Information Security and Identity Manager
Click the Facebook, Google+ or LinkedIn icons to share this job with your friends or contacts. Click the Twitter icon to tweet this job to your followers. Click the link button to view the URL of the job, which then can be copied and pasted into an e-mail or other document.
Crystal Lake, IL 60012
Information Security and Identity Manager
Infrastructure & Security
Commensurate with experience
McHenry County College seeks a Information Security and Identity Manager to bring their cyber security expertise to our IT team. This is an exceptional opportunity to make a significant impact by developing a comprehensive security and privacy program for the state’s leader in community college enrollment growth and transformative programming that propels students to their next success.
McHenry County College is a comprehensive, public, Associate-degree granting institution located in Crystal Lake, Illinois. MCC is known throughout the community and the Illinois Community College System for its exceptional faculty and staff, the quality of its programs and services, and the success of its students. MCC welcomes, encourages, and supports the diversity of our students, faculty, and staff members and seeks to attract and retain individuals who reflect our diverse community.
The Information Security and Identity Manager provides expertise in all areas of cyber security. Primary responsibilities include performing advanced analytics, device manipulation and control in support of network security operations, as well as vulnerability and risk analysis to comply with standard cyber security frameworks. The Information Security Manager is also responsible for daily management and coordination of network intrusion prevention, monitoring of security controls, reviewing device and security logs for anomalies, and trends for forensic analysis correlation. The Information Security and Identity Manager is responsible for the development and delivery of a comprehensive security and privacy program for the College.
Chief Information Officer
Essential Functions and Responsibilities
- Develop, maintain, implement, and evaluate security policies, procedures, standards, systems, and procedures
- Develop and maintain a written information security plan and security architecture documentation
- Investigate possible violations of computer and network security.
- Coordinate response to security incidents.
- Develop procedures to ensure confidentiality, integrity, and accessibility of data and software. Work closely with IT infrastructure and enterprise application teams to identify and implement appropriate security procedures, software, and hardware
- Develop and implement procedures and guidelines for internal auditing of information security controls. Conduct or facilitate auditing procedures
- In conjunction with other IT staff, investigate, recommend, and authorize security tests or security scans (i.e. vulnerability, penetration) affecting information systems resources
- Evaluate proposed vendors, products, and processes for compliance with College policies (i.e. acceptable use policy)
- Manage and maintain the College’s digital identities through internal and external directory services and the processes that activate, deactivate, and synchronize those identities
- Monitor SIEM (Security and Incident Event Management) and enterprise security appliances related to host and network, intrusion detection and prevention systems
- Perform or coordinate the execution of external and internal penetration tests to detect system vulnerabilities, analyze data and security breaches, and perform incident response and forensic investigations
- Assure workstation and server security. Perform vulnerability assessment, patch validation, and participates in security risk assessment
- Assist with the containment, eradication, and prevention of incidents affecting the network environment
- Collaborate with college departments to integrate and maintain processes to ensure compliance with information security best practices within departmental operating procedures
- Coordinate the development and delivery of an information security awareness and literacy program for all college employees, other authorized users, and students
- Serve as information security risk management liaison to the College and make security recommendations to ensure that operations comply with contractual agreements and the law.
- Maintain an active ongoing testing program to evaluate security of College systems, networks, data, and departmental operating processes. Assist in identifying potential threats and respond to security violations by serving as the College-wide incident handler
- Participate in the planning and design of College-wide business continuity and disaster recovery strategies where appropriate
- Ensure that College data, system, and information security policies are followed in all third-party system implementations including projects originating outside the IT division
- Provide consulting services to all College staff on system, data, and information security issues.
- Provide recommendations addressing the physical protection of information security-related assets
- Remain informed of trends and issues in the information security industry, including current and developing technologies, emerging attack techniques, evolving best practice, and new regulations
- Work with other departments on campus to formulate and promulgate campus-wide effective practices and standards for security and access control to data and information systems
- Maintain and monitor College user digital identities and the systems used to control those identities
- Manage and synchronize identities in Azure, Active Directory, CAS, Shibboleth, LDAP and other identity services, and administer the flow of identity and security information between systems
- Manage and maintain the College’s security certificates
- Work collaboratively with others (e.g. colleagues, stakeholders, vendors) to accomplish functions and responsibilities
- Assume additional duties as assigned by immediate supervisor
Bachelor’s Degree from a regionally accredited institution in related field. An equivalent combination of education and experience considered.
Other Required Qualifications
- At least five years of experience in information security and information technology
- Experience in developing and administering an information security program
- Previous information security experience in a large Microsoft enterprise network environment
- Previous information security experience within higher education
SSCP, CISSP, CISA, MCSE, CCNA, PMP, Security + and/or ITIL certifications
Skills and Specifications
- Knowledge of and experience in the policy and regulatory environment of information security in higher education, computer security issues, requirements, and trends
- Understanding of network topology and security concepts
- Proficient in the use of network operating systems
- Ability to work independently and within a team to creatively solve complex problems in high-pressure situations
- Ability to communicate clearly and effectively in both verbal and written formats
- Strong organizational, administrative, and project management skills
- Strong conflict management skills
- Strong interpersonal skills, including the ability to provide outstanding customer service to all college stakeholders
- Excellent project management skills
- Responsible and self-directed
- Ability to lift 50 pounds unassisted
- Understand cryptographic technologies
- Proficient with REGEX expressions
- Ability to read, analyze and interpret common scientific/technical journals, financial reports and legal documents. Ability to respond to common inquiries or complaints from customers, regulatory agencies or members of the business community.
- Ability to work with mathematical concepts and to apply concepts to practical situations.
- Ability to apply principles of logical or scientific thinking to a wide range of intellectual and practical problems. Ability to deal with a variety of abstract and concrete variables.
- Ability to understand and analyze information security best practice and develop creative adaptions that support both the college’s mission and security objectives
- Excellent working knowledge of network security tools and applications such as system incident and event management (SIEM), anti-SPAM applications, network vulnerability testing, anti-virus/anti-spyware applications and other network monitoring tools
- A working knowledge of standards and experience implementing them such as ISO270001, NIST SP 800, PCI-DSS, SANS Top 20, and other information security best practice publications including applicable laws and regulations such as FERPA, HIPAA, HEOA, COPPA, Red Flag, etc.
- Excellent working knowledge of network security infrastructure such as firewalls, intrusion prevention and/or detection systems, routers, and switches
- A working knowledge of network- and computer-related forensic techniques, eDiscovery, and electronic data preservation
- Knowledge of business continuity and disaster recovery best practice as it relates to information security and information technology
- Thorough understanding of the latest security principles, techniques, and protocols in cyber security
- Understanding of troubleshooting, maintaining and performing computer related repairs and desktop application support
- Commitment and respect for diversity, equity, inclusiveness and the MCC Behaviors of Excellence
- Commitment to the College mission, vision, values, and goals
- Ability to perform all of the essential functions, skills, and specifications of the position
“MCC IS AN EQUAL OPPORTUNITY EMPLOYER COMMITTED TO DIVERSITY AND INCLUSION IN ITS COLLEGE COMMUNITY”
McHenry County College does not discriminate on the basis of race, color sex, national origin, or disability.
See Nondiscrimination Statement for details. http://www.mchenry.edu/nondiscrimination