Details
Posted: 15-Mar-22
Location: Bronx, New York
Salary: Open
Categories:
Information Technology
About Fordham:
Founded in 1841, Fordham is the Jesuit University of New York, offering an exceptional education distinguished by the Jesuit tradition to more than 16,000 students in its nine colleges and schools. It has residential campuses in the Bronx and Manhattan, a campus in West Harrison, N.Y., the Louis Calder Center Biological Field Station in Armonk, N.Y., and the London Centre in the United Kingdom.
The University offers a comprehensive benefits package that includes medical, dental, and vision insurance; flexible spending accounts; retirement plans; life insurance; short and long-term disability; employee assistance program (EAP); tuition remission; and generous time off.
Successful candidates should have a knowledge of and commitment to the goals of Jesuit Education.
Department: Information Technology
Campus: Rose Hill (RH) - Bronx
Position Summary:
The Senior Engineer of IT Security, who, through research, investigations and audit, identifies risks, threats and weaknesses and advises on the different options for mitigation. This position oversees the forensic analysis of security events, leads the Fordham IRT (Incident Response Team) in the likely event of a security incident and manages all security applications, hardware and implementations. In addition, the Senior of IT Security directs the design and implementation of solutions for user security awareness, security access requests and authorizations, security implementations, access control provisioning, de-provisioning and compliance monitoring. The Senior Engineer recommends upgrades, repairs, modifications, and replacements of information security and change control procedures, systems, devices and/or software.
Essential Functions:
● Proactively protects the privacy, integrity, confidentiality, and availability of information in the custody of or processed by Fordham University.
● Actively researches industry advances in security techniques and recommend adoption if appropriate.
● Leads an IT security operations team in line with the University's Cyber Security Incident Response Plan.
● Responds in a timely manner to a loss or misuse of information assets.
● Implements security policies and procedures (e.g., security breach escalation procedures, security auditing procedures and use of firewalls, encryption and endpoint security).
● Performs security assessments through vulnerability assessments and penetration tests.
● Proactively assesses risks and vulnerabilities in the network.
● Conducts investigations of suspected misuse of University resources and participate in compliance reviews as requested by auditors.
● Processes all authorized requests for access by University officials.
● Communicates unresolved security exposures, misuse or noncompliance situations to University data owners through appropriate channels.
● Analyzes application security needs based on the sensitivity or proprietary nature of the data to ensure all systems are utilized for management-approved purposes only.
● Consults with IT management in the selection and use of realistic security and change control enforcement mechanisms.
● Directs the deployment of all security related hardware and software obtained by the University.
● Assists with University implemented change control policies, procedures, standards and guidelines to support the security and compliance needs of Fordham University.
● Assists peers in understanding and responding to security and change control audit failures reported by internal and external auditing departments.
● Coordinates and assist local, state, or federal law enforcement agencies to resolve IT security matters.
Required Qualifications:
● Bachelor's degree in Computer Science or a related field
● Five (5) years directly related cyber security experience.
● Knowledge of authoritative standards, guidelines, and best practices relative to information security.
● Strong communications skills, both written and oral.
● Organized, responsive and highly thorough problem solver.
● CISSP, CISM, GIAC, SSCP or equivalent certification is a plus.
● Must be available to be on call as needed.
● Capable of understanding of the University's business needs, with the ability to establish and maintain credibility as a member of the security and change control team.
Preferred Qualifications:
Demonstrated expertise in
- Planning and designing complex systems architectures, specifications and applications.
- Vendor management, determination of needs, RFP, etc.
- Developing and maintaining healthy relationships with vendors, professional organizations, peer groups, and industry trade groups to remain current with evolving technologies.
- Execution of project plans and delivery of results.
- Developing and delivering presentations of technical matters in a clear and understandable manner.
- Ability to communicate technical concepts and issues with both technical and non-technical individuals.
- Strong customer focus and demonstrated ability to manage client expectations with the ability to interact professionally with staff, faculty and students.
Should have substantive demonstrable knowledge
- Crowdstrike Early Detection and Response, Qualys – Vulnerability Management, Core Security – Core Impact, Guidance Software – Encase, Trend Micro – Intrusion Protection Systems, SumoLogic – SIEM, Data Loss Protection – Identity Finder, CloudLock, or Microsoft DLP.
Other security tools as appropriate.
● Must have conducted and produced both detailed and executive Vulnerability Assessments.
●.Analytical/problem solving and technical skills.
● Excellent collaboration and team-building skills.
● Good understanding of cloud technology.
● Good organizational and time management skills.
EEO Statement:
Fordham University is committed to excellence through diversity and welcomes candidates of all backgrounds.
Fordham is an Equal Opportunity Employer – Veterans/Disabled and other protected categories