Deputy Director of Cyber and Endpoint Security (Flexible Hybrid to Mainly Remote Schedule) - Repost

Job Description

Under the direct supervision of the AVP of IT Infrastructure Services / Chief Information Security Officer, the position is a hands-on operational and cyber systems and engineering role with a primary focus on maintaining the confidentiality and integrity of the institution's information and systems through effective cyber security operations, cyber safety awareness programming, data privacy and protection, and the policies, procedures, and practices designed to address the information security threats facing FIT.

The position will be responsible for the operational mandate of the FIT CISO Office via direct action, leveraging IT divisional staff, software-as-a-service SAAS 3rd party assistance, and / or internal coordination / collaboration with various other college units and stakeholders.

Responsibilities & Essential Functions :

Leadership & Operations - Perform the designated daily operational tasks (leadership, technical, system support, engineering, logistical, and administrative) of the CISO Office.

Maintain the current cyber security (monitoring, hardening, incident response, etc.) and cyber safety programs (white hat phishing, newsletters, endpoint protection, etc.

Oversee vulnerability management. Monitor FIT's information security infrastructure for detection and prevention of unauthorized use / access.

Assist the CISO in leading the "continuous improvement" infrastructure and architecture "hardening" program. Assist with / maintain risk assessment, defect tracking, and remediation for FIT's architecture and infrastructure.

Evaluate / identify cyber security risks for new and existing systems and services and suggest mitigation strategies. Perform / assist with 3rd party vendor / product reviews.

Manage the security awareness training program to continue to raise cyber security awareness. Perform and / or oversee system administration and vendor management for information security-related applications, products, tools, and services.

Performance - Take initiative to drive performance and results. Contribute to a collegial team environment. Promote continuous learning of cyber security standards and policies throughout FIT.

Promote continuous process improvement.

Environment / Maintenance - Maintain the cyber security and endpoint security environment, working with internal teams and 3rd parties.

Develop / implement new cyber or endpoint technology. Investigate problems; fix defects. Manage / support patches and upgrades.

Administer the cloud-based intrusion detection and prevention solutions with the FIT Google domain. Monitor / report on industry trends / technologies / standards.

Review / recommend new versions / systems / modules for implementation. Execute on approved roadmap prioritized by the CISO.

Develop / implement technology and develop / update SOPs / best practices as directed by the CISO.

Project / Client Support - Provide project leadership. Work to resolve any system outages related to cyber security. Provide support to the IT Staff as a senior level cyber leader.

Handle Tier 1,2,3 cyber tickets.

Incident Management - Operate the cyber security incident response program. Oversee monitoring and remediation of identified vulnerability exploits.

Be on-call as needed to respond quickly to incidents.

• Compliance & Auditing - Assist the CISO in their role of information-related compliance officer for FIT. Oversee / conduct assessments / audits to ensure compliance to NIST or ISO standards.
• Strategic Planning & Roadmapping - Support the CISO on the execution of goals within areas of responsibility. Maintain awareness of relevant technological solutions and the evolving threat landscape to anticipate risk based on threat trends, the cyber marketplace, current regulations.

Assist the CISO with planning and strategic roadmapping.

• Training - Orient / train / crosstrain / mentor or assist in training stakeholders related to cyber security, cyber awareness, and endpoint security.
• Documentation - Develop / write / publish cyber-related documentation for the CISO Office to facilitate supportability and knowledge transfer within the college for existing, reconfigured, or new systems and services.

The position will work within a high-paced, collaborative environment that includes emergency incidents. Work may be team / project work or independent, across multiple locations, and at times include irregular hours and / or on-call requirements.

The preceding description is not designed to be a complete list of all duties and responsibilities required of the position;

other duties may be assigned consistent with the classification of the position. For detailed tasks and work instructions, .

Requirements : Education :

Education :

• University degree in Information Security, Computer Science, Information Systems, Enterprise Applications, Information Architecture, Engineering, Networking, or a related field from an accredited academic institution.
• Master's degree in one of the above or related fields is preferred.

Experience :

Minimum of three years of relevant professional experience working within an information security / IT risk functional area, preferably with several years at a higher education institution.

Demonstrated experience maintaining a cyber secure environment (of systems, servers, tools, service, endpoints and other smart devices)in partnership with IT owners, including but not limited to : Vulnerability scanning and response / remediationAnti-Phish and other endpoint security operations and responseSecurity configurations / settings managementSecurity patch oversight Assessments (NIST) and testing (pen tests)Security repositories (documentation, SOPs, tracking sheets, configuration standards / default settings, etc.)

Proven experience delivering technical and educational cyber security and safety guidance to a variety of stakeholders and collaborating with business stakeholders in the event of cyber events and incidents.

Knowledge :

• Knowledge of the following security technologies : Network security services such as firewalls and web application firewalls WAF , intrusion detection IDS and intrusion prevention IPS systems, and end-point protection;
• Email security options and services (preferably GMail);Infrastructure and application vulnerability and scanning tools and services;

MDR / XDR productsDDOS productsAnti-virus productsEndpoint protection tools / protocols Security Incident Response protocols (methods to detect and respond to threats)Application and system lifecycle securityAnd cyber security vendor review procedures of both commercial / 3rd party and internally-developed software applications

• Working knowledge of Microsoft Active Directory implementations
• Working knowledge of Microsoft Windows operating systems
• Working knowledge of Apple / Mac operating systems
• Working system administrator knowledge of Google Workspace

Skills :

Cyber Security Certification - Industry certification in at least one of the following areas is required : Certified Information Systems Security Professional CISSP ;

Certified Information Security Manager CISM ;or Information Systems Security Management Professional ISSMP .

Excellent communication, interpersonal, teamwork, collaboration, problem-solving, critical thinking, and troubleshooting skills.

Abilities :

• Ability to work under minimal direction, on multiple projects, and under tight project deadlines; lead or assist with emergency support as directed by the CISO.
• Ability to deliver optimal IT security solutions within defined resource parameters.
• Ability to develop IT information security policies and procedures when needed.
• Ability to use endpoint management tools like KACE, JAMF, GPO, and the like.
• Ability to take initiative and drive high levels of performance management.
• Ability to plan work, anticipate risk, and set goals within own areas of responsibility.
• Ability to promotes continuous learning and continuous process improvement.
• Ability to master subject matter
• Ability to work effectively with all clients and stakeholders to strike the proper balance between information security and the mission of FIT.
• Ability to teach and train other staff members on cyber security and cyber safety / awareness principles.
• Ability to contribute to a collegial team environment.
2 days ago