Director of Information Security

Responsible for security strategy, security program management, security policies, standards and best practices, and security awareness across the college community. As a member of the Information Resources leadership, this director will work in partnership with other Information Resources directors and individuals across the college and SUNY to assess security risks, establish operational strategies and to formulate best practices and policies for security.

Duties and Responsibilities: 

• Develop, implement and monitor a comprehensive enterprise information security program to properly monitor and protect information and assets of the college. Define and manage the information security incident response program, inclusive of policy and response processes and procedures.

• Ensure ongoing vulnerability assessments, penetration tests, and log/configuration audits on networks, systems and services to identify relevant security vulnerabilities. Assist in cost-effective remediation to address identified issues. Serve as the college contact for external information security assessments to ensure college compliance to state, federal and PCI-DSS security standards.

• Lead the incident response team in containment, remediation and reporting.  

• Establish and manage the ongoing information security awareness training program. Create and maintain a shared repository (website) of information security resources, including how-to-articles and other educational materials, to bolster end-user information security awareness and training.

• Evaluate, identify and report on information security risks for new and existing applications and services and suggest risk mitigation strategies.

• Establish standards and best practices for secure network and application architecture and development, and manage a program of assessment, defect tracking, and remediation. 

• In collaboration with the other Information Resources Directors, provide guidelines for security systems such as antivirus, patches, intrusion prevention and proactive threat monitoring. 

• Ensure monitoring and remediation of exploits identified by vendors and general information sites. 

• Advise technical staff regarding network and systems design best practices in order to enhance the inherent security of all relevant information systems.

• Maintain a cloud security questionnaire and vet all potential cloud service providers based on their responses and provide feedback to project partners related to potential cloud vendor’s information security standards.

• Serve as the college liaison to the SUNY Security Operations Center and Chair the college’s Information Security Committee.

Job Requirements:

• Must consistently demonstrate a high level of personal integrity, and the ability to manage confidential matters with professionalism.

• Use knowledge of computer forensic investigation methodology, investigation tools, and information system auditing; and ability to be self-disciplined to prioritize multiple projects and meet simultaneous and/or critical deadlines. 

• Must have the ability to learn quickly and adapt to changes in the industry; be familiar with security compliance requirements, such as PCI, FERPA, HIPAA, Sarbanes-Oxley, and Gramm-Leach-Bliley and; have the ability to communicate complex security decisions, situations and impacts with key stakeholders with different degrees of familiarity with technical and digital literacy.

• Consistently demonstrate commitment and ability to work with a diverse group of students, faculty, staff and other members of the campus community in support of department, college and university mission.

• Willingness and ability to understand and follow all college and university policies.

• Reports directly to the Associate Provost for Information Resources (CIO)

• Member of the Information Resources Director’s Council

• This position does not have direct reports

• Master’s degree in computer science, information systems management or related fields.

• At least 5 years of experience with state-of-the-art information security technologies, technology policy and security operations.

• Demonstrated experience with and knowledge of network security services such as firewalls, IDS, IPS, end-point protection; email security options and services, and; infrastructure and application vulnerability and scanning tools and services

• Experience managing confidential matters that require personal integrity, professionalism and appropriate independent judgment.

• Demonstrated experience using effective interpersonal and communication skills to relate, persuade, lead negotiate and/or express ideas in speaking and writing to convey security and risk-related concepts to technical and non-technical audiences.

• Certified Information Security Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or similar certifications 

• Experience working in a higher education or a research environment

The State University of New York College at Cortland is an Affirmative Action/Equal Employment Opportunity/Americans with Disabilities Act (AA/EEO/ADA) employer. The College actively seeks applications from women, veterans, individuals with a disability, members of underrepresented groups or anyone that would enrich the diversity of the College.