Position Description

The Cybersecurity Administrator is responsible for the implementation, administration, and continual improvement of the security solutions identified in the College’s security program to ensure that all information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which the College operates. The Cybersecurity Administrator will be responsible for day-to-day security operations including supporting and maintaining a wide range of information security products that monitor and provide compliance across IT assets owned, controlled and/or processed by the College. The Cybersecurity Administrator will report to the Director of Information Technology - Operations and will work jointly with IT staff and other operational teams to coordinate, facilitate and effectively implement and maintain the compliance of the College’s security policies and procedures.

The Cybersecurity Administrator must be knowledgeable with the operation, maintenance and functionality of firewalls, endpoint security systems, network devices and modern operating systems. The ideal candidate is dedicated and passionate about cyber security technologies and is constantly learning and evolving to have awareness of current hacking techniques and cybercrime and keeps pace with the industry’s latest trends to address these threats. This position requires a demonstrated track record of competency in cyber security design, administration and operations with three to five years of relevant experience.

Position Duties

Create, update and maintain essential security policies and documentation.

Implement and manage secure, trusted systems to ensure appropriate confidentiality, integrity, availability, safety, privacy and recovery of digital assets owned, controlled and/or processed by the College including custom or third-party solutions.

Evaluate third-party solutions for compliance with Stark State College’s security policies.

Implement, manage and support secure network solutions to protect against network intrusion.

Implement, manage, monitor and upgrade security measures to protect data, systems and networks

Perform and/or coordinate third-party assessments and penetration testing to measure the effectiveness of the College’s cyber security program.

Manage security technology and audit/intrusion systems that consist of Cisco, Microsoft and other security solutions related to VPNs, Data Loss Prevention, IDS/IPS, Security Audits and more.

Troubleshoot and remediate issues associated to the College’s security and network, including handling any system breaches.

Participate in the change management process to forecast the effects of change through potential scenarios and the security consequences on information resources.

Test and identify network and system vulnerabilities to determine potential vulnerabilities that could be leveraged by a threat source and address identified issues accordingly.

Identify and respond to security threats.

Work with vendors to ensure that information security requirements are included in new or renewed contracts to manage third party risk.

Work with key stakeholders to ensure the consistent application of policies and standards across all technology projects, systems and services – including privacy, risk, audit and compliance and business continuity management.

Provide clear risk mitigating directives for projects with digital technology components including the application of controls.

Manage and maintain a document framework of continuously up to date information security policies, standards and guidelines. Oversee the approval and publication of the information security policies and processes.

Manage and maintain a framework for roles and responsibilities regarding information and master data ownership, classification, accountability and protection of digital assets.

Build and nurture external networks consisting of industry peers, partners, vendors and other relevant parties to stay up to date on best practices to address security trends and cybersecurity risks.

Monitor security advisory groups and ensure necessary security updates, patches and preventive measures are in place.

Provide compliance reporting to operational and executive level team members.

Other duties as assigned

Education, Experience and Licensure/Certification Requirements

BA /BS degree

Minimum of three years of experience in a combination of information security and IT

Requires Fundamental Computer Forensics skills to effectively protect organizations' digital assets and prevent, detect and remediate security breaches.

Knowledge, Skills, Abilities Required

BA /BS degree with a minimum of three years of experience in a combination of information security and IT.

Experience working with products in the following categories cloud security, O365, Azure AD, Identity and Access Management, enterprise password vaults, vulnerability scanning and management (Tenable) and Application control.

Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to speak clearly and concisely on cybersecurity strategy and policy, as well as to be able to convey technical information to individuals of different levels of technical comprehension, ranging from senior management to technical experts.

Fundamental Computer Forensics skills to effectively protect organizations' digital assets and prevent, detect and remediate security breaches.

Understanding of regulatory and compliance specifications relevant to FERPA, HIPPA, GLBA and others

Strong knowledge of web, mobile, and/or desktop application security vulnerabilities and countermeasures.

Ability to distil complex security threats and risks into simple terms for non-security (and even non- technical) stakeholders.

Experience securing networks and infrastructure through firewall design, network segmentation and access.

A desire to learn and self-educate to stay current on best practices and emerging industry trends.

Knowledge of the latest trends and awareness of current hacking techniques and cybercrime.

Knowledge of hacking to know how systems could be breached, and in turn, create effective solutions to prevent attacks.

Highly vigilant and detail-oriented to effectively detect vulnerabilities and risks and quickly identify concerns and implement real-time security solutions to solve and address issues and complications before they expand.

Up-to-date knowledge of information security risk management and cybersecurity technologies, methodologies, and trends in both business and IT.

Strong analytical and problem-solving skills with a proven ability to make decisions and lead through high- pressure, high-stress situations.

Strong track record of sound judgement and professionally handling highly confidential and sensitive matters.

A desire to learn and self-educate to stay current on best practices and emerging industry trends.