Job Description

Position Summary
The Information Security Manager provides expertise, advice and leadership in all areas of cyber security. The primary responsibilities of the ISM include leading incident response efforts, assisting in formulating, maintaining, enforcing and reviewing information security policies and procedures, and performing advanced analytics, device manipulation and control in support of information security operations. The Information Security Manager is responsible for daily management and coordination of network intrusion prevention and other security systems, monitoring of security controls, reviewing device and security logs for anomalies, and identifying trends for forensic analysis correlation. The Information Security Manager is responsible for the development and delivery of a comprehensive security and privacy program for the College.
Reports to Director of Infrastructure and Security
Essential Functions and Responsibilities
· Develop, maintain, implement, and evaluate security policies, procedures, standards, systems, and procedures
· Define objectives, set priorities, and perform technical duties that drive successful project completing and response efforts that align with the College’s strategic goals
· Collaboratively develop and maintain an information security program and conduct necessary actions to drive the adoption of the program’s requirements and recommendations College-wide
· Coordinate response to security incident,including leading and directing people to take specific mitigating actions.
· Provide guidance and leadership as part of the incident response team. Assist with the containment, eradication, and prevention of security incidents affecting the networking and security environments
· Develop procedures to ensure confidentiality, integrity, and accessibility of data and software. Work closely with IT infrastructure and enterprise application teams to identify and implement appropriate security procedures, software, and hardware
· Develop and implement procedures and guidelines for internal auditing of information security controls. Conduct or facilitate auditing procedures
· In conjunction with other IT staff, investigate, recommend, and authorize security tests, penetration tests and security scans affecting information systems resources. Manage the efforts to address any vulnerabilities reported by scans or tests as the College-wide incident handler.
· Evaluate proposed vendors, products, and processes for compliance with College policies
· Manage and maintain the College’s digital identities through internal and external directory services and the processes that activate, deactivate, and synchronize those identities
· Monitor Security and Incident Event Management and enterprise security appliances related to host and network, intrusion detection and prevention systems
· Assure workstation and server security by leading or performing vulnerability assessment, patch validation, and security risk assessment
· Collaborate with college departments to integrate and maintain processes to ensure compliance with information security best practices within departmental operating procedures. Provide consulting services to all College staff on system, data, access, control, and information security issues
· Coordinate the development and delivery of an information security awareness and literacy program for all college employees, other authorized users, and students
· Serve as information security risk management liaison to the College and make security recommendations to ensure that operations comply with contractual agreements and relevant laws and regulations.
· Provide recommendations addressing the physical protection of information security-related assets
· Participate in the planning and design of College-wide business continuity and disaster recovery strategies where appropriate
· Ensure that College data, system, and information security policies are followed in all third-party system implementations, including projects originating outside the IT division
· Remain informed of trends and issues in the information security industry, including current and developing technologies, emerging attack techniques, evolving best practice, and new regulations
· Manage and maintain the College’s security certificates
· Work collaboratively with others to accomplish functions and responsibilities
Assume additional duties as assigned by immediate supervisor
Required Education Bachelor's Degree from a regionally accredited institution
Other Required Qualifications
· Bachelor’s degree from a regionally accredited institution in Computer Science or related field; or equivalent combination of education/experience
Desired Qualifications
· At least five years of experience in information security and information technology
SSCP, CISSP, CISA, MCSE, Security + and/or ITIL certifications
Skills and Specifications
· Knowledge of and experience in the policy and regulatory environment of information security in higher education, computer security issues, requirements, and trends
· Understanding of network topology and security concepts
· Ability to work independently and within a team to creatively solve complex problems in high-pressure situations
· Ability to communicate clearly and effectively in both verbal and written formats
· Strong organizational, administrative, and project management skills
· Strong interpersonal skills, including the ability to provide outstanding customer service to all college stakeholders
· Responsible and self-directed
· Ability to lift 50 pounds unassisted
· Understand cryptographic technologies
· Ability to understand and analyze information security best practice and develop creative adaptions
· Excellent working knowledge of network security infrastructure such as firewalls, intrusion prevention and/or detection systems, routers, and switches
· A working knowledge of network- and computer-related forensic techniques, eDiscovery, and electronic data preservation
· Commitment and respect for diversity, equity, inclusiveness and the MCC Behaviors of Excellence
· Commitment to the College mission, vision, values, and goals
· Ability to perform all the essential functions, skills, and specifications of the position