Skip to main content

Deputy Director of Cyber and Endpoint Security

Employer
Fashion Institute of Technology
Location
New York, New York, United States
Closing date
24 May 2024

View more

Job Details

Job Description:

Under the direct supervision of the AVP of IT Infrastructure Services / Chief Information Security Officer, the position is a hands-on operational and cyber systems and engineering role with a primary focus on maintaining the confidentiality and integrity of the institution's information and systems through effective cyber security operations, cyber safety awareness programming, data privacy and protection, and the policies, procedures, and practices designed to address the information security threats facing FIT.

The position will be responsible for the operational mandate of the FIT CISO Office via direct action, leveraging IT divisional staff, software-as-a-service [SAAS] 3rd party assistance, and/or internal coordination/collaboration with various other college units and stakeholders.

Responsibilities & Essential Functions:
  • Leadership & Operations - Perform the designated daily operational tasks (leadership, technical, system support, engineering, logistical, and administrative) of the CISO Office. Maintain the current cyber security (monitoring, hardening, incident response, etc.) and cyber safety programs (white hat phishing, newsletters, endpoint protection, etc.). Oversee vulnerability management. Monitor FIT's information security infrastructure for detection and prevention of unauthorized use/access. Assist the CISO in leading the "continuous improvement" infrastructure and architecture "hardening" program. Assist with/maintain risk assessment, defect tracking, and remediation for FIT's architecture and infrastructure. Evaluate/identify cyber security risks for new and existing systems and services and suggest mitigation strategies. Perform/assist with 3rd party vendor/product reviews. Manage the security awareness training program to continue to raise cyber security awareness. Perform and/or oversee system administration and vendor management for information security-related applications, products, tools, and services.
  • Performance - Take initiative to drive performance and results. Contribute to a collegial team environment. Promote continuous learning of cyber security standards and policies throughout FIT. Promote continuous process improvement.
  • Environment/Maintenance - Maintain the cyber security and endpoint security environment, working with internal teams and 3rd parties. Develop/implement new cyber or endpoint technology. Investigate problems; fix defects. Manage/support patches and upgrades. Administer the cloud-based intrusion detection and prevention solutions with the FIT Google domain. Monitor/report on industry trends/technologies/standards. Review/recommend new versions/systems/modules for implementation. Execute on approved roadmap prioritized by the CISO. Develop/implement technology and develop/update SOPs/best practices as directed by the CISO.
  • Project/Client Support - Provide project leadership. Work to resolve any system outages related to cyber security. Provide support to the IT Staff as a senior level cyber leader. Handle Tier 1,2,3 cyber tickets.
  • Incident Management - Operate the cyber security incident response program. Oversee monitoring and remediation of identified vulnerability exploits. Be on-call as needed to respond quickly to incidents.
  • Compliance & Auditing - Assist the CISO in their role of information-related compliance officer for FIT. Oversee/conduct assessments/audits to ensure compliance to NIST or ISO standards.
  • Strategic Planning & Roadmapping - Support the CISO on the execution of goals within areas of responsibility. Maintain awareness of relevant technological solutions and the evolving threat landscape to anticipate risk based on threat trends, the cyber marketplace, current regulations. Assist the CISO with planning and strategic roadmapping.
  • Training - Orient/train/crosstrain/mentor or assist in training stakeholders related to cyber security, cyber awareness, and endpoint security.
  • Documentation - Develop/write/publish cyber-related documentation for the CISO Office to facilitate supportability and knowledge transfer within the college for existing, reconfigured, or new systems and services.

  • The position will work within a high-paced, collaborative environment that includes emergency incidents. Work may be team/project work or independent, across multiple locations, and at times include irregular hours and/or on-call requirements.

    The preceding description is not designed to be a complete list of all duties and responsibilities required of the position; other duties may be assigned consistent with the classification of the position. For detailed tasks and work instructions, click here .

    Requirements:

    Education:
    • University degree in Information Security, Computer Science, Information Systems, Enterprise Applications, Information Architecture, Engineering, Networking, or a related field from an accredited academic institution.
    • Master's degree in one of the above or related fields is preferred.

    Experience:
    • Minimum of three years of relevant professional experience working within an information security/IT risk functional area, preferably with several years at a higher education institution.
    • Demonstrated experience maintaining a cyber secure environment (of systems, servers, tools, service, endpoints and other smart devices)in partnership with IT owners, including but not limited to:
      • Vulnerability scanning and response/remediation
      • Anti-Phish and other endpoint security operations and response
      • Security configurations/settings management
      • Security patch oversight
      • Assessments (NIST) and testing (pen tests)
      • Security repositories (documentation, SOPs, tracking sheets, configuration standards/default settings, etc.)
    • Proven experience delivering technical and educational cyber security and safety guidance to a variety of stakeholders and collaborating with business stakeholders in the event of cyber events and incidents.

    Knowledge:
    • Knowledge of the following security technologies:
      • Network security services such as firewalls and web application firewalls [WAF], intrusion detection [IDS] and intrusion prevention [IPS] systems, and end-point protection;
      • Email security options and services (preferably GMail);
      • Infrastructure and application vulnerability and scanning tools and services;
        • MDR/XDR products
        • DDOS products
        • Anti-virus products
        • Endpoint protection tools/protocols
      • Security Incident Response protocols (methods to detect and respond to threats)
      • Application and system lifecycle security
      • And cyber security vendor review procedures of both commercial/3rd party and internally-developed software applications
    • Working knowledge of Microsoft Active Directory implementations
    • Working knowledge of Microsoft Windows operating systems
    • Working knowledge of Apple/Mac operating systems
    • Working system administrator knowledge of Google Workspace

    Skills:
    • Cyber Security Certification - Industry certification in at least one of the following areas is required:
      • Certified Information Systems Security Professional [CISSP];
      • Certified Information Security Manager [CISM];
      • or Information Systems Security Management Professional [ISSMP].
    • Excellent communication, interpersonal, teamwork, collaboration, problem-solving, critical thinking, and troubleshooting skills.

