Information Security Officer (On-Site) - Herkimer College

Job Description:

Herkimer College seeks qualified applicants for a full-time Information Security Officer.

The IT Information Security Officer will be responsible for overseeing information security/cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks. This individual will be an integral part of the Information Technology organization reporting directly to the Information Technology Director to help improve and communicate the maturity levels of information security, state of cybersecurity and IT risk practices across the College. Works closely with various technical functional departments, analyzing user Information security needs and developing solutions to meet the users' requirements. The successful candidate will have advanced communication skills, as well as the ability to simplify complex security technology concepts, and to plan, prioritize and seamlessly integrate all parts to deploy successful security solutions.

MAJOR RESPONSIBILITIES:

A. Coordinates the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes, and procedures in compliance with local, state, and federal regulations and standards for the College information systems.

B. Develops and manages the frameworks, processes, tools, and consultancy necessary for IT to properly manage risk and to make risk-based decisions related to IT activities.

C. Proactively identifies and mitigates IT risks as well as responding to observations identified by third party auditors or examiners while assisting in the development of periodic reports and dashboards presenting the level of controls compliance and current IT risk posture.

D. Facilitates information systems security management education and training in regulatory and industry standards for all college employees and students.

E. Monitors computer networks and systems for security issues.

F. Performs penetration testing and vulnerability assessments.

G. Remediates security vulnerabilities to maintain a high-security posture.

H. Maintains systems integrity, security, and patch management proactively.

I. Investigates security breaches and other cybersecurity incidents.

J. Documents any security incident and assessing their damage.

K. Maintains up to date knowledge and skill on current information security technology systems and solutions.

L. Provides 24/7 support for all critical applications and systems.

M. All other duties as assigned.

Requirements:

EXPERIENCE AND EDUCATIONAL BACKGROUND:

• Bachelor's degree or equivalent in Information Security / Cybersecurity, a minimum of 7 years work experience in Information Security / Cybersecurity work. Prefer Master's Degree or equivalent.

• Possess Certified Information Systems Security Professional (CISSP), SANS GIAC, Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), or equivalent.

• Experience in risk, compliance, and information security policy development.

• Knowledge and understanding of higher education, governmental agency or corporate/industry information security, governance, risk and compliance practices and standards.

• Knowledge of laws and regulations including but not limited to: Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability Accountability Act (HIPAA), Gramm-Leach-Bliley (GLB) Act, Sarbanes-Oxley, and Payment Card Industry Data Security Standard (PCI DSS).

• Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as (NIST, ITIL).

• General knowledge of information security regulatory requirements and standards such as ISO 27001/2, SANS top 20 and NIST 800-53, 800-171.

• Ability to ensure Information Security standards and parameters for any systems on the campus network.

• Ability to conduct security assessment, penetration testing, and provide recommendations and remediations to enhance security posture.

• Experience with Unix/Linux/Windows operating systems.

• Experience with PowerShell, Bash, Python scripting.

• Experience with developing and maintaining process automation.

• Experience with vulnerability management, incident response, log collection and correlation.

• Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts.

• Ability to identify and mitigate network vulnerabilities and explain how to avoid them.

• Experience with cloud security tools.

• Experience with automating and orchestrating information security.

• Experience with writing technical specifications.

• Experience with project planning and management.

• Ability to work independently and direct others.

• Ability and motivation to stay current on and learn technology related to the position.

• Excellent verbal communication, problem solving and organizational skills.

• Ability to handle multiple projects simultaneously.

Additional Information:

THIS IS AN ON-SITE POSITION (NOT REMOTE),

Application Instructions:

In order to be considered for this position, you must submit your credentials online. Create an account by clicking on the APPLY NOW tab. You will be able to upload the following documents, which are required for consideration:

• Resume/cv

• Cover Letter

Once your account is established, you may login at any time to review your completed application or upload additional documents. You will receive an acknowledgement indicating your application materials have been received.

See the FAQ for using our online system. Please contact us if you need assistance applying through this website.