Rowan University is a public comprehensive state-designated research institution with approximately 16,000 students. Its main campus is located in Glassboro, N.J., 20 miles southeast of Philadelphia, with additional campuses in Camden and Stratford. The University comprises seven colleges and five schools: the William G. Rohrer College of Business; the Henry M. Rowan College of Engineering; the Colleges of Communication and Creative Arts, Education, Humanities and Social Sciences, Performing Arts, and Science and Mathematics; the Cooper Medical School of Rowan University; the Rowan University School of Osteopathic Medicine; the Graduate School of Biomedical Sciences; the School of Health Professions; and the School of Earth and Environment. Rowan is one of two public universities in the country to offer M.D. and D.O. medical degree programs. The institution is also home to the South Jersey Technology Park, which fosters the translation of applied research into commercial products and processes. Rowan has been recognized as one of the top 100 public universities in the nation and is ranked third among public institutions in the North by U.S. News & World Report
Reporting to the Director of the Information Security Office, the Information Security Risk Manager serves as an administrative and technical lead on Information Security Office governance initiatives, projects and implementations. This position is focused on evaluating, ranking, managing and reporting Information Security risk throughout Rowan University.
The position level and pay rate will be based on experience and qualifications. All applicants meeting the required qualifications are encouraged to apply.
Responsibilities: Undertake ongoing development and management of Rowan’s Information Security Risk Management Program. Undertake ongoing development and management of Rowan’s Vendor Management Program, including vendor risk reviews. Coordinate Rowan University’s vulnerability management program, including assessments of operating systems, applications, databases and network infrastructure components to detect, enumerate and classify associated risks and vulnerabilities. Provide guidance to the organization on various compliance requirements, including HIPAA, FERPA and PCI. Ensure that effective risk management procedures are implemented and enforced across the organization. Organize and perform vulnerability classification based on system classification, industry publications, attack vector analysis and external intelligence. Work closely with both highly technical and non-technical staff to assess risk and develop risk mitigation strategies throughout multiple phases of the service lifecycle. Represent the ISO with individual organizational units in order to assess their business, academic, research and operational goals, and identify and manage the associated risks to the University. Prioritize identified risks and coordinate with various units on pragmatic risk mitigation strategies that balance the operational goals of the individual departments with the Information Security needs of the University. Liaise with various units across the institution to assist them with understanding their Information Security and Compliance responsibilities. Represent the Information Security Office throughout all phases of various audits and assessments. Participate in various Security activities including special projects and other risk reviews. Assist in the development and implementation of policies with a focus on Information Security.
All applicants must have the following qualifications: 4-year degree in MIS, Information Systems, Computer Science or related field. Years of experience may be substituted for education on a year-by-year basis. 4 years of Information Security or related IT experience. Expertise in risk management, audit, security practices, procedures and principles. Demonstrated experience with industry standard security tools such as Nessus, Splunk, McAfee, Symantec, DLP, web content filtering, etc. Technical knowledge of Microsoft Windows, Linux and VMWare operating environments with related configuration and management toolsets. Ability to work in an enterprise environment and function as a technical contributor among a large team of peers and subject matter experts. Strong analytical and problem solving skills. Ability to quickly grasp technical issues and offer solutions. Excellent verbal and written communication skills. Organizational skills for planning and prioritizing work. Ability to adapt to changing priorities and multi-task in a self-directed environment.
Desired qualifications: Certified Information System Security Professional (CISSP), GIAC Security Engineer (GSEC), Certified Information Security Manager (CISM) or similar industry certification. Extensive knowledge of intrusion detection, security system scanning, password auditing, network and web based vulnerability scanning. Strong project management, time management and organizational skills. Demonstrated experience in identifying, investigating, and managing security investigations and risks. Knowledge of TCP/IP, RADIUS, TACACS+, IPSEC, network design principles, firewalls and routing architectures. Knowledge of security standards such as COBIT, ITIL, NIST and ISO27001. Participation in CERT, IETF, ISACA, ISSA or SANS.
Rowan University values diversity and is committed to equal opportunity in employment. All positions are contingent upon budget appropriations.