at McHenry County College in Crystal Lake, Illinois, United States
Job Description
Work Week
Monday-Friday, 40-hour work week. Position may require additional hours during the evening or on weekends.
Position Summary
The Information Security Officer provides expertise, advice, and leadership in all areas of cyber security. The primary responsibilities of the ISO include leading incident response efforts, assisting in formulating, maintaining, enforcing, and reviewing information security policies and procedures, and performing advanced analytics, device manipulation and control in support of information security operations.
The Information Security Officer is responsible for daily management and coordination of network intrusion prevention and other security systems, monitoring of security controls, reviewing device and security logs for anomalies, and identifying trends for forensic analysis correlation. The Information Security Officer is responsible for the development and delivery of a comprehensive security and privacy program for the College.
Essential Job Functions and Responsibilities
Develop, maintain, implement, and evaluate security policies, procedures, standards, systems, and procedures.
Define objectives, set priorities, and perform technical duties the drive successful project completion and response efforts that align with the College's strategic goals.
Collaboratively develop and maintain an information security program and conduct necessary actions to drive the adoption of the program's requirements and recommendations College-wide.
Coordinate response to security incidents, including leading and directing people to take specific mitigating actions.
Provide guidance and leadership as part of the incident response team. Assist with the containment, eradication, and prevention of incidents affecting the networking and computing environment.
Investigate possible violations of computer and network security.
Develop procedures to ensure confidentiality, integrity, and accessibility of data and software. Work closely with IT infrastructure and enterprise application teams to identify and implement appropriate security procedures, software, and hardware.
Develop and implement procedures and guidelines for internal auditing of information security controls. Conduct or facilitate auditing procedures.
In conjunction with other IT staff, investigate, recommend, and authorize security tests, penetration tests, and security scans affecting information systems resources. Manage the efforts to address any vulnerabilities reported by scans or tests as the College-wide incident handler.
Evaluate proposed vendors, products, and processes for compliance with college policies
Monitor SIEM (Security and Incident Event Management) and enterprise security appliances related to host and network, intrusion detection and prevention systems
Assure workstation and server security by leading or performing vulnerability assessments, patch validations, and security risk assessments.
Collaborate with college departments to integrate and maintain processes to ensure compliance with information security best practices within departmental operating procedures. Provide consulting services to all College staff on system, data, access, control, and information security issues.
Coordinate the development and delivery of an information security awareness and literacy program for all college employees, other authorized users, and students.
Serve as information security risk management liaison to the College and make security recommendations to ensure that operations comply with contractual agreements and the law.
Provide recommendations addressing the physical protection of information security-related assets
Participate in the planning and design of College-wide business continuity and disaster recovery strategies where appropriate.
Ensure that College data, system, and information security policies are followed in all third-party system implementations including projects originating outside the IT division.
Remain informed of trends and issues in the information security industry, including current and developing technologies, emerging attack techniques, evolving best practice, and new regulations.
Manage and maintain the College's security certificates.
Work collaboratively with others to accomplish functions and responsibilities.
Assume additional duties as assigned by immediate supervisor.
Required Qualifications
Bachelor's degree from a regionally accredited institution in Computer Science or related field; equivalent combination of education/experience may be considered
"MCC IS AN EQUAL OPPORTUNITY EMPLOYER COMMITTED TO DIVERSITY AND INCLUSION IN ITS COLLEGE COMMUNITY"
McHenry County College does not discriminate on the basis of race, color sex, national origin, or disability.
See Nondiscrimination Statement for details. http://www.mchenry.edu/nondiscrimination
