Director, Information Security Services
Essential Duties:
-
Oversee IT security measures throughout an organization. Strategic oversight of every aspect of security, from staffing and budgets to protocols and incident response.
-
With dotted line responsibility and guidance from Purdue system CISO, monitors and coordinates the detection, analysis and response to security events. Set up the proper protocols for incident responses. Monitors and coordinates all incident response processes including forensics and provide metrics and reporting to management and Purdue System CISO. Coordinates the monitoring of Purdue University Northwest’s security posture by utilizing security tools such as network and application vulnerability, SIEM, ePO, etc. and provides reports and metrics as necessary. Develops and maintains documentation and protocols for incident response. Collaborate with the Purdue System Security Architect to ensure a smooth transition of security technologies. Monitors and coordinates the administration, and support of security tools such as vulnerability scanning, threats and events in network and host systems; SIEM, DLP, IPS, etc. Review reports and processes and ensure changes are followed and documented. Audits and adjusts security profiles as necessary to eliminate conflicts and segregation of duty issue. Work with the team to ensure elements of the Purdue security policies, and procedures are met within the overall security design. Lead and coordinate the security team for IS and Functional End Users. Ensure designated areas are preforming regular security patches on servers across both campuses. Identify areas of security risk and recommend risk mitigation actions. Prioritize and allocate security resources correctly and efficiently.
-
Provides technical direction, functional leadership and mentoring to other security specialists in IS and in functional user areas. Functionally supervises, mentors and trains other staff responsible for security in their departments, team members and students. Monitors their work to ensure the quality of services provided and skills used. Guides, develops, and coordinates the work of others responsible for security and facilitates group progress for following proper security protocols. Monitors the status of work in process and takes appropriate actions until the customer is fully satisfied with the product or issues resolution. Provide status reports and measurements, as appropriate. Proactively participate in security team activities including producing team deliverables, communicating positively within the security team, working towards priorities, reporting status progress, and issues with team leads. Shares expertise with IS staff and functional end users. Coordinates security schedules and priorities with functional teams and integration leads. Participate in issues resolution, adhere to standards, effectiveness, and quality in the team’s work products. Perform internal audits across both campuses. Implement a unified security plan using researched security tools best suited for PNW.
-
Develop strategies to handle security incidents and coordinate investigative activities. Develops, implements and maintains security profiles for all Purdue system and application users. Develops and implements the security design for Purdue applications with input and assistance from other Security Team members. Duties as assigned. Oversee desktop security across PNW. Design and implement education programs focused on user awareness and security compliance.
- Perform other duties as assigned.
Qualifications
Bachelor’s degree in Computer Science, Cyber Security, or related discipline. At least five years demonstrated progressive information technology experience. Practical experience in an information technology security related position. Demonstrated experience working with and supporting security systems and applications, security data analysis and design, and technical analysis and evaluation of network and security vulnerabilities. Demonstrated experience in the development of security best practices, processes, solutions, metrics, and reporting. Demonstrated experience writing procedures and business processes. Demonstrated incident response experience. Must be able to lead incident response protocols within Information Services at PNW and in collaboration with Purdue West Lafayette. Extensive hands-on knowledge of security tools and solutions including but not limited to vulnerability scanning, intrusion detection, intrusion prevention, firewalls, encryption technologies, endpoint protection, patch management, multifactor authentication, and SIEM platforms.
Required: CISSP certification.
Preferred: Higher Education experience; GIAC, CISM, CISA, CEH, ITIL, PMP certifications.
Demonstrated project management skills. Must have the ability to use good judgement, multitask, manage multiple IT security projects and meet deadlines in a fast-paced environment. Must have excellent verbal and written communication and organizational skills. Ability to communicate effectively with both technical and non-technical groups. Effective team building skills. Ability to originate change, affect results and foster a continuous quality improvement environment. Demonstrated experience with integrating IT systems development with security policies and information protection strategies; including the support of security processes, tools, and applications. Knowledge of security profiling, system audit processes and procedures. Ability to measure effectiveness of security processes and provide metrics and reporting. Ability to solve problems, prioritize work tasks and accept project priorities. Ability to define business requirements and implement business process redesign; including security policies and procedures. Knowledge of intrusion detection and Internet architecture. Must be able to participate in professional development for Security. Must demonstrate successful supervision of technically trained staff. Enterprise architecture and security architecture. Knowledge of security and privacy regulations such as PCI, HIPAA, GLBA, FERPA, GDPR, etc. Technical security certifications such as CISSP and GIAC. Understanding of firewall theory and configuration.
-
Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
-
ISO 27001/27002, ITIL and COBIT frameworks
-
PCI, HIPAA, NIST, GLBA and SOX compliance assessments
-
Windows, UNIX and Linux operating systems
-
C, C++, C#, Java and/or PHP programming languages
-
Firewall and intrusion detection/prevention protocols
-
Secure coding practices, ethical hacking and threat modeling
-
TCP/IP, computer networking, routing and switching
-
Network security architecture development and definition
-
Knowledge of third party auditing and cloud risk assessment methodologies
Additional Information:
For information regarding our excellent benefits package, please visit: www.purdue.edu/benefits
Professional references will be verified prior to any offer of employment. Employment is contingent upon completion of successful background check and motor vehicle records check.