Information Security Manager
Coastal Carolina University seeks candidates for the following position: Information Security Manager
Under general supervision of the CITO, the Information Security Manager is responsible for managing, facilitating, monitoring, and implementing security policies, procedures, technical controls, and industry standards to effectively address the confidentiality, integrity and availability of data as well as to ensure that the University information resources are secure from unauthorized access, protected from inappropriate alteration, and physically secure. In consultation with the CITO, participates in the development and maintenance of disaster recovery plans and business continuity.
Duties include, but are not limited to:
Providing management for University’s security policies, procedures, and standards; working collaboratively with data custodians, and the ITS team members to manage and maintain information security policies, procedures, and standards including IT security planning, and IT security architecture; risk assessment; incident management, IT security systems management, security awareness, and training; monitoring and providing guidance on information security issues related to systems, network, data centers and workflows to ensure the internal security controls are appropriate and operating as intended; analyzing user’s needs to assess technical feasibility and solutions of security systems and processes; translating security requirements into functional specifications and managing changes; leading the full systems life cycle; designing, coding, testing, implementing, maintaining and supporting software, quality assurance, testing, and deployment; developing and validating baseline security configurations for operating systems, applications, networking, and telecommunications equipment; participating in and assisting with the enhancement and maintenance of compliance efforts, including but not limited to PCI, FERPA, etc. policies, procedures, measures and control standards; reviewing plans for existing and new systems, networks, and applications to identify vulnerabilities, risks, and protection needs and provide timely recommendations to the CITO; providing expert analysis and advice on IT security issues and concerns; participating and playing a lead role in Information Security meetings and committees; providing exceptional customer service to all constituents, including but not limited to, faculty, staff, students, visitors and the community at large; developing and maintaining operational procedures and standards as well as change management processes in alignment with regulations and University policies; collaborating effectively with other IT units to meet ITSgoals and objectives to advance the University mission; mentoring and developing direct reports through team-building, collaboration projects, cross training, and various other methods; managing hiring, training, supervision, delegation, cross training, and evaluation of Information Security Analyst(s); assisting with the preparation of ITS documentation including department policies and procedures, ITS alerts, campus notifications, and web content; and performing other duties as assigned.
Required Qualifications:
A Bachelor’s degree in information technology systems, computer science, or related field and experience in information technology systems or related area. Relevant experience may be substituted for bachelor’s degree on a year-for-year basis. At least three (3) years of progressive experience in Information Technology, network support fields, and information security preferred. Certifications in information security are desired. Certification such as Association of (ISC)2, GIAC, or agreed upon equivalent is expected to be accomplished within the first three years of employment.
A successful candidate must possess advanced knowledge of security administration for various operating systems and software; the ability to develop project plans for information security systems; possess advanced technical knowledge of application and operating system hardening, vulnerability assessments, security audits, and firewalls; possess advanced analytical and problem solving skills; and advanced knowledge and understanding of information risks concepts and principles as a means of relating business needs and security controls. Additionally, a successful candidate must possess excellent documentation and presentation skills; the ability to explain information security concepts to audiences outside the field; must have excellent interpersonal and organizational skills; the ability to work well in an academic environment; strong oral and written communication skills; possess the knowledge of common enterprise data center technology solutions as well as network operating system models; and possess demonstrated supervisory and time management skills.