CEH, GCIA, GCIH, SANS)