We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results

Director of Information Security and Enterprise Analyst

Milwaukee Area Technical College
$90,000 - $115,000
United States, Wisconsin, Milwaukee
Oct 23, 2024
Under the general direction of the Chief Information Officer, plans, develops, and directs governance, information security, and operating models ensuring services and practices throughout the college support the confidentiality, integrity, and availability of the college's information. Further, the incumbent leads, develops, and guides development of security strategy, risk assessment responses, PCI compliance, information policy and procedures, and shares responsibility for business continuity planning. Directs security training programs for IT and college employees. Coordinates the response process for security incidents. Improves college's security posture and maintains knowledge of new and evolving security threats.

Characteristics and Duties:

  1. Responsible for complex security, privacy, and risk-related issues in information technologies. Evaluates risk and acts expeditiously in making decisions and recommendations
  2. Recommends and maintains knowledge of latest Security Management Frameworks and appropriate regulatory requirements (PCI, HIPPA, FERPA, etc.)
  3. Provides leadership to college-wide committees, policy-makers, administrators, and directs technical staff in analysis, discussion, and development of privacy and security policies, standards and practices
  4. Facilitate and direct college-wide efforts to streamline and improve internal and external reporting of information.
  5. Provides recommendations on the direction of the college in addressing network and computing security needs with regard to choice of hardware and software technologies, as well as commercial and open source software and internal vs. cloud-based services.
  6. Tests new and existing internal and external systems, including business continuity environment reviews.
  7. Monitors, configures and tests security systems and devices. These systems include firewalls, intrusion prevention/detection systems (IPS/IDS), network access control systems (NAC), network and vulnerability scanning systems, virtual private network access (VPN), Security Information and Event Management (SIEM) processing, server and web application firewalls (WAF), Patch Management, Anti-Virus/Malware and other security related systems.
  8. Develops cost/benefit analyses and plans, refines processes, and defines requirements for safeguarding data against accidental or unauthorized access, modification, destruction, or disclosure.
  9. Investigates and coordinates response to security incidents that occur at the college.
  10. Supports all security related audit and compliance efforts. Provides guidance, evaluation and advocacy on audit responses and remediation efforts.
  11. Sustains key relationships throughout the college as lead information security officer. Liaises with all internal stakeholders including Internal Audit, legal, administrative and academic units. Further, the incumbent must be experienced coordinating responses including Trustwave, PCI-DSS compliance, HIPAA compliance, Internal Audit, NIST and other security standards.
  12. Delivers training and promotes security awareness.
  13. Practices honesty by demonstrating a consistent and uncompromising adherence to strong moral and ethical principles, values, truthfulness and accuracy in all actions.
  14. Acts and speaks consistent with, and in support of, MATC's Mission, Vision, and Values.
  15. Addresses all student and employee behavior in a confidential and respectful manner.
  16. Performs duties as required for the effective information security activities and processes of the college.


Qualifications:

Required Education
:

  • Bachelor's degree in Information Security.


Preferred Education:

  • Master's degree in related field.


Required Experience:

  • Four (4) years of supervisory experience with direct knowledge of evolving state-of-the-art information security technologies, technology policy and security administration.
  • Direct experience in the specific technical areas of systems administration, applications development, database administration, network operations, and data center operations or any equivalent combination of experience and training.


Preferred Experience:

  • Five (5) years of related experience including previous experience in higher education or healthcare and substantial networking or database experience.


Preferred License/Certification:

  • Certified Information Security Systems Security Professional (CISSP) OR
  • Certified Information Security Manager (CISM).


Specialty Skills:

  • Supervisory role experience with the ability to analyze processes, delegate tasks, and oversee clerical and administrative staff in the completion of those tasks.


Competencies:

  • Business insight
  • Balances stakeholders
  • Resourcefulness
  • Drives results
  • Attracts top talent
  • Drives engagement
  • Builds effective teams
  • Drives vision and purpose
  • Manages ambiguity
  • Courage
  • Demonstrates self-awareness
  • Instills trust
  • Customer focus
  • Action oriented
  • Values differences
  • Self-development
  • Compassion


Knowledge, Skills and Abilities:

  • Strong technical understanding of a broad range of security concepts and countermeasures including workstation security, perimeter security, account management, application / database security, cryptography and network security.
  • Demonstrated track record of maintaining currency with technological trends and available security solutions in the marketplace.
  • Knowledge and experience with information and personal privacy policy and compliance laws, copyright and software piracy laws and security management frameworks.
  • Expertise in risk management approaches to assess and address security and other types of Information Technology-related risks.
  • Expertise in computer forensic investigation methodology and investigation tools to collect, analyze and preserve electronic evidence.
  • Experience and skill in developing and administering policy and procedure in a complex and decentralized environment.
  • Experience with information system auditing including computer security reviews, and evaluation of systems using a risk based approach.
  • Strong interpersonal and communication skills, plus the ability to achieve goals through collaboration, and cooperation.
  • Integrity and high standards of personal and professional conduct.
  • Ability to maintain confidentiality.


Physical Demands:

  • Ability to lift up to 25 lbs., carry, and push up to 30 lbs. and ability pull up to 60 lbs.
  • Ability to climb stairs and a ladder and maintain balance.
  • Ability to stoop, kneel, crouch, reach, hear and speak.
  • Sitting/Standing/Walking: 50% of time spent sitting, 25% of time standing, and 25% of time walking.



Applied = 0

(web-69c66cf95d-nlr4c)