Position Overview & Job Duties
Under general direction of the CISO & Director of Information Security, the Manager of Information Security provides leadership for centralized, enterprise-level technology service delivery of information security systems and services. Understands the business strategy of enterprise-wide business and IT management, security, infrastructure and operations, disaster recovery, incident response, and works with teams to define security requirements. Ensures the area’s technological level remains up to date, defines standards, and implements new procedures and techniques. Participates in the strategic planning for the Office of Information Technology. Supervises and provides functional direction to assigned staff and student employees. Establishes team goals and objectives. Effectively collaborates across technology teams and business units through excellent communication skills, diplomacy and a positive attitude.
Responsible for activities involving the planning, development, administration, management and support of university information security operations. Manages and leads teams of system engineers, administrators, and third-party systems integrators. Assists with the management of UCO’s disaster recovery (DR) program. Directly leads and manages the University’s information security incident response team including security incident investigation, mitigation, and managing the adoption of UCO’s information security program.
- Serves as UCO’s Information Security and Incident Response Manager.
- Manages security audits, vulnerability and threat assessments, and directs responses to network or system intrusions.
- Provides leadership, guidance, and training to information security personnel.
- Conducts on-demand and scheduled vulnerability assessments and penetration testing.
- Prepares and presents reports to management regarding scans, RCAs, and provides recommendations to management on information security matters.
- Leads and manages system upgrades, rollouts and implementations, developing workflows, documenting processes, developing policies and ensuring they are followed.
- Manages professional staff and daily operations, provides technical expertise to staff supervised, and resolves problems escalated to the Manager level.
- Develops work plans, goals and objectives in relation to staff activities to ensure service delivery and alignment with OIT priorities.
- Monitors, analyzes and reports on the progress of service delivery; takes a customer-centric approach to problem solving; solicits customer feedback to improve service; and responds to customer needs.
- Assesses, identifies and recommends innovative solutions that provide continuous improvement in the organization.
- Creates and maintains documentation including diagrams, operational and support procedures. Documents all communication activities pertaining to plans and/or incidents.
- Performs other duties as assigned.
Qualifications / Experience Required
Bachelor’s degree in job related field plus 5+ years of work experience or equivalent combination of education and experience. Requires work experience with leading, planning, including program development and innovation, program prioritization, and assessment. Appropriate professional accomplishments and credentials.
- Possess and maintain current information security certification or other industry security certification such as but not limited to: CISM, CISSP, CISA or equivalents.
- Experience conducting security audits, investigations, and vulnerability assessments.
- Experience implementing, industry controls related to regulatory frameworks including but not limited to: FERPA, GLBA, PCI-DSS, GDPR, HIPAA, CCPA, FISMA, COBIT, NIST, and CIS.
- Experience managing network security appliances including IDS, IPS, firewalls, and identity management solutions.
Qualifications / Experience Preferred
- Working knowledge of the NIST framework.
- Advanced networking experience and certifications such as CCNP Route & Switch or Security are highly desired.
- 5+ years of experience securing large enterprise systems.
- Previous experience in large enterprise systems delivery with leadership or managerial role.
- Experience with VMware, UCS, and SAN environments.
- Experience in higher education
Knowledge / Skills / Abilities
Excellent verbal, written, organizational skills, and ability to interface directly with executive level staff. Must possess strong customer service and interpersonal skills; maintain courteous attitude in dealing with students, faculty, and staff. Strong analytical, organizational, and collaboration skills. Solid communication and presentation skills. Ability to effectively communicate including reading, writing, speaking, and understanding English to a wide range of needs and audiences; ability to explain technical terms in everyday language. Ability to work well under pressure. Ability to work independently or with specialized group. Ability and willingness to complete several concurrent tasks in a fast-paced, detail-oriented, multi-tasking environment. Continually updates skills and knowledge relative to the position and the technology industry. Adheres to and complies with UCO’s shared values and the Office of Information Technology’s Code of Ethics. This position is on-call 24x7x365 and requires the successful candidate to have high-speed internet access to their residence and maintain a smart phone on which to receive telephone calls, email, SMS messages from servers and authorized OIT personnel.
Physical Demands
Reasonable accommodations (in accordance with ADA requirements) may be made, upon request, to enable individuals with disabilities to perform essential functions.