Cyber Security Engineer

Pay Grade: Professional 9

This position is responsible for establishing and enforcing information security policies to protect the college's computer infrastructure, networks and data against cyber-attacks and internal threats. The primary functions of this position includes validating the effectiveness of existing security measures and developing an overall strategy to ensure the college's long-term operating efficiency and regulatory compliance. 
 

To perform this job successfully, an individual must be able to perform the essential job functions satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary job functions herein described.

*Responsible for developing a comprehensive security program specific to the college that assesses current security vulnerabilities and recommends effective strategies for long-term protection of the institution's IT and data resources.
 
*Oversees the college's Managed Security Service Provider (MSSP) including serving as primary point-of-contact in reviewing threats and vulnerabilities and ensuring servers and firewalls are properly configured and managed.
 
*Researches industry best practices to ensure appropriate products and standards are implemented to protect the college from vulnerabilities and unauthorized access.
 
*Provides leadership and oversight on incident response initiatives ensuring all incidents are reported, documented and resolved in collaboration with the MSSP and are in accordance with governance policies and procedures.
 
*Designs, develops or recommends security prevention and detection system solutions that ensure adequate protection for the college's network infrastructure and systems.
 
*Responsible for the execution of threat and vulnerability assessments and analyzing results to make recommendations for risk mitigation strategies to certify the college's technical infrastructure and data are adequately protected from known/potential threats and vulnerabilities.
 
*Responds to emergency situations as needed to resolve critical security issues.
  
*Manages and coordinates disaster preparedness and recovery plans for resumption of critical ITS services.

Oversees compliance of security awareness training across the college's employees, faculty and students to comply with North Carolina Community Colleges Information Security Manual and Payment Card Institute's Data Security Standards.
 
Works directly with the System Administrators and IT Engineers to ensure server vulnerabilities are identified and mitigated.
 
Prepares briefing materials to present to college leadership concerning vulnerabilities, security exposures, risks and impact of each to the institution.
 
Oversees processes for ensuring authorized access to college resources including permission violations and approving the revoking of permissions as needed.
 
Manages departmental risk assessments, security reporting and incident management as established by state guidelines and internal policies.
 
Ensure compliance with a variety of information security standards including the NC Department of IT, General Data Protection Regulation (GDPR), National Institute of Technology's (NIST) Cyber Security Framework (CSF) standards and the Payment Card Institute (PCI) by overseeing inclusion of security protocols within IT infrastructure, data protection and hardening of software applications.
 
Represent ITS as a liaison on the college's Business Continuity Workgroup
 

Knowledge, Skills, and Abilities

Demonstrated experience in Internet and network security products and platforms, including intrusion detection, intrusion prevention, incident response, vulnerability assessments and penetration testing.
 
Comprehensive understanding of industry standards and requirements for information security management, state and federal statutes and third-party security assessments.
 
Strong leadership skills and ability to work effectively with college leaders and IT engineering, operations, and support staff.
 
Excellent knowledge of information security alerts, threat trends, intrusion analysis, malware, anomalous behavior, forensic research and incident response protocols.
 
Strong analytical, project management and team-oriented interpersonal skills.
 
Experience developing departmental policies, procedures, standards and guidelines.
 
Proven ability to work under pressure in emergencies and communicate security-related concepts to technical and non-technical staff.

Requirements

Bachelor's degree
 
Four years' experience in an IT related discipline with at least 2 years cyber-security or related IT information security role.
 
Ability to work nights and weekends as needed to resolve security related issues
 
Ability to push, pull, lift, and carry up to 50 pounds

Preferences:

Master's degree in Cyber-Security or related field.
 
CISSP, CISM or CEH certification.
 
PMITS, PMP or CAPM certification.
 
One or more years' experience in higher education.

Essential Personnel:

TBD