Job Details
**Job Location**
Will vary based on candidate selection, Various Colleges, North Carolina.
**Salary/Grade**
$95,000 - $110,000/EPA - Salary will commensurate based on education and experience **Benefits**
State of NC **Minimum Qualifications**
Bachelor's degree in computer science or a related IT field or related degree from an appropriately accredited institution and three years of progressive experience in IT security or closely related area including two years of supervisory experience; or Associate degree in computer science or a related IT field or related degree from an appropriately accredited institution and four years of progressive experience in IT security or closely related area which includes two years supervisory experience; or an equivalent combination of education and experience.
**Preferred Qualifications**
N/A
**Position Description**
***~THIS POSITION IS OPEN UNTIL FILLED~***
***~THIS POSITION IS FOR MULTIPLE VACANCIES~***
***~THIS POSITION IS EXEMPT FROM THE STATE HUMAN RESOURCES ACT (EPA) per GS 115D-3~***
The mission of the North Carolina Community College System is to open the door to high-quality, accessible educational opportunities that minimize barriers to post-secondary education, maximize student success, develop a globally and multi-culturally competent workforce, and improve the lives and well-being of individuals by providing:
* Education, training and retraining for the workforce including basic skills and literacy education, occupational and pre-baccalaureate programs.
* Support for economic development through services to and in partnership with business and industry and in collaboration with the University of North Carolina System and private colleges and universities.
* Services to communities and individuals which improve the quality of life.
The NCCCS is comprised of 58 community colleges serving 100 North Carolina counties and supported by the System Office located in Raleigh, NC.
This position reports to the Chief Information Security Officer (CISO) and is a member of the Information Security Office for the North Carolina Community College System (NCCCS) System Office. Information Security Officers will have assigned roles with multiple colleges. The number and location of the colleges will vary based on system or college needs, geographic location, and other determining factors.
Key areas of responsibility include, but are not limited to:
* Provide strategic and tactical cybersecurity leadership and counsel to the college CIO/IT leadership and key members of the college executive leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for a continuous improvement model for information technology security, while building relationships and goodwill.
* Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire institution in support of academic and administrative information systems and technology. Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements based on system-wide policies and standards.
* Advocate and support education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
* Stay abreast of information security issues and regulatory changes affecting higher education at the system, state, and national level.
* Work with college leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the college to effectively address state and federal statutory and regulatory requirements. Develop and support a strategy for cohesively dealing with audits, compliance checks and external assessment processes for internal / external auditors, FERPA, PCI, HIPAA, FISMA and other applicable standards.
* Support response to security incidents and act as the liaison to system and state resources, as needed, during significant information security incidents. Participate in Security Incident Response Teams (SIRT) as needed, or requested, in addressing and investigating security incidents.
* Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
**KNOWLEDGE/SKILLS/AND ABILITIES:**
* Demonstrated ability in problem solving, process improvement, and Project Management skills.
* Working knowledge of deploying, operating, and maintaining Enterprise and/or Local Information Security programs and controls in the public service sector.
* In-depth knowledge in the following information security areas: Security Governance and Management, Security Frameworks, Policies and procedures, and Federal, State Privacy Laws and regulatory guidelines including FERPA, HIPPA, PCI-DSS, NIST 800-53 and the CIS Controls.
* Thorough knowledge of application security controls and awareness of top security considerations for application development in the Software Development Lifecycle.
* Thorough knowledge of data security controls, including access control, auditing, and configuration best practices.
* Experience in risk management including vulnerability assessment, control assessment, likelihood determination and risk prioritization and demonstrated ability to conduct risk assessments, audits, and reviews.
* Working knowledge of network architecture and concepts, application architecture, and interoperability of these architectures with one another Network Protocols, Routers, and Switches skills.
* Extensive understanding of computer and network forensics, system and network security, incident management, intrusion detection, vulnerability and patch management, log analysis, and related technologies.
* Demonstrated ability to work well on collaborative, cross-functional teams. Solid interpersonal skills with ability to work effectively with people of all levels of information technology expertise with a wide range of constituencies and organizational relationships.
* Excellent communication skills; interpersonal, organizational, and analytical skills, written and verbal communications and experience with management presentations.
**PREFERENCES:
Ideal candidates will have higher education or public sector experience.**
To receive credit for your work experience and credentials, you must document on your application that you possess all the following:
* Knowledge of and experience with Federal cybersecurity regulations, standards, and frameworks (e.g.: NIST, CIS Controls, or ISO)
* Knowledge of and experience applying security control requirements for information security standards (e.g.: FERPA, HIPAA, PCI DSS, IRS 1075, or other federal compliance requirements)
* Demonstrated project management experience with cyber security program management, cyber exercise planning, incident response and monitoring, and security vulnerability/patch management
* Demonstrated supervisory experience leading a technical team in developing and transitioning cybersecurity capabilities
* Active security certifications (e.g.: CISSP, CISM, CEH, GCIA, GCIH, SANS, NSA IAM)