•Participates in incident response activities, including readiness activities, such as revising response procedures and conducting table-top exercises
•Monitors for and coordinates response to vulnerabilities in the College’s on premise and cloud environments
•Produces and maintains a library of minimum-security baselines, standard operating procedures, standards, and guidelines to support security operations, automating response whenever beneficial.
•Participates in the design, review and analysis of internal projects and external connectivity issues that may have an impact on security and compliance
•Coordinates and supports information security efforts including, but not limited to: working with application developers and database administrators to plan and implement application security on internal and external services; providing guidance on risks and vulnerabilities related to common application protocols, web services security, and end user systems; participating in planning, design, and implementation of digital rights management and information protection schemes.

Policy and Compliance (20%)
•Assists in risk assessments and gap analysis for compliance to various policies and regulations, including, but not limited to FERPA, HIPAA, PCI, and internal policies
•Coordinates with Controllers office in conducting annual PCI compliance review
•Regularly reviews and recommends updates to internal information security policy and procedures
•Evaluates 3rd parties and subcontractors for risk and suggests compensating controls

Training / Awareness / Communication (15%)
•Engages and educates customers on information security threats and best practices to manage risk
•Provides regular presentations on topics relevant to information security
•Reviews security audits and brings awareness to security problems and potential issues and recommends mitigation procedures.
•Keeps current with new or evolving information technology
•Provides timely notification of security issues to relevant staff. Works collaboratively in a team environment.

Diversity and Inclusion (5%)
•Demonstrates a commitment to diversity, inclusion, and cultural awareness through actions, interactions, and communications with others
•Develops understanding of similarities and differences in diverse cultures through employee education programs.
•Demonstrates a commitment to diversity, inclusion, and cultural awareness through actions, interactions, and communications with others.

Required Qualifications
•Excellent analytical, troubleshooting and interpersonal skills.
•Excellent verbal and written communication skills.
•Experience with coding and scripting to support process automation and integration
•In-depth understanding of IP networking, networking protocols, and security-related technologies
•In-depth knowledge of host-based security issues and techniques such as auditing, logging, etc.
•In-depth understanding of end user security issues, products, and procedures.
•Experience with vulnerability scanning and management platforms
•Experience working with log indexing and SIEM products
•Experience with managing network equipment.
•Experience with cloud security
•Experience organizing information and designing flyers and promotional material
•Familiarity with security standards such as NIST 800-53, NIST 800-171, ISO 27001, COBIT, etc.
•Two years working in an Information Security role
•Five years working in a related IT role
•BA/BS degree in a related field or the equivalent combination of education and experience.

Preferred Qualifications
•CEH, CSX-P, or CISSP Certification desired.