Salary: $82,731.00 – $126,000.00 Annually
Location : Youngstown, OH
Job Type: Professional Administrative
Job Number: 202300155
Division: Finance & Business Operations
Department: IT Security Services
Opening Date: 07/26/2023
Bargaining Unit Status: Excluded from Any Bargaining Unit
Salary Grade: H10
Full-time Equivalency: 1.0
Summary of Position
Provides strategic and direct leadership to the information security team related to operations, identity management, access management, security architecture, and engineering. Directs security activities including but not limited to incident response, eDiscovery, technology related research on security and emerging threats, security standards and associated compliance, risk management, business continuity, intellectual property protection, data leakage, audit findings, root cause analysis, and strategic security and strategic planning. Works collaboratively with administrative, academic, and IT to build a comprehensive program by facilitating information security governance, advising senior management on investments in technology and security practices, and designing appropriate information security and risk policies and procedures.
Position Information
Essential Functions and Responsibilities: Supervises employees; evaluates staffing needs; assigns and reviews work; establishes timeframes for the completion of tasks; trains and orients new employees; approves and/or disapproves requests for leaves; interviews candidates for employment and recommends for hire; evaluates work performance; receives and responds to grievances; provides assistance with the development of unit work procedures and policies; recommends and provides staff development opportunities. Performs daily direct management and director level leadership for the information security team.
Develops a Cyber Security Strategy that conforms to the University risk management and IT governance frameworks. Executes on this strategy to develop a security technology roadmap. Serves as the risk, compliance, and regulatory security officer for the university.
Coordinates the University’s IT Incident Response Team and facilitates project management on security related efforts; directs and assists lower-level data security team members with installation and maintenance of security management devices, software, and controls including firewalls, IDS/IPS appliances, vulnerability management tools, BYOD authentication devices, email filtering and regulatory compliance, and the use of forensic tools. Develops detailed work plans, schedules, resource plans, and implementation for recurring internal penetration tests; participates in long-range planning, provides input for purchasing, designing, and installing security services. Oversees coordination of threat and vulnerability assessments and other Information Security related audits; investigates and analyzes security events related to campus networks and servers; initiates independent actions to alert management as outlined in the incident response plan; liaises with external 3rd party pen testers as required for external penetration testing.
Establishes configuration guidelines in association with the Information Technology Steering Committee and the University Information Security practices/policies and implements as appropriate. Prepares and maintains documentation of configurations, system processes, and audit trails of security events. Assists in University’s Payment Card Industry (PCI) compliancy, HIPAA, GLBA, GDPR, NIST 800.171 certification. Meets with University departments and technology staff to assure Family Education Rights and Privacy Act (FERPA) compliance. PCI compliance and any additional applicable industry, State, or Federal regulations are considered when developing information security practices. Assists with corrective procedures to maintain compliance. Tracks and maintains maintenance agreements with vendors for security related devices. Assists legal counsel with gathering and processing of data regarding litigation and public information requests as well as legal holds and incident investigation. Evaluates the University’s Information security, disaster recovery, and business continuity need and recommends improvements.
Confers and meets with users, vendors, and/or others to exchange information, resolve problems, and/or coordinate operations. Attends meetings, represents supervisor in meetings with customers, vendors, and outside contractors, and provides expert advice to management personnel. Collaborates with Procurement Services to obtain applicable reports, audits, and documentation to support business decisions for purchases as they relate to the information security posture of the University. Prepares postmortem or executive summaries regarding security incidents. Directs and assists lower-level data security team members with the installation, upgrade, testing, and maintenance of network security equipment and related software, computers, and infrastructure devices. Works closely with University community to discuss and resolve problems, establish future directions, and promote Information Security. Works with independent contractors, consultants, and supervisor on issues related to IT.
Conducts regular benchmarking, evaluation, and self-directed audits of Information Security Program while providing results to Senior Leadership and the Board of Trustees.
