Location: Worcester, MA Category: Staff and Administrators Posted On: Mon Feb 22 2021 Job Description:
Serve as the University's Subject Matter Expert (SME) on information security tools, techniques, and processes; assist peers to configure and deploy applications and systems in a secure manner.
Design, implement, and maintain security applications and infrastructure to support University policies as well as federal and state security/data privacy regulations, including but not limited to management of firewalls, VPN servers, authentication services (NPS, FreeRADIUS), and other appliances, servers, and services.
Analyze information across systems and networks to identify and respond to potential security incidents and data breaches; participate in incident response and recovery activities as required, including but not limited to password resets, logtrail auditing, notification emails, and litigation holds). Utilize security suites and tools to mitigate risks and breaches in both on-prem and cloud infrastructures, including but not limited to Microsoft Azure and Office 365.
Serve as technical lead on security projects; administer security-related infrastructure and applications such as SIEM tools, vulnerability scanning/management, NGFW, email sanitation tools, MFA, SSL certificates, and other security-related infrastructure; suggest, implement, and maintain new technologies as required to support the ever-changing security landscape.
Plan and conduct infrastructure security assessments and vulnerability scans of all layers of the information technology ecosystem including networking, servers, operating systems, databases and applications; analyze findings for system owners. Assess and assist in management of logging infrastructure including but not limited to syslog and Splunk.
Participate in external professional organizations that are relevant to the objectives of Clark's information security program such as EDUCAUSE, REN-ISAC, SANS, etc.; provide reports and presentations on the status of security controls and security industry trends/technologies to ITS management.
Monitor ITS's business continuity and disaster recovery program and validate against industry best practices; routinely review, test, and improve program.
Collaborate with Information Privacy and Compliance Analyst to conduct information security threat modeling exercises, risk assessments, phishing simulations, creation, curation, and delivery of training materials, and workshops.
Monitor and advise on information security issues related to applications, information systems, and data assets to ensure internal security controls for the University are appropriate and operating as intended. Provide and manage solutions for handling sensitive, protected, and secure data with tools including but not limited to GoAnywhere.
Stay abreast of latest security technologies; maintain a strong knowledge base of industry and technology that help the support the information security requirements of the University.
Other duties as assigned.
BS in computer science, engineering, or other technical discipline plus a minimum of 3 years of experience working in information technology, security, or risk management. CISSP or equivalent certification is preferred. Comparable success and work experience may be considered in lieu of degree requirement. Experience in a higher education environment preferred.
Strong analytical skills and ability to translate University business needs and information security compliance requirements into supporting enterprise-wide data security standards.
Familiarity and experience with information security standards (e.g., NIST 800-53, ISO 27001/2, etc.), rules and regulations related to information security and data privacy (e.g., MA 201 CMR 17, FERPA, HIPAA, PCI, GDPR etc.); working knowledge of desktop, server, application, database, and network security principles and best practices for risk identification, management, and analysis.
In depth knowledge of vulnerability management and exploit analysis tools, networking technologies, common protocols, services and related security issues required; experience with Data Loss Prevention, Identity Management, IPS/IDS, NGFW, MFA, and SIEM solutions as well as experience documenting technical standards and operational policies required; experience with cloud and data center security also desired.
Demonstrated passion for problem solving; strong project management skills and the proven ability to build trust and work well with all levels of management and technical staff are required.
Able to communicate effectively with people at varying levels of technical fluency including the ability to explain and document complex technical issues in a way that non-technical people may understand; the ability to establish collaborative working relationships at all contact levels of the University; the ability to communicate progress/challenges to appropriate personnel effectively.
A demonstrated understanding of business operations, information technology and data security as it relates to monitoring, maintaining and implementing data security policies, standards, and guidelines.
Team player with excellent consulting skills and a fun, but professional presence required.
Excellent customer service skills; a high degree of integrity relative to data security and confidentiality of information required.
Ability to work nights and weekends on an as-needed basis is required.
This is a Full-time position with excellent benefits, which include employee and family tuition benefits, 4 weeks' vacation, generous retirement plan, free use of campus fitness center and many more.
Clark University embraces equal opportunity and affirmative action as core values: we believe that cultivating an environment that embraces and promotes diversity is fundamental to the success of our students, our employees and our community. This commitment applies to every aspect of education, services, and employment policies and practices at Clark. Our commitment to diversity informs our efforts in recruitment, hiring and retention. All positions at Clark share in the responsibility for building a community that values diversity and the uniqueness of others by exhibiting integrity and respect in interacting with all members of the Clark community to create an atmosphere of fairness and belonging. We strongly encourage members from historically underrepresented communities, inclusive of all women, to apply.
Founded in 1887, Clark University is a liberal arts-based research university committed toscholarship and inquiry that addresses social and human imperatives on a global basis. It is the place where Robert Goddard invented the modern rocket, where Sigmund Freud delivered his only lectures in the United States, and where current students stake their claim to the Clark motto, “Challenge Convention, Change Our World,” which is the rallying cry that inspires our community every day. Located in Worcester, Massachusetts, Clark University educates its undergraduate and graduate students to be imaginative and contributing citizens of the world, and to advance the frontiers of knowledge and understanding through rigorous scholarship and creative effort. The University’s engages students in such areas as biology, chemistry, economics, geography, psychology, urban education, management, environmental science and policy, Holocaust and genocide studies, and international development and social change. Clark University’s pioneering model of higher education, LEEP (Liberation Education and Effective Practice) compels undergraduate students to thrive in authentic world and workplace settings, and prepares them for lives and careers of consequence.