Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Manager of Information Security Monitoring
Company Rowan University
Location Glassboro, NJ
Preferred GIAC Certifications GMON, GSEC
Travel 5%
Salary Not provided
URL https://go.rowan.edu/isomonitoringmanager
Contact Name Leonard Nelson
Contact Email nelsonlp/at/rowan.edu
Expires 2021-10-25

Job Description

This position will serve as the manager responsible for overseeing the university’s information security monitoring program and will report to the Chief Information Security Officer. The manager will lead all aspects of the information security monitoring program, including ensuring that IT activities, processes, and procedures meet defined monitoring requirements, policies and regulations. The manager should have the necessary experience to provide guidance to management and to effectively work with faculty, staff and students for any awareness programs and related processes to improve our overall security posture. The manager will thrive in this position if they have prior expertise implementing and configuring security tools and applications, and the ability to drive the information security monitoring program towards maturity by creating repeatable processes and utilizing metrics for improvement.

JOB DUTIES:

- Adapt information security monitoring strategy to incorporate and address emerging technologies and risks
- Propose and implement improvements for the performance, reliability, or security of services in accordance with industry standard methodologies
- Participate in the design, implementation, troubleshooting, and maintenance of various applications and services utilized for information security monitoring at the University
- Manage any external Managed Security Services Providers involved with providing security monitoring services
- Collaborate with the Internal Audit department on required security assessments and audits by coordinating and tracking resolution of all information technology and security related audit findings
- Develop and maintain security certification policies and standards as needed, including the periodic security certification reviews of systems and technology as well as coordinating the remediation of all security certification and risk finding issues
- Promote university awareness of information security policies and programs through the creation and maintenance of security awareness programs that are engaging, intuitive to use and mitigate risks to our University
- Tailor information security training, education, and awareness programs to policy and compliance objectives (e.g., HIPAA, FERPA, PCI)
- Maintain and improve the effectiveness of existing information security training, education, and awareness programs/activities utilizing appropriate metrics to measure engagement, behaviors, and impact of our security awareness training programs
- Other information security duties as assigned

REQUIRED EDUCATION, KNOWLEDGE, SKILLS AND EXPERIENCE:

- Bachelor's degree or equivalent years of related professional work experience
- Certification from ISACA (e.g. CISA, CISM), (ISC)² (e.g. CISSP, SSCP) or SANS (e.g. GSEC, GMON) or equivalent security training required
- At least 3 years of continuous professional work experience in an information security position supporting or managing an information security monitoring program in an organization
- Experience with implementing and monitoring controls defined in frameworks such as NIST Cybersecurity Framework (CSF), CIS Controls, NIST 800-53, NIST 800-137
- Experience with Governance, Risk and Compliance (GRC) programs such as OneTrust, RSA, ServiceNow to apply knowledge of information security and risk mitigation principles, theories, and techniques in daily work
- Consultative work style that supports successful initiatives with all levels of management and customers across organizational boundaries
- Experience with presenting to audiences of different skill levels and leadership levels on topics related to Information Security and strong written and oral communication skills with the proven ability to develop senior management briefings
- Experience or familiarity with integrating platforms using vendor-provided APIs to orchestrate routine tasks
- Beginner to moderate knowledge of SQL to aid with data aggregation and reporting
- Beginner to moderate knowledge of programming languages (e.g. Python, PowerShell) to aid with automation of routine tasks and processes

PREFERRED EDUCATION, KNOWLEDGE, SKILLS AND EXPERIENCE:

- Experience working with and using one (or more) of the following platforms:
- Vulnerability Management: e.g. Tenable, Rapid7, Qualys
- Monitoring & Logging: e.g. Splunk, LogRhythm, AlienVault
- Cloud Access Service Broker (CASB) platforms and monitoring of cloud computing environments e.g. McAfee, Microsoft, Netskope
- Experience working with and responding to security incidents
- Familiarity with Identity and Access Management technologies including Single Sign-On and Federated Services
- Familiarity with entry level database management tasks on database servers e.g. MySQL, SQL Server, Oracle
- Candidates with the following job titles or experience in the following job roles are encouraged to apply: Security Engineer, Security Analyst, Security Manager. Cyber Analyst