Security Engineering Manager

James Madison University is accepting applications for a Security Engineering Manager. The Security Engineering Manager provides leadership and supervision for the security engineering staff and coordinates the IT organizations technical activities to implement and manage the security infrastructure and provide status updates to management and the Information Security Officer.

Provide leadership, supervision, performance evaluation, guidance and encouragement to Security Engineering Team and for the day-to-day responsibilities of the group. Assess the JMU computer network vulnerabilities. Monitor network and central system operations logs to deter mine level threats. Track, evaluate and communicate newly discovered vulnerabilities and threats. Participate in JMU Computer Incident Response Team (CIRT).

• Significant IT Security and supervisory experience.

• A bachelor’s degree in information systems is preferred; an M.B.A. or M.S. in information security is also preferred.

• Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT Operations Staff.

• The ability to interact with JMU employees, build strong relationships at all levels and across all business units and organizations and understand business imperatives.

• A strong understanding of the business impact of security tools, technologies and policies.

• Strong leadership abilities, with the capability to develop and guide Security Engineering Team members and IT operations personnel.

• Ability to work with minimal supervision.

• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, Project and Application Development Teams, management and business personnel.

• In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.

• Excellent understanding of information security concepts, protocols, industry best practices and strategies.

• Experience working with legal, audit and compliance staff.

• Experience developing and maintaining policies, procedures, standards and guidelines.

• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks [Substitute as appropriate].

• Familiarity with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), the European Union Privacy Directive and the Japanese Financial Instruments and Exchange Law (“J-SOX”).

• Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.

• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.

• Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.

• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.

• An understanding of operating system internals and network protocols.

• Familiarity with the principles of cryptography and cryptanalysis.

• Experience in application technology security testing (white box, black box and code review).

• Experience in system technology security testing (vulnerability scanning and penetration testing).

Employment is contingent upon the successful completion of a criminal background check.

E-Verify Notice: After accepting employment, new hires are required to complete an I-9 form and present documentation of their identity and eligibility to work in the United States. James Madison University uses the E-Verify system to confirm identity and work authorization.