IT Security Engineer II - Hanover, United States - InsideHigherEd

Description

05/28/2024

Yes

1128880

IT Security Engineer II (ITSEII)

Information Security

$92,000

$115,000

Not a Union Position

Not an SEIU Position

Exempt

Regular Full Time

12

40

M-F, 8a-5p

Hanover, NH

Hybrid

No

NA

No

The IT Security Engineer II (ITSEII), Information Security Risk Management safeguards the institution's information technology assets, encompassing both physical and digital domains, against all forms of security threats and vulnerabilities. This position is tasked with conducting proactive security operations, implementing, and maintaining robust security measures, and ensuring compliance with relevant policies and regulations. The ITSEII educates and engages the college community in best practices for information security, fostering a secure, inclusive, and aware campus environment. contributing significantly to the integrity, reliability, and resilience of Dartmouth's information systems and the protection of sensitive data.

Join Our Team: IT Security Engineer II – Information Security Risk Management Specialist
Dartmouth is actively seeking a proactive and communicative IT Security Engineer II, specializing in Information Security Risk Management (ISRM), to enhance our security landscape. This criticalrole focuses on the protection of our institution's technology assets against an array of security threats, emphasizing risk management, compliance, and awareness.

As a key member of our Information Security team, you will lead efforts to build a security-conscious community by developing and delivering effective training programs and awareness campaigns. Your goal will be to ensure that all staff are equipped with the knowledge and tools needed to maintain security and mitigate risks.

Key Responsibilities:

• Communication and Awareness: Spearhead communication initiatives to keep the campus community informed about the latest security practices and threats. Develop comprehensive training materials that are accessible and relevant to various audiences.
• Training Programs: Design and implement dynamic security training sessions tailored to different departmental needs, focusing on new security threats and compliance requirements. These sessions will be conducted both in-person and online to ensure broad participation.
• Risk Management and Compliance: Conduct detailed risk assessments and enforce compliance with key regulatory and security standards such as PCI, HIPAA, and FERPA. You will play a crucial role in fostering a culture of continuous improvement in security practices.
• Collaborative Engagement: Collaborate with stakeholders across the organization to integrate best security practices. Advise on potential risks and strategies for mitigation, ensuring a cohesive and informed approach to security across all departments.

• Bachelor's degree in Information Technology, Computer Science, or a related field, with 3-5 years of experience in IT security, particularly in risk management.
• Advanced certifications like CISSP, CEH, CRISC, or similar are preferred.
• Exceptional communication skills, capable of effectively engaging both technical and non-technical stakeholders.
• Strong background in developing and leading security training and awareness programs.
• Familiarity with current security protocols, risk management strategies, and compliance frameworks such as NIST, ISO, and COBIT.
• Demonstrated commitment to promoting diversity and inclusion within a professional setting.

Bachelor's degree

• Bachelor's degree in Information Technology, Computer Science, or a related field, or equivalent experience.
• 3-5 years of experience in an IT security role, with additional experience in related IT roles beneficial.
• Proficiency in coding and scripting for process automation and integration, with a strong background in managing network equipment and cloud security.
• Comprehensive knowledge of information security issues, techniques, auditing, logging, and familiarity with vulnerability scanning and management platforms.
• In-depth understanding of IP networking, networking protocols, and security-related technologies.
• Strong analytical, troubleshooting, and communication skills.
• Familiarity with security standards and frameworks such as NIST 800-53, ISO 27001, and COBIT.
• Ability to support the development and implementation of information security policies and compliance programs.

• Advanced certifications such as CISSP, CEH, CRISC, or similar.
• Experience leading security awareness and training programs.
• Demonstrated ability to innovate and stay current with technology trends and security practices.
• Expertise in security technologies or platforms such as SIEM, SOAR, IDS/IPS, firewalls, endpoint protection, vulnerability scanning, cloud security management tools, IAM, and DLP.
• Experience managing large-scale security projects or initiatives, with a focus on achieving strategic security outcomes.
• Exceptional communication skills, adept at engaging with both technical and non-technical stakeholders.
• Proven track record of promoting diversity and inclusion within a team or organization.

