Manager - IT Security (IT Computer Systems Manager, Level 3 - Provisional)
I.T. Computer Systems Managers manage and direct an Information Technology area at a College or University level. They set policies and procedures, direct technical staff, and maintain responsibility for administrative as well as technical issues within their assigned area(s) of responsibility. They may manage major and/or large, complex information systems activities and/or manage a unit or group.
This job is in CUNY's Classified Managerial Service. The full specification is available on our web site at http://www.cuny.edu/about/administration/offices/ohrm/hros/classification/ccsjobs.html
Computer Systems Manager
CAMPUS SPECIFIC INFORMATION
The City College of New York (CCNY) is the founding institution of the City University of New York (CUNY) and is comprised of outstanding programs in Architecture, Engineering, Medicine, and the Liberal Arts and Sciences annually serving over 16,000 undergraduate and graduate students. Leading CUNY in funded research, CCNY hosts a number of research centers including two new advanced research centers.
CCNY's Office of Information Technology (OIT) is a vital component of the college's operation responsible for software applications, hardware support, telecommunications, media services, network infrastructure, instructional technologies and information security. The OIT is committed to collaborating with the college community to provide excellent information technology products and services.
Under the general supervision of the Chief Information Officer and/or Deputy CIO, exercising independent initiative and judgment, the Manager of IT Security will oversee the City College of New York (CCNY) Office of Information Technology (OIT) Security team and will design, coordinate, and implement technical and procedural security initiatives. He or she will develop, analyze, and refine the College's information security protocols and technologies; maintain the College's information security infrastructure; ensure effective responses to information security threats and incidents; develop long-range goals for strategic IT security plans; maintain up-to-date knowledge of regulations governing security initiatives in academia and health care; conduct security monitoring, assessments, and audits; and promote awareness of information security best practices to the college community.
In fulfilling his or her duties, the Manager will collaborate with other OIT units, including Networking, Telecommunications, IT Operations, User and Instructional Support Services, Application Development, and Business Services. She or he will also confer with faculty, staff, and students on information security related matters and special projects.
The successful candidate will be expected to:
- Manage IT Security Office that includes security engineering, security operations, identity and access management, and incident management and response responsibilities.
- Lead, develop, and train the IT Security office staff.
- Participate in university information security meetings and lead internal Information Security Task Force, which is comprised of IT managers and the Information Security Office.
- Orchestrate IT Security-related projects from inception through implementation to ensure timely and effective completion in compliance with established security protocols and best practices.
- Design, implement, and manage a comprehensive strategic information security and IT risk management program that ensures the integrity, confidentiality, and availability of CCNY IT resources.
- Define and manage identity management and access controls based on identities (e.g. password management, single sign on, two-factor authentication, PIN management, digital signatures, smart cards, biometrics, Active Directory, PeopleSoft security access provisioning, etc.).
- Establish and implement incident management protocols to proactively obstruct and contain threats, identify and remediate vulnerabilities, and analyze and minimize risks.
- Review, recommend, and drafts policies, procedures, standards in accordance with overall university policy and evolving industry best practices.
- Develop and orchestrate annual information security assessments of the college-wide IT architecture, including network, server, computing desktop, mobile device, audio-visual, application, and database infrastructures.
- Perform vulnerability scanning, penetration testing, and auditing of various information technology systems and generate annual report of security findings and recommendations.
- Administer and/or assess information security for multiple network security technologies (e.g. VPN, intrusion detection, intrusion prevention, firewalls, web application firewalls, network access control).
- Develop, implement, maintain, and test up-to-date controls necessary to protect the following: network/Internet perimeter (e.g. firewalls, DMZ, network connections, third-party connectivity, remote access, VPNs); host systems (e.g. intrusion prevention/detection, endpoint protection, access controls); software and applications in accordance with security requirements (e.g. access controls, operating systems, applications, database management systems, web-based PCI applications, maintenance); and information and vital assets (including media) in accordance with security requirements (e.g. privacy requirements, PII, encryption, PKI, backups, DLP, data retention/destruction).
- Develop, plan, test and execute incident management and response protocols in accordance with the Disaster Recovery and Business Continuity plan for the campus.
- Lead and coordinate information security incident responses, providing accurate, comprehensive, and timely communications of each incident's containment, reporting, assessment, investigation, and procedural review.
- Develop and promote effective information security awareness training and educational resources for the college community.
- Six (6) years of progressively responsible full-time paid information systems technology experience, at least 18 months of which shall have been in an administrative or managerial capacity in the areas of computer applications programming, systems programming, information systems development, data telecommunications, data base administration or a closely related area.
- Education at an accredited College or University may be substituted for the general information systems technology experience at the rate of one year of college for 6 months of experience up to a maximum of 4 years of college for 2 years of experience. In addition a Master's degree in computer science or a closely related field from an accredited college or university may be substituted for an additional year of the general information systems technology experience. However, all candidates must possess the 18 months of administrative or managerial experience described above.
This title has multiple levels. In addition to the minimum qualifications above, additional qualifications, such as education, experience, or certification relevant to the area of specialization are required.
- Experience in information security
- Security incident management and response experience
- Expertise with enterprise systems administration including Microsoft, Apple, Linux/Unix, McAfee ePO, Solarwinds, and PeopleSoft platforms
- Expertise with enterprise network management including Cisco routers and switches, Palo Alto firewall/IPS, and Aruba technologies
- Experience designing, integrating, and configuring network and systems security, including VPN, intrusion detection, intrusion prevention, firewalls, web application firewalls, network access control, and enterprise endpoint security solutions
- Knowledge and understanding of relevant legal and regulatory requirements, including the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard
- Strong interpersonal communication and writing skills
- Excellent organizational skills and attention to detail
- Experience supervising teams of 3-5 technical staff
- Relevant information security and/or information technology certifications (CISSP; Security+, CCSP, CISA, CISM)
Salary commensurate with education and experience.
CUNY offers a comprehensive benefits package to employees and eligible dependents based on job title and classification. Employees are also offered pension and Tax-Deferred Savings Plans. Part-time employees must meet a weekly or semester work hour criteria to be eligible for health benefits. Health benefits are also extended to retirees who meet the eligibility criteria.
HOW TO APPLY
If you are viewing this job posting in CUNYFirst, please click on "Apply Now" on the bottom of this page and follow the instructions.
If you are viewing this job posting externally, please apply as follows:
- Go to www.cuny.edu and click on "Employment"
- Click "Search job listings"
- Click on "More search options"
- Search by Job Opening ID number
- Click on the "Apply Now" button and follow the instructions.
Open until filled with resume review to begin 4/7/17.
JOB SEARCH CATEGORY
CUNY Job Posting: Managerial/Professional
EQUAL EMPLOYMENT OPPORTUNITY
CUNY encourages people with disabilities, minorities, veterans and women to apply. At CUNY, Italian Americans are also included among our protected groups. Applicants and employees will not be discriminated against on the basis of any legally protected category, including sexual orientation or gender identity. EEO/AA/Vet/Disability Employer.
Location: City College of New York
Job Title: Manager - IT Security (IT Computer Systems Manager, Level 3 - Provisional)
Job ID: 16511
Full/Part Time: Full-Time