Information Security Manager Location Dayton, OH : Manage the information security department. Assure the ongoing operation of an array of secure systems, providing guidance to members of the Information Security staff. This position supports multiple IT project security needs; advising end users as to new system security requirements and proper placement within the WSU network environment. Secure the University's information assets against internal and external cyber-attacks. Maintain, monitor, analyze, and administer various information security tools, as well as develop relevant policies and procedures to promote confidentiality, integrity, and availability of university data. Participates in the design and implementation of security strategies and policies. Minimum Qualifications Bachelor's degree in Computer Science or related field and 8-10 years' experience in systems or network administration. One year of supervisory experience. Working knowledge of networking products. Practical working knowledge of network protocols and fundamentals. Experience designing and implementing IDS/IPS solutions. Understanding of security concepts, such as IDS, IPS, Firewalls, and Log file analysis. Ability to work independently yet contributes to the overall success of the team. Ability to learn new technologies rapidly. Good verbal and written communications skills. Knowledge of languages and concepts commonly used in testing and security research: Perl, shell scripting, Nmap, Nessus, including log file analysis. Preferred Qualifications CISSP certification or equivalent. Essential Functions and percent of time: 30%: · Design and develop security architecture associated with the University's enterprise network firewalls, IPS (Intrusion Prevention System), and WAF (web application firewall). · Maintain and administer these systems as needed, performing major upgrades, implementing changes, and optimizing hardware and software for maximum efficiency, security, and performance. · Manage the enterprise SIEM (security information and event management system). · Perform vulnerability assessments of the University's critical and/or high-value information systems, making recommendations to system owners and administrators on how to correct "weak spots" in their respective systems. · Assist and advise system owners, administrators, and internal compliance staff regarding data security compliance. · Perform internal and external enterprise vulnerability scanning, and network penetration testing with various security tools. · Perform vulnerability scanner product evaluation and testing to continually ensure best solution, implementation, and pricing. 30%: · Manage the day-to-day operations of the security department, guiding and mentoring members of the department · Advise the team on security best practices, university policy, and procedures. · Direct staff as needed to accomplish departmental goals. 30%: · Works with the CISO to develop and enforce information security and privacy policies in compliance with federal and state regulations and standards. · Stay current with Federal and State regulatory law, advising management as to the potential impact on the university computing environment. · Perform periodic security audits of university systems. Present audit finding to management personnel. Regularly review server logs to detect server, network and security issues in order to diagnose and correct potential network problems. · Provide advice and guidance to end users concerning system security requirements, data compliance, and security best practices. 10%: · Serve as a member of computer emergency response team. · In the absence of the CISO, becomes the primary control point during significant information security incidents.
