Job Description
Description Summary The Cyber Security Manager is responsible for developing, implementing, and maintaining the organization's cybersecurity strategy, policies, and programs to protect information systems, networks, and data from cyber threats. This role oversees security operations, risk management, compliance initiatives, incident response, and security awareness training while ensuring alignment with organizational goals and regulatory requirements. The Cyber Security Manager works collaboratively across departments to strengthen the organization's security posture and ensure the confidentiality, integrity, and availability of institutional information assets. Knowledge & Responsibilities Essential Duties and Responsibilities include the following. Other duties may be assigned. Develop and maintain the organization's cybersecurity framework, policies, standards, and procedures. Lead the implementation of security initiatives aligned with business and compliance objectives. Conduct cybersecurity risk assessments and recommend mitigation strategies. Oversee daily security operations, including monitoring security tools, systems, and alerts. Oversee the management of endpoint protection, firewalls, intrusion detection/prevention systems, SIEM solutions, and vulnerability management tools. Coordinate regular vulnerability assessments and penetration testing activities. Ensure timely remediation of identified security vulnerabilities. Lead cybersecurity incident response efforts, including investigation, containment, eradication, and recovery. Develop and maintain incident response and disaster recovery plans. Coordinate communication during security incidents with leadership, and external stakeholders as appropriate. Conduct post-incident reviews and implement corrective actions. Ensure compliance with applicable laws, regulations, and standards such as:
FERPA HIPAA PCI-DSS NIST CIS
Controls State cybersecurity requirements Assist with audits and regulatory reporting requirements. Maintain cybersecurity documentation and evidence for audits and assessments. Supervise cybersecurity personnel, consultants, or vendors as assigned. Collaborate with IT teams to integrate security best practices into infrastructure and application development. Develop and deliver cybersecurity awareness and training programs for college employees and students. Respond promptly to emergency situations as needed, during and after normal business hours, to identify, assess and mitigate critical security issues. Advises the CTO and senior IT leadership on all cybersecurity issues, vulnerabilities and overall security strategies. Stay current on best practices and IT security trends to ensure appropriate products and standards are implemented to protect the college from vulnerabilities and unauthorized access. Coordinates with application development staff to ensure appropriate information security controls are integrated in software applications used by the College. Prepares briefing materials to present to college leadership concerning vulnerabilities, security exposures, risks and impact of each to the institution. Performs maintenance and configuration changes of the college's firewall, including VPN and site to site tunnels. Maintain a clean and safe work area. Replace tools and other service support equipment after use. Provide courteous and professional service. Maintains continuity binders. Enters solutions into Help Desk database. Performs other job-related duties as assigned in support of the College's goals and core values. Supervisory Responsibilities:
Directly supervises more than two but less than 10 employees. Minimum & Preferred Qualifications Qualifications:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Experience in Internet and network security products and platforms, including intrusion detection, intrusion prevention, incident response, vulnerability assessments and penetration testing. General understanding of industry standards and requirements for information security management, state and federal statutes and third-party security assessments. Ability to work effectively with college leaders and IT engineering, operations, and support staff. Demonstrated knowledge of information security alerts, threat trends, intrusion analysis, malware, anomalous behavior, forensic research and incident response protocols. Strong analytical, project management and team-oriented interpersonal skills. Proven ability to work under pressure in emergencies and communicate security-related concepts to technical and non-technical staff. Education Minimum:
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field required. Experience Minimum:
Minimum of 4 years of experience in cybersecurity or information security. Minimum of 2 years' experience in supervising and/or managing a security operations team to include incident response, and compliance initiatives. Experience Preferred Experience in higher education, government, or regulated industries preferred Additional Information Language Skills Ability to read and comprehend simple instructions, short correspondence, and memos. Ability to write simple correspondence. Ability to effectively present information in one-on-one and small group situations to customers, clients, and other employees of the organization. Mathematical Skills Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals. Ability to compute rate, ratio, and percent and to draw and interpret bar graphs. Reasoning Ability Ability to apply common sense understanding to carry out detailed but uninvolved written or oral instructions. Ability to deal with problems involving a few concrete variables in standardized situations. Knowledge, Skills, and Abilities Strong knowledge of cybersecurity frameworks and best practices. Experience with security technologies such as: Firewalls SIEM platforms Endpoint Detection & Response (EDR) Managed Detection & Response (MDR) Multi-factor authentication Identity and access management Cloud security tools Understanding of networking, operating systems, and cloud environments. Strong analytical and problem-solving skills. Excellent communication and leadership abilities. Ability to manage multiple priorities in a fast-paced environment. Ability to maintain confidentiality and exercise sound judgment.
