Senior IT Security and Compliance Manager

Serve as the IT security expert helping to create a strong information technology security foundation for the President, Executive Vice President and Chief Operating Officer, and Executive VP and Provost senior management areas. Reporting to the Director of Information Technology for Administrative Services, this position provides information security and compliance services to all supported departments. The position ensures that all workstations, server systems, applications, networks, databases, and data are properly secured from threats while meeting the mission critical production environments requirements and uptime. Serves as a departmental contact for any issues relating to information security or compliance with regulatory guidance. Shares responsibility for monitoring and maintaining the systems, disaster recovery planning, incident response, and security assessments. Due to the criticality of this position and its support of a 24 X 7 unit, after hours may be required.

Responsibilities of this position include...
• Manage compliance with CIS IG2 Transformation Initiative throughout supported areas
• Manage Microsoft Defender for Endpoint Transformation Initiative for supported areas to prevent, detect, investigate, and respond to advanced cyber threats
• Manage and provide guidance to the Microsoft Advanced DLP IT Transformation Initiative to identify, monitor, and protect sensitive data stored for supported areas
• Coordinate and run security training programs for data protection and adherence to university standards and policies
• Assist in the design and implementation of appropriate access protection, and audit control procedures.
• Routinely monitor practices to ensure that user access, system access, resources and information are secure
• Learn the business needs and functions of each supported department to ensure data and systems are identified and protected
• Communicate threats, findings and mitigation strategies effectively to supported areas when necessary
• Managing, and participating in, the procurement and departmental security review processes
• Providing guidance, tools, and subject matter expertise for departments performing IT risk assessments
• Leading, developing, and mentoring employees involved in compliance and risk-related activities
• Serve as liaison between distributed IT and the ITSO
• Work with and advise Director on IT security policies and standards.

• Bachelor’s degree in Business Information Technology, Computer Science or a related field or related equivalent experience
• Significant information security, audit, and/or compliance work experience, with experience measuring compliance against various regulations, industry standards, and/or policies
• Demonstrated ability to own and manage multiple projects and programs
• Demonstrated ability to effectively communicate, written and oral, across a broad range of campus audiences
• Experience using appropriate security software, such as OWASP ZAP, nikto, and nmap, to perform vulnerability tests
• Ability to self-learn and maintain a strong proficiency in technical tools, counter measures, and techniques
• Experience installing, securely configuring, and administrating Unix/Linux, OSX or Windows Server operating systems.
• Ability to install and configure security software or hardware applications such as firewalls, intrusion detection systems, network mapping tools, and vulnerability scanners
• Ability to quickly understand technical concepts and determine the implications of relevant requirements and policies.
• Strong analytical, organizational, and problem-solving skills

• Master's degree in business information technology, or a related field. CISA, CISM, CRISC, or CISSP certification
• Experience supervising direct reports or mentoring employees as a team lead
• Experience with at least two of the following: FERPA, GLBA, PCI, ISO 27002, NIST 800-171
• Experience in evaluating business processes and making recommendations for improvements
• Knowledgeable about privacy implications as well as familiarity with technical privacy concepts
• Experience working in a higher education environment
• Experience working with Snort, Nessus, Rapid 7, OWASP ZAP, Burp Suite, Metasploit, OSSEC, OSSIM or equivalent tools.

Regular

Salary range of $84,455-$100,000

02/20/2023

The successful candidate will be required to have a criminal conviction check.

Dedicated to its motto, Ut Prosim (That I May Serve), Virginia Tech pushes the boundaries of knowledge by taking a hands-on, transdisciplinary approach to preparing scholars to be leaders and problem-solvers. A comprehensive land-grant institution that enhances the quality of life in Virginia and throughout the world, Virginia Tech is an inclusive community dedicated to knowledge, discovery, and creativity. The university offers more than 280 majors to a diverse enrollment of more than 36,000 undergraduate, graduate, and professional students in eight undergraduate colleges, a school of medicine, a veterinary medicine college, Graduate School, and Honors College. The university has a significant presence across Virginia, including the Innovation Campus in Northern Virginia; the Health Sciences and Technology Campus in Roanoke; sites in Newport News and Richmond; and numerous Extension offices and research centers. A leading global research institution, Virginia Tech conducts more than $500 million in research annually.