Manager of IT Security at None

Position Overview
The Manager of IT Security is responsible for developing, implementing, and managing the college’s information security program. This role will build and grow the IT security team, oversee daily security operations, and lead efforts to modernize and secure the college’s environment. The manager owns Disaster Recovery and Business Continuity planning, ensures compliance with regulatory requirements, and strengthens defenses against cyber threats. While primarily focused on leadership and program oversight, the Manager of IT Security remains hands-on when needed to support critical security functions. This position also presents future opportunities for growth into a director-level role as the university’s security program matures.

Key Responsibilities

Team Leadership & Program Development

• Build and lead the IT Security team, defining roles and responsibilities as the program grows.
• Supervise, mentor, and develop security staff, fostering a culture of accountability and continuous learning.
• Partner with IT leadership to integrate security into all technology initiatives.

Security Operations & Monitoring

• Oversee daily security operations, including monitoring, threat detection, incident response, and remediation.
• Stay hands-on in configuring, monitoring, and tuning security tools and infrastructure.
• Act as the escalation point for significant security incidents or breaches.

Policy, Compliance & Risk Management

• Develop, implement, and enforce IT security policies, standards, and procedures.
• Conduct regular risk assessments, vulnerability scans, and penetration testing.
• Ensure compliance with regulatory frameworks such as FERPA, HIPAA, PCI-DSS, and GLBA.
• Maintain strong relationships with auditors and compliance officers.

Disaster Recovery & Business Continuity

• Own the college’s Disaster Recovery (DR) and Business Continuity (BCP) program.
• Conduct risk analyses and develop recovery strategies for critical systems and data.
• Lead regular testing of DR/BCP plans and update them based on lessons learned.

Infrastructure Security & Modernization

• Secure networks, servers, endpoints, labs, AV/classroom technology, and cloud services.
• Lead modernization projects such as multi-factor authentication (MFA), single sign-on (SSO), endpoint protection, and SIEM/logging improvements.
• Collaborate with other IT managers to embed security in system design, procurement, and operations.

Awareness & Training

• Develop and deliver security awareness programs for faculty, staff, and students.
• Train IT staff on technical security best practices and incident response procedures.
• Promote a culture of security across the college community.

Metrics, Reporting & Continuous Improvement

• Define and track security KPIs and incident response SLAs.
• Establish feedback loops to measure awareness and system resilience.
• Provide regular reports to the CIO on security posture, incidents, and program progress.

Budget & Resource Input

• Monitor security-related expenditure and technology investments.
• Provide budget recommendations to align resources with security priorities.
• Identify cost-effective solutions to strengthen the security environment.

Qualifications

• Bachelor’s degree in information technology, Cybersecurity, or related field (or equivalent experience).
• 5+ years of IT security or related experience, with at least 2 years in a supervisory or lead role.
• Strong understanding of security frameworks (NIST, ISO 27001, CIS Controls) and compliance requirements (FERPA, HIPAA, PCI-DSS, GLBA).
• Hands-on experience with firewalls, IDS/IPS, SIEM tools, vulnerability scanners, and endpoint protection.
• Experience leading disaster recovery and business continuity planning.
• Strong leadership, communication, and problem-solving skills.
• Higher education or similar environment experience preferred.