IT Computer Sys Mgr 3 - Lead Security Engineer **GENERAL DUTIES** I.T. Computer Systems Managers manage and direct an Information Technology area at a College or University level. They set policies and procedures, direct technical staff, and maintain responsibility for administrative as well as technical issues within their assigned area(s) of responsibility. They may manage major and/or large, complex information systems activities and/or manage a unit or group. This job is in CUNY's Classified Managerial Service. The full specification is available on our web site at http://www.cuny.edu/about/administration/offices/ohrm/hros/classification/ccsjobs.html **CONTRACT TITLE** Computer Systems Manager **FLSA** Exempt **CAMPUS SPECIFIC INFORMATION** Medgar Evers College (MEC), a nationally recognized leader in urban-serving education, is one of twenty five colleges within the dynamic City University New York (CUNY) System. Named for the late civil rights leader, Medgar Wiley Evers (1925-1963), the College's mission is to develop and maintain high quality, professional, career-oriented undergraduate degree programs in the context of liberal education. Located in Central Brooklyn, MEC was established in 1970 with a mandate to meet the educational and social needs of the Central Brooklyn community. The College is committed to a student-centered education and advancing knowledge through scholarly research. Under the general supervision of the Chief Information Officer and exercising independent initiative and judgment, the Lead IT Security Engineer will manage the Medgar Evers College Office of Information Technology (OIT) Security Teams and may manage other infrastructure groups. They will design, coordinate, and implement technical and procedural security initiatives. He will develop, analyze, and refine the College's information security protocols and technologies; maintain the College's information security infrastructure; ensure effective responses to information security threats and incidents; develop long- range goals for strategic IT security plans; maintain up-to-date knowledge of regulations governing security initiatives in academia; conduct security monitoring, assessments, and audits; and promote awareness of information security best practices to the college community. The Lead IT Security Engineer is expected to take a hands-on approach, leading proactive vulnerability assessments and the implementation of effective procedures and technical safeguards to mitigate information security risks. In fulfilling his or her duties, they will collaborate with other OIT units, including Networking and Systems, IT Operations, User and Instructional Support Services, Application Services, and Business Services. They will also confer with college executives, faculty, staff, students, and contractors on information security-related matters and special projects. The successful candidate will be expected to: -Lead and manage the campus incident management response and procedures by providing accurate, comprehensive, and timely communication of each incident's containment, reporting assessment, investigation, and correct problems while taking actions that can prevent future incidents. -Manage, implement, and maintain campus security operations platforms such as IPS/IDS, firewalls, VPN, perimeter switching/routing, system monitoring logs, and other security appliances and platforms to strengthen defenses and optimize campus security. -Lead, develop and implement a continuous regiment of vulnerability scans and penetration tests and adopt measures to address security deficiencies effectively and to optimize threat detection. -Review and analyze the configuration of network and systems security architecture, procedures and technologies (e.g. IPS/IDS, firewalls, server/host protection, network access control, and encryption) and provide ongoing recommendations for achieving optimal security and performance. -Develop, implement, maintain, and test access controls necessary to protect network perimeter, host systems, software applications, and sensitive data in accordance with security requirements (e.g. FERPA, HIPAA, PCI-DSS privacy requirements and university data retention and destruction policies) -Develop and integrate secure college-wide identity management and access control technologies, including password management, directory services, single sign-on, two factor authentication, digital signatures, smart cards, biometrics, PeopleSoft security access provisioning, etc. -Develop and promote effective information security awareness training and educational resources for the college community. -Orchestrate IT Security-related projects from inception through implementation to ensure timely and effective completion in compliance with established security protocols and best practices. -Design, implement, and manage a comprehensive strategic information security and IT risk management program that ensures to mitigate of system vulnerabilities and reduce attack surface vectors identified through risk assessment and threat modeling. -In collaboration with college executives and IT managerial staff, generate quarterly security compliance attestation report documenting