Information Security Officer (On-Site)

Category:Administrative

Subscribe:

Department:Information Technology

Locations:Herkimer, NY

Posted:Oct 26, 2022

Closes:Open Until Filled

Type:Full-time

Position ID:155017

Share

About Herkimer College:

Herkimer College isn't just a great place to be a student - it's also a great place to work. Our faculty and staff enjoy a friendly atmosphere, supportive community and opportunities for growth. They have the advantages of being a part of the SUNY network, as well as an outstanding benefits package for full-time employees.

We encourage you to check out our current employment opportunities. Herkimer College does not discriminate on the basis of race, color, gender, age, creed, religion, national origin, marital status, disability, or any other characteristic protected by federal or state law in admissions, employment or in any aspect regarding the conduct of College business.

Pursuant to Executive Order 161, no State entity, as defined by the Executive Order, is permitted to ask, or mandate, in any form, that an applicant for employment provide his or her current compensation, or any prior compensation history, until such time as the applicant is extended a conditional offer of employment with compensation. If such information has been requested from you before such time, please contact the Governor's Office of Employee Relations at (518) 474-6988 or via e-mail atinfo@goer.ny.gov.

Interested in learning more about Herkimer College as a workplace? Great! Feel free to peruse our Faculty/Staff Directory, learn about our campus, review our Annual Security Report, and learn about our employee benefits.

Job Description:

Herkimer College seeks qualified applicants for a full-timeInformation Security Officer.

The IT Information Security Officer will be responsible for overseeing information security/cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks. This individual will be an integral part of the Information Technology organization reporting directly to the Information Technology Director to help improve and communicate the maturity levels of information security, state of cybersecurity and IT risk practices across the College. Works closely with various technical functional departments, analyzing user Information security needs and developing solutions to meet the users' requirements. The successful candidate will have advanced communication skills, as well as the ability to simplify complex security technology concepts, and to plan, prioritize and seamlessly integrate all parts to deploy successful security solutions.

MAJOR RESPONSIBILITIES:

A. Coordinates the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes, and procedures in compliance with local, state, and federal regulations and standards for the College information systems.

B. Develops and manages the frameworks, processes, tools, and consultancy necessary for IT to properly manage risk and to make risk-based decisions related to IT activities.

C. Proactively identifies and mitigates IT risks as well as responding to observations identified by third party auditors or examiners while assisting in the development of periodic reports and dashboards presenting the level of controls compliance and current IT risk posture.

D. Facilitates information systems security management education and training in regulatory and industry standards for all college employees and students.

E. Monitors computer networks and systems for security issues.

F. Performs penetration testing and vulnerability assessments.

G. Remediates security vulnerabilities to maintain a high-security posture.

H. Maintains systems integrity, security, and patch management proactively.

I. Investigates security breaches and other cybersecurity incidents.

J. Documents any security incident and assessing their damage.

K. Maintains up to date knowledge and skill on current information security technology systems and solutions.

L. Provides 24/7 support for all critical applications and systems.

M. All other duties as assigned.

Requirements:

EXPERIENCE AND EDUCATIONAL BACKGROUND:

• Bachelor's degree or equivalent in Information Security / Cybersecurity, a minimum of 7 years work experience in Information Security / Cybersecurity work. Prefer Master's Degree or equivalent.

• Possess Certified Information Systems Security Professional (CISSP), SANS GIAC, Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), or equivalent.

• Experience in risk, compliance, and information security policy development.

• Knowledge and understanding of higher education, governmental agency or corporate/industry information security, governance, risk and compliance practices and standards.

• Knowledge of laws and regulations including but not limited to: Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability Accountability Act (HIPAA), Gramm-Leach-Bliley (GLB) Act, Sarbanes-Oxley, and Payment Card Industry Data Security Standard (PCI DSS).

• Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as (NIST, ITIL).

• General knowledge of information security regulatory requirements and standards such as ISO 27001/2, SANS top 20 and NIST 800-53, 800-171.

• Ability to ensure Information Security standards and parameters for any systems on the campus network.

• Ability to conduct security assessment, penetration testing, and provide recommendations and remediations to enhance security posture.

• Experience with Unix/Linux/Windows operating systems.

• Experience with PowerShell, Bash, Python scripting.

• Experience with developing and maintaining process automation.

• Experience with vulnerability management, incident response, log collection and correlation.

• Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts.

• Ability to identify and mitigate network vulnerabilities and explain how to avoid them.

• Experience with cloud security tools.

• Experience with automating and orchestrating information security.

• Experience with writing technical specifications.

• Experience with project planning and management.

• Ability to work independently and direct others.

• Ability and motivation to stay current on and learn technology related to the position.

• Excellent verbal communication, problem solving and organizational skills.

• Ability to handle multiple projects simultaneously.

Additional Information:

THIS IS AN ON-SITE POSITION (NOT REMOTE),

Application Instructions:

In order to be considered for this position, you must submit your credentials online. Create an account by clicking on the APPLY NOW tab. You will be able to upload the following documents, which are required for consideration:

• Resume/cv

• Cover Letter

Once your account is established, you mayloginat any time to review your completed application or upload additional documents. You will receive an acknowledgement indicating your application materials have been received.

See theFAQ (http://support.interviewexchange.com/articles/#!candidate/) for using our online system. Please contact us if you need assistance applying through this website.