Information Security Officer

The Connecticut Education Network (CEN) is Connecticut s trusted internet partner, committed to our member community and its success. By honoring this commitment, we have grown the member customer network and maintained our reputation as one of the most valued and secure Internet Service Providers serving CT for over 20 years. Join CEN to discover a culture that is rooted in innovation and thrives on collaboration. Imagine loving what you do, where you do it, and contributing to a mission and vision that provides unprecedented value to CT.

CEN, through The University of Connecticut (UConn) Information Technology Services (ITS), presents an extraordinary opportunity for a dynamic Information Security Officer (IT Manager) to join our team. In this leadership role, you will be a driving force in shaping and executing our information security strategy, aligning activities with our mission and vision.

This posting is intended to fill the leadership role for Information Security within CEN. Your responsibilities include growing and mentoring a high-performing team of information security professionals, fostering collaboration and professional growth, overseeing project work, managing budgets, and implementing CEN s overall enterprise-wide information security program. You will provide leadership towards the goals of improving current and expanding into new managed cyber and network security service offerings to CEN s 670+ member organizations.

The position includes multiple programmatic and technical aspects of information security, including but not limited to Identity Access Management (IAM), MFA/2FA, vulnerability management, endpoint protection, application security, firewalls, load balancing, DDoS mitigation, web content filtering, penetration testing, security architecture reviews, server and systems hardening, and other related systems and/or services. Administrative and leadership aspects of service delivery will include vendor negotiation, contracting, costing, and pricing of services.

The successful candidate(s) will bring a senior level of experience, supervision, support, and knowledge of specific information security (IS) methodologies. You will play a pivotal role in setting the vision for security practices within CEN as delivered to the membership, operating at a leadership level, and diving deep into technical systems and problems where needed.

SALARY

• $98,871 - $136,400; negotiable based on qualifications and experience.

• Defined contribution with employer match OR defined benefit program retirement options.
• Excellent comprehensive and affordable healthcare options.
• 35 hour work week.
• 22 paid vacation days per year, in addition to paid sick leave and 13 paid holidays.
• Annual merit program.
• Employee and dependent tuition waivers.
• A highly desirable work environment with a great work-life balance.

1. Lead the development and execution of CEN's information security strategy, aligning activities with the CEN mission, vision, strategy, and values.
2. Manage and mentor a team of information security, systems, and/or developer professionals, defining priorities and roles, and fostering a collaborative work environment.
3. Oversee the operational responsibilities of CEN s security services including incidents, requests, provisioning, and maintaining systems and services such as servers, firewalls, IAM, MFA, SIM, etc.
4. Engage with CEN membership by leading and/or participating in workshops and CEN Conferences, collaborating with State and UConn CISO staff. Perform vCISO services to members as needed.
5. Develop, update, and maintain CEN s security policies, procedures, and standards to comply with industry best practices and regulatory requirements.
6. Provide leadership towards developing, improving, and expanding CEN s managed security service offerings, staying informed about emerging threats and security trends.
7. Collaborate on the implementation of automation and orchestration techniques to streamline security processes and enhance overall operational efficiency.
8. Direct project work, ranging anywhere from software development to the acquisition of hardware and software, ensuring successful implementation, completion, and documentation.
9. Conduct security risk assessments, prioritize threats, and implement mitigation strategies, collaborating with CEN member institutions as applicable.
10. Promote a security-conscious culture through training and workshops, internally to staff and externally to members, emphasizing best practices and practical outcomes.
11. Craft and maintain an incident response plan(s), leading incident response activities and maintaining detailed records of security incidents.
12. Oversee the implementation of security monitoring systems, ensuring prompt response to unusual activities on the network.
13. Lead efforts in assessing and managing security risks associated with third-party vendors, ensuring contractual agreements meet security standards.
14. Evaluate and recommend security tools, technologies, and solutions, providing technical leadership in IT service development.
15. Participate in on-call rotation and /or after-hours changes and escalations as needed.
16. Perform related duties as required.