Conducts security vulnerability assessments and penetration testing. Maintains a working knowledge regarding new technology. Attends training classes as required. Communicates changes/events to team members, affected IT staff, and end-users.
Acts as a trusted advisor and strategist for the information security program and University departments while promoting and relationship builder for campus and community users.
Understands and promotes the use of Artificial Intelligence technologies to advance the University’s Cyber Security position.
Other Functions and Responsibilities: Performs other related duties as assigned.
Equipment Operated: Computer and all other standard office equipment.
Work Schedule: Typically, Monday through Friday.
Supervision Exercised: May exercise supervision over student employees.
Reports to: AVP and Chief Information Officer
Qualifications and Competencies
Required Certifications, Training, and/or Licensures: Certified Information Systems Security Professional (CISSP) Certification.
Knowledge, Skills, and Abilities:
Knowledge of: University policies and procedures*; office practices and procedures; department/division goals and objectives*; department/division policies and procedures*; workplace safety practices and procedures*; English grammar and spelling; records management; office management; project management.
Skill in: Interpersonal, verbal, and written communication; preparation of written and on-line documentation; organizational; use of office equipment; typing, data entry; computer operation; use of computer software and other programs applicable to the assigned department/division*.
Ability to: function as a self-directed learner; display a customer-service focus; stay motivated and exhibit strong interest in contributing to the success of the University; work as a confidential resource occasionally being exposed to inappropriate, offensive, or objectionable content; work collaboratively in teams and work on simultaneous projects; work under pressure to meet hourly, daily, weekly, and monthly deadlines without direction and make good judgment decisions; identify needed action without direction; deal with problems involving several variables within familiar context; define problems, collect data, establish facts, and draw valid conclusions; determine material and equipment needs; calculate fractions, decimals, and percentages; compile and prepare reports; use proper research methods to gather data; understand a variety of written and/or verbal communications; prepare accurate documentation; maintain records according to established procedures; travel to and gain access to work site; effectively interact with personnel and public to answer routine questions; train or instruct others; move quickly and effectively from one tasks to another; work independently and in a team environment; develop and maintain effective working relationships.
(*) Developed after employment.
Minimum Qualifications: A bachelor’s degree in a related field and three years of experience in network security or a related field.
Preferred Qualifications: A master’s degree in a related field, MBA, or CISM; demonstrated experience in penetration testing technologies, the use of firewall solutions and vulnerability detecting solutions, the use of forensic tools and eDiscovery procedures; demonstrated systems analysis skills, project management, and experience implementing and supporting new data security technologies; experience in supervision of professional and clerical staff; self-directed learner, and customer-service oriented; must be motivated and have strong interest in contributing to the success of the University.
At Youngstown State University we are committed to a comprehensive employee benefit program that helps our employees live healthy, feel secure, and maintain a work/life balance. YSU offers two options for medical plans, optional dental and vision insurance and life insurance. These plans are reviewed annually to maintain competitiveness while being cost effective. In addition, YSU offers tuition remission, 403(b) and 457 retirement planning options, as well as state pension programs and optional voluntary life insurance benefits.
Medical Mutual of Ohio Medical plans
Dental Benefits
Vision Benefits
Group Life Insurance (University Sponsored and Voluntary)
Group Long Term Disability (University Sponsored and Voluntary)
Flexible Spending Account
Health Savings Account
Tuition remission
Employee Assistance Program
Wellness Initiatives
Sick Leave
Vacation Accrual
Paid Holidays
State Retirement Programs
403b and 457b Voluntary Retirement Options
01
What is the highest level of education that you have attained?
- Did not complete high school.
- High school diploma/GED or equivalent
- Some college
- Associate’s degree
- Bachelor’s degree
- Master’s degree
- Doctoral degree
- Post doctoral degree
- Juris doctor degree
02
Do you have at least three years of experience in network security or a related field?
- Yes
- No
03
Please describe your related experience.
Required Question