TITLE: Cybersecurity Supervisor
EXEMPT STATUS: Exempt
Under the direction of the management, this position is responsible for the day-to-day operations of PCC’s information and cyber security program and processes. The Cybersecurity Supervisor develops, recommends, and administers policies, procedures, risk management, testing, audit efforts, and the enforcement of security controls. This position designs and implements PCC’s information security architecture in support of effective and efficient enterprise-wide information technology security strategies. The incumbent serves as the College’s lead resource for security design and implementation, responds to inquiries from College departments and external agencies, and supervises information and cyber security staff.
TYPICAL DUTIES AND RESPONSIBILITIES
- In collaboration with management, plans, organizes, leads, administers, and evaluates the projects and activities of the College’s information technology security function.
- Supervises a work group of paraprofessionals and/or technical support staff. Hires, evaluates, trains, disciplines, schedules and assigns work, and recommends promotions, transfers, or terminations as necessary.
- Responds to high-priority and/or highly complex security incidents and helps troubleshoot and correct security-related problems.
- Provides guidance on design, implementation, administration, and enforcement of information security controls to application systems and tools, including network security and monitoring, intrusion prevention, intrusion and endpoint detection and response, virus protection, and identity and access management.
- Evaluates risks and designs controls to manage risks. Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
- Manages the implementation of projects and processes such as GRC (Governance, Risk and Compliance) to automate and continuously monitor information security controls, exceptions, risks, and testing. Leads the development of reporting metrics, dashboards, and evidence artifacts.
- Provides technical expertise and guidance of security control implementation, cyber analytics techniques, including threat hunting, system configurations and forensics to other departments within the College. Acts as the college’s lead resource for security design and implementation.
- Remains current on information security management and technological advancements. Maintains comprehensive knowledge of the current cyber threat landscape, cyber security product categories and their application, and available and immerging technologies.
- Evaluates technology and current and future security-related requirements and develops or recommends technical and operational solutions to enhance PCC’s cyber incident response capability. Manages leased or purchased hardware and software.
- Monitors the work of service providers and/or contractors and maintains vendor partnerships.
- Actively participates in strategic planning and leads tactical planning to coordinate the delivery of products and services. Provides project management for applicable technology deployments.
- Participates in the development and administration of section budget; implements and allocates resources following budget approval; approves expenditures.
- Improves PCC’s security positioning through process, policy, and procedure development, administration, and automation, and the continuous evolution of capabilities.
- Serves in/on a variety of meetings, committees, task forces, and/or other related groups to communicate information regarding college-wide technology services, programs, areas of opportunity, and/or other pertinent information as appropriate.
- Performs other duties as assigned.
WORK ENVIRONMENT AND PHYSICAL REQUIREMENTS
Work environment includes frequent disruptions and changes in priorities. Work is performed in an office environment or using standard information technology equipment combined with specialized information security products. Position requires routine periods of standing and walking, lifting of equipment (30-50 pounds) and physical agility. Physical skills are required for keyboarding and operating complex network and computing equipment. This position may require work on weekends, evenings, and holidays to enact business continuity plans, and provide incident response and disaster recovery operations.
Bachelor’s Degree in Computer Science, Cybersecurity, or related discipline. Relevant experience may substitute for the degree requirement on a year for year basis. Four years progressively responsible work experience cyber security management, including one year of lead or supervisory experience.
KNOWLEDGE, SKILLS AND ABILITIES
- Supervisory principles;
- Budgeting principles;
- Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations;
- Comprehensive multi-layered information security and defense strategies;
- Information systems auditing, monitoring, controlling, and assessment process;
- Risk assessment and management tools and methodology;
- Incident response management;
- Information technology systems and processes, data architecture and processes, protocols, network infrastructure, engineering, and operations;
- Strategic planning and project management principles;
- Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, and solutions.
- Supervising subordinate staff;
- Network and web application security, identity and access management;
- Operating and engineering forward and reverse proxy servers;
- Developing and implementing enterprise governance, risk, and compliance strategy and solutions;
- Researching and locating information related to internal and external organizations using online and other sources;
- Coordinating security implementations with other internal departments and/or external vendors.
- Troubleshooting and operating a computer and various software packages;
- Analyzing existing processes and technical security implementations to make recommendations for improvement;
- Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions;
- Using judgment and ingenuity in maintaining objectives and technical standards;
- Working with diverse academic, cultural and ethnic backgrounds of community college students and staff.
- Diagnose and resolve complex information security issues;
- Monitor and recognize security events of interest that may require improved detection/alerting capabilities;
- Interact positively with staff, the Board, the public, and regulatory agencies in order to enhance effectiveness and to promote quality service;
- Effectively communicate technical issues to diverse audiences, both in writing and verbally;
- Communicate technical information to a non-technical audience;
- Comprehend technical language and to confer, analyze and write in an objective, lucid manner;
- Evaluate and update and/or revise program materials;
- Learn quickly and apply knowledge to new situations;
- Understand and follow broad and complex instructions;
- Work independently and prioritize multiple tasks and adapt to needed changes;
- Remain calm under high pressure/difficult situations;
- Handle sensitive and confidential matters, situations, and data;
- Prepare a variety of reports related to operational activities, including statistical analysis;
- Develop, recommend, implement, and monitor and monitor policies, procedures, and workflows.