security risks and recommendations. -Review, recommend, and drafts policies, procedures, standards in accordance with overall university policy and evolving industry best practices. -Participate in university information security meetings and lead internal Information Security Task Force, which is comprised of IT managers and the Information Security Office **MINIMUM QUALIFICATIONS** Six (6) years of progressively responsible full-time paid information systems technology experience,at least eighteen (18) months of which shall have been in an **administrative or managerial capacity** in the areas of computer applications programming, systems programming, information systems development, data telecommunications, data base administration or a closely related area. Education at an accredited college or university may be substituted for the general information systems technology experience at the rate of one (1) year of college for six (6) months of experience up to a maximum of four (4) years of college for two (2) years of experience. In addition, a master’s degree in computer science or a closely related field from an accredited college or university may be substituted for an additional year of the general information systems technology experience. However, all candidates must possess the eighteen (18) months of administrative or managerial experience described above. Experience in an **administrative capacity** must include, but is not limited to, responsibilities such as: monitoring an IT budget; reviewing and approving IT procurement and invoice payments; reviewing and approving contracts with vendors; monitoring and approving IT projects; setting standards and best practices; risk evaluation (e.g., security, reputational, operational); organizational development; chairing or participating in IT Governance and Advisory committees; and/or overseeing vendor relationship management. Experience in a **managerial capacity** must include, but is not limited to, responsibilities such as: strategic planning for an office/division; creating and implementing policies; setting standards and best practices; defining and documenting project scope; root cause analysis with recommendations; collaborating with other managers and executives to define future state of IT program; and/or forecasting. The following types of experience are **not** acceptable: superficial use of preprogrammed software without complex programming, design, implementation or management of the product; use of a word processing package; use of a hand-held calculator; data entry; operation of data processing hardware or consoles. **OTHER QUALIFICATIONS** -At least six (6) years of experience in information security -Must have expertise managing Cisco and Palo Alto next-generation firewalls and VPN, and Cisco routing and switching in an enterprise environment -Experience with enterprise systems administration including Microsoft, Apple, and Linux/Unix operation systems, and Public/Private cloud platform (i.e., AWS, Azure, Google Cloud Platform) -Experience using coding, scripting, and database queries and developer and security tools to help analyze and respond to events and to automate processes -Experience designing, configuring, and integrating network and systems security, including VPN, log analyzers, intrusion detection, intrusion prevention, firewalls, web application firewalls, network access control, and enterprise endpoint security solutions -Familiarity with network protocols -TCP/UDP, DNS, HTTP/HTTPS, SSH, FTP, etc. -Knowledge and understanding of relevant legal and regulatory requirements, including the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability -Act (HIPAA) and Payment Card Industry/Data Security Standard -Strong interpersonal communication and writing skills -Excellent organizational skills and attention to detail -Experience supervising technical staff -Relevant information security and/or information technology certifications (CISSP, Security+, CCSP, CISA, CISM) **COMPENSATION** 120,000 - 130,000 - Salary is commensurate with education and experience **BENEFITS** CUNY offers a comprehensive benefits package to employees and eligible dependents based on job title and classification. Employees are also offered pension and Tax-Deferred Savings Plans. Part-time employees must meet a weekly or semester work hour criteria to be eligible for health benefits. Health benefits are also extended to retirees who meet the eligibility criteria. **HOW TO APPLY** To apply, go to www.cuny.edu, access the employment page, log in or create a new user account, and search for this vacancy using the Job ID or Title. Select "Apply Now" and provide the requested information. **CLOSING DATE** February 12, 2025 **JOB SEARCH CATEGORY** CUNY Job Posting: Managerial/Professional **EQUAL EMPLOYMENT OPPORTUNITY** CUNY encourages people with disabilities, minorities, veterans and women to apply. At CUNY, Italian Americans are also included among our protected groups. Applicants and employees will not be discriminated against on the basis of any legally protected category, including sexual orientation or gender identity. EEO/AA/Vet/Disability Employer. Job ID 29631 Location Medgar Evers College