Director of Security Operations
Job Title: Director of Security Operations
Campus Location: Morristown Campus (Employees are assigned to a “home” location but may occasionally or regularly be required to work at other WSCC locations.
Job Purpose: This position guides and maintains the college’s information security program. They are responsible for all matters of IT security, compliance, auditing, risk mitigation, and policy. This position works to strengthen the college’s security posture and minimize risks from external and internal security threats. The position holistically oversees governance, standards, compliance, security policies, risk assessments, incident response, audits, security architecture, security programs, security controls, security monitoring, third-party relationships, security training, phishing campaigns, security documentation, GLBA, PCI, table-top exercises, security tools, industry trends, etc.
Duties include incident monitoring, metrics gathering, generating security-focused reports and performing security-related audits as needed. The position is responsible for the operation and maintenance of the security infrastructure, evaluating, recommending, and implementing new approved technologies and innovations. This position holds responsibility for the troubleshooting and resolution of reported information security issues. This position works in conjunction with organizational departments across the college to ensure employees are aware of cybersecurity issues, are trained in good cybersecurity practices, and are practicing safe/secure data collection, data transfers and storage, and use of social media, mobile devices, apps, etc.
Essential Job Functions:
- Manages and oversees security operations, security engineering, and compliance of information systems and services across the enterprise. Maintains awareness of the college’s security posture and exposure. Articulates any security issues to constituents, IET, and college leadership. Monitors, troubleshoots, isolates, and otherwise mitigates critical vulnerabilities. Develops controls, detects trends, and minimizes exposure to security vulnerabilities. Responsible for troubleshooting, responding, and resolving information security issues. Performs analysis of activities and threats as a means of investigation, including digital forensics. Develops, implements, and refines solutions for security monitoring, detection, and response on college technology systems. Performs high-level analysis of complex systems, networks, data storage, and other technology systems. Authors and edits security incident reports for documentation.
- Manages the college’s Information Security Program. Promotes information systems reliability and accessibility, while protecting and defending against unauthorized access to systems, networks, and data; lead the planning, design, development, integration, testing, documentation, training, implementation and maintenance of IT security systems and products; oversees ongoing activities related to the development, implementation, and improvement of the information security program in compliance with applicable federal and state laws and regulations and college security policies. Primary areas of focus: security risk assessments; risk management; education and awareness; advising personnel on managing effective security practices; developing and maintaining strong working relationships to collaborate and partner with key stakeholders and external solution providers to advocate for appropriate security practices; planning, designing, enforcing, and auditing security policies and procedures which safeguard the integrity of and access to college systems.
- Develops, delivers, documents, and manages IT security standards, policies, procedures, best practices, etc. to enhance the overall security architecture. Ensures that IT security audits are conducted periodically or as needed; collaborates with internal, TBR, and state auditors during regular audit cycles. Maintains disaster recovery and business continuity plans. Ensures technology systems protect sensitive information through encryption and other security tools. Maintains knowledge of IT risks through the review of various email lists, security websites, and professional publications; researches technology security trends; proactively identifies threats to the college and recommends protective actions. Analyzes new federal and state statutory requirements, TBR and state policies, and other security initiatives to determine changes necessary for adoption/compliance and makes appropriate recommendations to IT management.
- Develop security awareness training programs; penetration testing timelines; security standards metrics and other security-related tools for distribution and implementation across the college community; promotes professional development of IT Security Awareness; ensures adherence to IT security best practices and standards across the organization; consults with and studies other college areas to address risks, gaps in compliance, and business practices. Oversees IT security awareness training, table-top exercises, and other security related campaigns. Conduct various outreach efforts such as policy and compliance education. Provides leadership through strong working relationships and collaboration across the college community to develop strategic goals for information security compliance and risk mediation.
- Provides leadership and ownership of the Cyber Incident Response Plan (CIRP) and IT-related compliance; foster security and audit-related regular communications with other Incident Response Teams (IRT); oversee and recommend appropriate corrective actions for violations of IT policy and compliance. Coordinates the incident response function of the college and oversees ongoing activities related to the development, implementation, and improvement of the incident response plan. Acts alongside the CIO as a primary control point during information security incidents. Investigates security incidents; performs computer forensics studies and maintains incident tracking records. Prepares status reports on security matters; develops security risk analysis; keeps management informed of risks and critical issues that might affect students, employees, or the college community.
- May perform other duties as required.
Required Qualifications:
- Bachelor’s degree in Cyber Security, Information Technology, or related field
- 5 years of career experience in a closely related field
- Excellent communication skills and the ability to work well with people at every level
- Experience working in both technical support and end-user support environments
Preferred Qualifications:
- A master’s degree in Information Technology, Computer Science, or a highly related field
- 8 or more years of career experience in a closely related field
- Certification in information security (CISSP)
- Certification in Project Management
- Experience as a security analyst, network/server administrator, network engineer, or closely related position
Behavioral Core Competencies:
- Works effectively as a team member to achieve goals and objectives.
- Shares information readily with others and listens effectively, showing openness to new ideas
- Treats team members with dignity and trust and shows respect for others’ race, nationality, gender, age, background, perspectives, experience and style.
- Displays a high degree of personal effectiveness; pursues objectives with consistent determination. Willing and prepared to accept personal responsibility for actions, both positive and negative.
- Treats team members with respect. Willingly responds to requests for assistance from team members.
- Respects the College’s rich heritage and historical achievements by embracing important changes that advance the College’s mission while honoring the past.
- Exercises discretion and forethought in the efficient utilization of organizational resources, showing respect for the organization’s generous benefactors and supporters.
Leadership & Supervisory: The incumbent position has no responsibility for the supervision of others. This position is responsible for the college’s IT security program administration and security related projects. This position works with and guides security practices and compliance across all departments and levels of the organization.
Most tasks completed by an employee in this position are completed without consulting others. Resources, guidelines, and supervisor consultation are available when needed. Work is evaluated largely for progress towards completion of objectives and the overall security posture of the college.
Environmental & Working Conditions: Office environment is temperature controlled with occasional fluctuations, well lit, and free from loud noises and unnecessary interruptions. May work outside of normal business hours for system maintenance, security incidents, and other security related demands.
Physical Demands:
- Large amounts of time spent looking at computer monitors could lead to some eye strain, stress, or headache issues.
- Repetitive stress injuries could occur.
- Ability to travel to multiple locations.
- Ability to lift up to 50 lbs.
- Ability to climb up and down a ladder.
- Ability to push and pull equipment.
- Standing or sitting for long periods of time
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties of this job.
Requisition #500011
Posting Closes: Friday, January 24, 2025