Manager, Information Security and Compliance (Full-Time)
Posted on Oct 28, 2020 by West Virginia Network for Educational Telecomputing (WVNET)
Manager, Information Security and Compliance (Full-Time)
WVNET connects K-12 schools, higher educational institutions, libraries, state and county government, and various not-for-profits to the Internet and the rest of the world through our state-of-the-art network and telecommunications expertise.
Our team of dedicated IT professionals provide guidance and training to educators and staff in higher education and K-12 schools. Our research and development of software, tools, and systems address problems and tackle challenges that are unique to West Virginia's public institutions and not-for- profits.
Position Title: Manager, Information Security and Compliance (Full-Time)
Work Location: Morgantown, WV (Required)
Classification: Salary, Non-Classified, Full-Time Benefits, FLSA Exempt
Salary: Starting annual salary range is $85,000 - $95,000 and commensurate with experience. Additionally, WVNET offers an excellent benefits package which includes comprehensive health, retirement, and insurance plans as well as generous amounts of vacation, sick, and holiday leave.
Application Deadline: Open Until Filled.
This position is responsible for the day-to-day monitoring of WVNET's infrastructure environment, analysing and responding to events as necessary. Working across the organization, must be able to utilize multiple tools to monitor, analyze and respond to infrastructure threats. Provides security leadership in support of the enterprise as it relates to IT network security, IT security governance, security monitoring, and security awareness. Ensures organizational compliance with security policies, standards, and processes. Works horizontally across the enterprise to solve and prevent problems collectively and leverage the collective expertise contained in the organization. Assists management in the development and implementation of policies and procedures for monitoring, assessment, analysis, and response.
DUTIES & RESPONSIBILITIES
Information Security Operations
- Participates in incident response activities, including readiness activities and table-top exercises.
- Monitors for and coordinates response to vulnerabilities in the agency's on-premise and cloud environments.
- Responsible for developing and implementation a comprehensive information security program and prioritized roadmap
- Conducts or coordinates periodic vulnerability scan and penetration tests
- Manages institution-wide information security governance processes
- Execute on incident response plans, identify root cause, and drive mitigations to prevent future occurrences
- Champion projects that improve our security and incident response capabilities
- Responsible for security event monitoring, management, and response utilizing SEIM toolsets
- Works horizontally across the organization to provide highly reliable, secure, and cost-effective network security services
Policy and Compliance
- Leads the implementation of security controls, practices, and policies through collaboration with other WVNET technical staff
- Assists in risk assessments and gap analysis for compliance to various policies and regulations, including, but not limited to FERPA, HIPAA, PCI, and internal policies
- Regularly reviews and recommends updates to internal information security policy and procedures
- Directs the development and delivery of a security awareness training program for employees
- Develops training related to cybersecurity standards, penetration testing, vulnerability assessments, and accreditation and certification.
- Engages and educates customers on information security threats and best practices to manage risk
- Provides regular presentations on information security topics
- Maintains a current understanding of the IT threat landscape for the industry
- Keeps current with new or evolving information technology
- Required: Bachelor's degree in computer science, information system, information assurance, cyber security, or a technology-related field.
- Preferred: Master's degree in the same fields of study.
- 5 years - Experience working as an IT technical specialist in networking, systems operations, or similar department of a large IT organization.
- 2 years - Experience working in an information security role or department.
- Preferred: Experience working in higher education.
- Preferred: Professional security certification (eg, CISSP, CISM/A).
KNOWLEDGE, SKILLS, AND ABILITIES
- Strong technical and operational knowledge of general security concepts and methods (vulnerability assessments, privacy assessments, intrusion detection, incident response)
- A strong understanding of information security regulatory requirements and compliance issues.
- In-depth understanding of networking protocols, security-related technologies, and end user security issues.
- Experience with vulnerability scanning and security management platforms
- Experience with common security and privacy legislation and regulations (eg PCIDSS, FERPA, HIPAA, etc.)
- Familiarity with security standards (NIST, ISO, COBIT)
- Excellent analytical, troubleshooting and interpersonal skills.
- Excellent verbal and written communication skills.
- Organization and attention to detail.
TO APPLY: Submit cover letter and resume: (see below)
Equal Opportunity/Affirmative Action Employer/Veterans/Disabled
The West Virginia Network for Educational Telecomputing (WVNET) is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, or protected veteran status and will not be discriminated against on the basis of disability. WVNET provides a collegial, respectful and inclusive environment that values the diversity, creativity and contributions of its staff.