Jonathan Kulp

Sean McNamara

Dartmouth College is an equal opportunity/affirmative action employer with a strong commitment to diversity and inclusion. We prohibit discrimination on the basis of race, color, religion, sex, age, national origin, sexual orientation, gender identity or expression, disability, veteran status, marital status, or any other legally protected status. Applications by members of all underrepresented groups are encouraged.

Employment in this position is contingent upon consent to and successful completion of a pre-employment background check, which may include a criminal background check, reference checks, verification of work history, conduct review, and verification of any required academic credentials, licenses, and/or certifications, with results acceptable to Dartmouth College. A criminal conviction will not automatically disqualify an applicant from employment. Background check information will be used in a confidential, non-discriminatory manner consistent with state and federal law.

Not an essential function

Dartmouth College has a Tobacco-Free Policy. Smoking and the use of tobacco-based products (including smokeless tobacco) are prohibited in all facilities, grounds, vehicles or other areas owned, operated or occupied by Dartmouth College with no exceptions. For details, please see our policy.

Policy, Compliance, and Risk Management

• Assists in risk assessments, compliance reviews, policy updates, and evaluates third-party relationships to mitigate risks and ensure alignment with institutional security standards.
• Participates in assessing and maintaining adherence to key regulatory and security standards such as PCI, HIPAA, FERPA, and others, supporting comprehensive compliance across all facets of the organization.
• Regularly reviews and recommends updates to internal information security policies and procedures.
• Evaluates third parties and subcontractors for risk and suggests compensating controls.
• Coordinates with vendors in the design, implementation, and monitoring of infrastructure, cloud services, and other external services to ensure robust protection of organizational assets.

40%

Training, Engagement, and Collaboration ISRM

• Develops and delivers customized security training programs tailored to departmental needs, updating content to address new security threats and compliance requirements. Sessions are conducted both in-person and online.
• Maintains up-to-date knowledge of IT security developments, promptly communicating relevant threats and updates to staff.
• Fosters a proactive security posture that respects and integrates diverse cultural backgrounds, enhancing overall security awareness.
• Collaborates with stakeholders across the organization to reinforce security practices, guide discussions on potential risks, advise on best practices, and ensure a unified approach to security efforts across departments.

40%

Development, Support, and Technology Management

• Ensures all systems are safeguarded against all forms of malicious intrusions.
• Evaluates network architecture and hardware/software configurations for security vulnerabilities.
• Ensures the effectiveness of authentication, encryption, and intrusion detection methods.
• Supports, designs, implements, and maintains information security policies, safeguarding all IT systems and data.
• Evaluates and implements identity, privilege, and access control technologies and strategies, ensuring appropriate access controls are in place and regularly reviewed.
• Keeps abreast of emerging security technologies and makes recommendations for their implementation.

10%

Security Operations and Incident Management

• Maintains security baselines and automates responses to ensure robust protection against threats.
• Provides expertise in log management and threat detection systems to enhance incident detection and response capabilities across diverse environments.
• Contributes to the design, review, and implementation of security measures for both internal and external projects, ensuring comprehensive coverage.
• Participates in incident response activities, including readiness activities like revising response procedures and conducting table-top exercises.
• Monitors and coordinates responses to vulnerabilities in both on-premises and cloud environments.
• Conducts periodic security assessments, including network penetration tests and vulnerability scans, using both in-house and external resources to identify and mitigate risks.
• Leverages and enhances the organization's incident response and threat monitoring capabilities using Security Incident and Event Monitoring (SIEM) tools.

5%

Diversity and Inclusion

• Promotes diversity and inclusion through actions and communications, contributing to the creation of an inclusive environment within the IT domain.

5%

Demonstrates a commitment to diversity, inclusion, and cultural awareness through actions, interactions, and communications with others.

Performs other duties as assigned.