Manager of Information Security Monitoring



MANAGER, INFORMATION SECURITY MONITORING

Summary :

Rowan University seeks to appoint a manager to lead the Information Security monitoring program for the division of Information Resources & Technology (IRT). IRT is responsible for the University’s information technology and applications, information security, data integrity, systems-related compliance, and reporting. Along with the University, IRT has grown extensively in recent years and we are continuing to mature our Information Security monitoring program for the University across both on-premise and cloud-based services.

This position will serve as the manager responsible for the university’s information security monitoring program and will report to the Director of the Information Security Office. The manager will lead the university-wide information security monitoring program, ensuring IT activities, processes, and procedures meet defined monitoring requirements, policies and regulations. The manager should have the necessary experience to provide guidance to management and to effectively work with faculty, staff and students for any awareness programs and related processes to improve our overall security posture. The manager will thrive in this position if they have prior expertise implementing and configuring security tools and applications, and the ability to drive the information security monitoring program towards maturity by creating repeatable processes and utilizing metrics for improvement.

Job Duties :

  • Adapt information security monitoring strategy to incorporate and address emerging technologies and risks
  • Propose and implement improvements for the performance, reliability, or security of services in accordance with industry standard methodologies
  • Participate in the design, implementation, troubleshooting, and maintenance of various applications and services utilized for information security monitoring at the University
  • Manage any external Managed Security Services Providers involved with providing security monitoring services
  • Collaborate with the Internal Audit department on required security assessments and audits by coordinating and tracking resolution of all information technology and security related audit findings
  • Develop and maintain security certification policies and standards as needed, including the periodic security certification reviews of systems and technology as well as coordinating the remediation of all security certification and risk finding issues
  • Promote university awareness of information security policies and programs through the creation and maintenance of security awareness programs that are engaging, intuitive to use and mitigate risks to our University
  • Tailor information security training, education, and awareness programs to policy and compliance objectives (e.g., HIPAA, FERPA, PCI)
  • Maintain and improve the effectiveness of existing information security training, education, and awareness programs/activities utilizing appropriate metrics to measure engagement, behaviors, and impact of our security awareness training programs
  • Other information security duties as assigned


Requirements :

  • Bachelor's degree or equivalent years of related professional work experience
  • Certification from ISACA (e.g. CISA, CISM), (ISC)² (e.g. CISSP, SSCP) or SANS (e.g. GSEC, GMON) or equivalent security training required
  • At least 3 years of continuous professional work experience in an information security position supporting or managing an information security monitoring program in an organization
  • Experience with implementing and monitoring controls defined in frameworks such as NIST Cybersecurity Framework (CSF), CIS Controls, NIST 800-53, NIST 800-137
  • Experience with Governance, Risk and Compliance (GRC) programs such as OneTrust, RSA, ServiceNow to apply knowledge of information security and risk mitigation principles, theories, and techniques in daily work
  • Consultative work style that supports successful initiatives with all levels of management and customers across organizational boundaries
  • Experience with presenting to audiences of different skill levels and leadership levels on topics related to Information Security and strong written and oral communication skills with the proven ability to develop senior management briefings
  • Experience or familiarity with integrating platforms using vendor-provided APIs to orchestrate routine tasks
  • Beginner to moderate knowledge of SQL to aid with data aggregation and reporting
  • Beginner to moderate knowledge of programming languages (e.g. Python, PowerShell) to aid with automation of routine tasks and processes


Preferred :

  • Experience working with and using one (or more) of the following platforms:
    • Vulnerability Management: e.g. Tenable, Rapid7, Qualys
    • Monitoring & Logging: e.g. Splunk, LogRhythm, AlienVault
    • Cloud Access Service Broker (CASB) platforms and monitoring of cloud computing environments e.g. McAfee, Microsoft, Netskope
  • Experience working with and responding to security incidents
  • Familiarity with Identity and Access Management technologies including Single Sign-On and Federated Services
  • Familiarity with entry level database management tasks on database servers e.g. MySQL, SQL Server, Oracle
  • Candidates with the following job titles or experience in the following job roles are encouraged to apply:
    • Security Engineer
    • Security Analyst
    • Security Manager
    • Cyber Analyst


Advertised: Jan 11 2021 Eastern Standard Time
Applications close: Feb 8 2021 11:55 PM Eastern Standard Time

Similar jobs

Similar jobs