    Abilities:
    • Ability to work under minimal direction, on multiple projects, and under tight project deadlines; lead or assist with emergency support as directed by the CISO.
    • Ability to deliver optimal IT security solutions within defined resource parameters.
    • Ability to develop IT information security policies and procedures when needed.
    • Ability to use endpoint management tools like KACE, JAMF, GPO, and the like.
    • Ability to take initiative and drive high levels of performance management.
    • Ability to plan work, anticipate risk, and set goals within own areas of responsibility.
    • Ability to promotes continuous learning and continuous process improvement.
    • Ability to master subject matter
    • Ability to work effectively with all clients and stakeholders to strike the proper balance between information security and the mission of FIT.
    • Ability to teach and train other staff members on cyber security and cyber safety/awareness principles.
    • Ability to contribute to a collegial team environment.


    Additional Information:

    Please note all offers of employment are contingent upon successful completion of the background check process.

    Salary

    Salary: $110,024.58 - $124,061.66 per year; commensurate with experience and qualifications.

    Work Schedule

    Days/Hours: M-F, 9am-5pm, in person; work schedule subject to change based on needs of the department.

    Benefits

    The Fashion Institute of Technology (FIT) provides comprehensive employee benefit programs designed to help keep our faculty and staff and their families healthy, safe, happy, and productive. Our programs also include a variety of components to help our employees improve the quality and balance of their work and family lives, and to help them prepare for their futures.
    • Retirement Plans
    • Health Care Plan and Dental Plan
    • Employee Assistance Program
    • Flexible Spending Account
    • Commuter Benefit Plan
    • FIT Tuition Exemption Program
    • Paid Time Off (Vacation, Personal, Sick and Holidays)
    • 4-day Summer Workweek
    • Qualifying Employer for the Public Service Loan Forgiveness (PSLF) Program

    For a full list of FIT benefits, visit our benefits webpage.

    Pay Equity by State Employers

    Pursuant to Executive Order 161, no State entity, as defined by the Executive Order, is permitted to ask, or mandate, in any form, that an applicant for employment provide his or her current compensation, or any prior compensation history, until such time as the applicant is extended a conditional offer of employment with compensation. If such information has been requested from you before such time, please contact the Governor's Office of Employee Relations at (518) 474-6988 or via email at info@goer.ny.gov.

    Visa Sponsorship

    Fashion Institute of Technology is not able to provide visa sponsorship for this position.

    Equal Employment Opportunity (EEO) Statement

    FIT is firmly committed to creating an environment that will attract and retain people of diverse racial and cultural backgrounds. By providing a learning and working environment that encourages, utilizes, respects, and appreciates the full expression of every individual's ability, the FIT community fosters its mission and grows because of its rich, pluralistic experience. FIT is committed to prohibiting discrimination, whether based on race, color, national origin, sex, gender, gender identity, religion, ethnic background, age, disability, marital status, sexual orientation, military service status, genetic information, pregnancy, familial status, citizenship status (except as required to comply with law), or any other criterion prohibited by applicable federal, state, or local laws. FIT is committed to providing equal opportunity in employment, including the opportunity for upward mobility for all qualified individuals. Applications from minorities, women, veterans, and persons with disabilities are encouraged. Inquiries regarding FIT's non-discrimination policies may be directed to the Affirmative Action Officer/Title IX Coordinator, 212 217.3360, titleix@fitnyc.edu.

    Americans with Disabilities Act (ADA) Requirements

    This position will be required to constantly read and comprehend, occasionally perform calculations, constantly verbally communicate, constantly analyze, and constantly write. The working conditions for this position will be on campus, primarily in an office environment. The physical requirement for this position will require constant sitting, occasional standing, occasional bending, occasional walking, and occasionally lifting 10 lbs. or less.

    Application Instructions:

    In order to considered for this position, please submit the following documents online:
    • Resume
    • Cover letter
    • Unofficial transcript
    • A list of three references with telephone numbers and email addresses

    Returning Applicants - Login to your FITNYC Careers Account to check your submitted application materials.

    Review of applications will begin immediately until the position is filled.

    Please note that due to the volume of applications, we will not be able to contact each applicant individually.

    Additional information about the Fashion Institute of Technology can be found at: http://www.fitnyc.edu .

    About Fashion Institute of Technology:

    The Fashion Institute of Technology (FIT), part of the State University of New York and an internationally renowned college of art, design, business and technology with a strong emphasis on liberal arts, invites nominations and applications for a Deputy Director of Cyber and Endpoint Security.

    Company

    Learn more about this company

    Visit this company’s hub to learn about their values, culture, and latest jobs.

    Visit employer hub

    Learn more about this company

    Visit this company’s hub to learn about their values, culture, and latest jobs.

    Visit employer hub

    Get job alerts

    Create a job alert and receive personalised job recommendations straight to your inbox.

    Create alert

    Similar jobs