• Team Orientation: Builds relationships with peers and other departments to achieve objectives. Balances team and individual responsibilities. Exhibits objectivity and openness to others views. Gives and welcomes feedback. Puts success of team above self. Serves as both a leader and supervisor, helping set strategy and implementing through direction, alignment, and direct report action.
• Problem Solving: Demonstrates sound analytic and diagnostic skills dealing with issues that are loosely defined and/or where information is available but must be further manipulated. Once decisions are made, you are able to follow and direct action to implement the intended results. Breaks a problem down into manageable pieces and implements effective, timely solutions. Openly and directly confront issues until resolved.
• Planning and Project Management: Works with, or serves as, the project lead in identifying those project tasks that are most important, establishes clear priorities, and understands the larger picture. Executes project tasks and creates documentation as required.
• Physical Demands: This position involves extended periods of sitting and the extensive use of computers and office equipment. May involve occasional stooping, kneeling, crouching, and/or working on step ladders. Involves close vision, color vision, depth perception, and focus adjustment. Must be able to lift 35 lbs. to shoulder height.

1. Bachelor s Degree + 6 years experience OR Associated Degree + 8 years experience OR 10 years related experience (IT/Security).
2. 5 years of progressive experience supervising and managing employee performance and teams of IT/InfoSec professionals.
3. Strong analytical, interpersonal, and organizational skills.
4. Understanding of IT Security frameworks and relevant regulatory obligations and audit requirements (like GDPR, SOX, NIST, CIS, ISO, PCI, FERPA, , and/or AICPA/SOC2).
5. Strong written and oral communication skills; ability to communicate and present technical information to a non-technical audience.
6. Excellent time management, prioritization, and planning skills.
7. Technical background in IT, information security, cyber security, and/or network security.

1. Master s degree or higher in a relevant field and/or 5 years of direct experience in a large enterprise or service provider environment.
2. CISSP, CISM, or equivalent information security certifications.
3. One or more technical certifications such as Cisco Cyber Ops, CCNP Security, Fortinet NSE 7, Palo PCNSA, SANA AWS or Azure Security Certs, or alternate equivalent.
4. Experience managing enterprise security devices/platforms from vendors such as Fortinet, Palo Alto, Arbor/NetScout, f5, iBoss, Splunk, Cisco, and/or Juniper.
5. Programming/development skills (preferably in Python, PERL, and PowerShell).
6. Demonstrated understanding of computer security concepts including Identity & Access Management, Network Security, Application Security, and Incident Management.
7. Experience leveraging IP routing protocols such as BGP, OSPF, and/or ISIS.
8. Direct experience in a similar role such as ISO, CISO, vCISO, SOC Director, IS team lead, etc.
9. Advanced knowledge of emerging threats, security trends, and technologies.
10. Experiencing in contract negotiations, pricing, terms, and conditions.

This is a full-time, annually renewable position.

For additional information regarding benefits visit: hr.uconn.edu/employee-benefits-overview. For additional information about the University visit: uconn.edu. Other rights, terms, and conditions of employment are contained in the collective bargaining agreement between the University of Connecticut and the University of Connecticut Professional Employees Association (UCPEA).

TERMS AND CONDITIONS OF EMPLOYMENT

Employment of the successful candidate is contingent upon the successful completion of a pre-employment criminal background check.

Please apply online at: hr.uconn.edu/jobs. Staff Positions, Search #498339 to upload a cover letter, that demonstrates how you meet the minimum qualifications for this position and contact information for three (3) professional references. Screening will begin immediately.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

This job posting is scheduled to be removed at 11:55 p.m. Eastern time on May 7, 2024.

All employees are subject to adherence to the State Code of Ethics which may be found at: ct.gov/ethics/site/default.asp.

All members of the University of Connecticut are expected to exhibit appreciation of, and contribute to, an inclusive, respectful, and diverse environment for the University community.

The University of Connecticut aspires to create a community built on collaboration and belonging and has actively sought to create an inclusive culture within the workforce. The success of the University is dependent on the willingness of our diverse employee and student populations to share their rich perspectives and backgrounds in a respectful manner. This makes it essential for each member of our community to feel secure and welcomed and to thoroughly understand and believe that their ideas are respected by all. We strongly respect each individual employee s unique experiences and perspectives and encourage all members of the community to do the same. All applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

The University of Connecticut is an AA/EEO Employer.

Advertised: Apr 23 2024 Eastern Daylight Time
Applications close: May 07 2024 Eastern Daylight Time