Manager, Information Security

Job Type

Full-time

Description

New England College of Optometry seeks an entry level Information Security Manager to develop, implement, and oversee a robust information security strategy and program. This critical role involves establishing and enforcing policies, procedures, and technologies to protect the confidentiality, integrity, and availability of institutional and student data. The Information Security Manager will be responsible for risk assessment, incident response, security operations, and ensuring compliance with all relevant regulations and standards. This role requires strong leadership, technical expertise, and excellent communication skills to collaborate effectively across the institution.

Responsibilities

• Develop, implement, and oversee a robust information security strategy and program in alignment with institutional goals and industry best practices.
• Establish and maintain institutional information security policies, standards, and guidelines, ensuring they are regularly reviewed, updated, and communicated.
• Manage security operations, including monitoring, detection, prevention, response, and analysis of security threats and vulnerabilities.
• Lead and coordinate the information security incident response team, managing security breaches & ensuring timely and effective resolution and post-incident analysis.
• Conduct regular risk assessments and penetration testing to identify and mitigate potential security vulnerabilities across systems, networks, and applications.
• Ensure compliance with national and international regulatory frameworks (e.g., FERPA, HIPAA, ISO 27001, SOC 2) relevant to the organization.
• Oversee security awareness training programs for all employees to promote a culture of security consciousness.
• Manage the security budget and evaluate, select, and implement appropriate security tools and technologies.
• Report on the status of the security program, vulnerabilities, and incidents to executive leadership.
• Work on "special projects" as assigned by the Chief Information Officer.
• Other duties as assigned.

• Experience in designing, implementing, and managing enterprise-level information security programs and strategy.
• Technical knowledge of network security, application security, cloud security (e.g., AWS, Azure, GCP), and endpoint protection technologies.
• Understanding of risk management methodologies and security frameworks (e.g., ISO 27001, NIST, CIS Controls).
• Experience leading security incident response and forensic analysis.
• Strong communication and interpersonal skills, with the ability to explain complex security issues to technical and non-technical audiences.
• Knowledge of networking principles, including wireless networking.
• Excellent written and verbal communication skills, professional appearance, punctuality and a sense of urgency.
• Experience working with Active Directory and Google Cloud Platform.
• Ability and willingness to learn new technologies.

• Professional certifications such as CISSP, CISM, or relevant SANS certifications.
• Experience with Governance, Risk, and Compliance (GRC) tools and processes.
• Exceptional organizational skills, with the ability to prioritize projects and tasks.
• Familiarity with scripting languages (e.g., Python, PowerShell) for security automation.
• Ability to write reports and document steps for knowledge sharing.
• Ability to work efficiently and independently with minimal supervision.
• Excellent customer service and communications skills.

• Bachelor's degree in Computer Science, Information Technology, Information Security, or a related technical field.

• A minimum of 2 years of progressive experience in the field of information security.

• 3 plan options for BCBS medical coverage (employer subsidized at 75% or greater)
• Mental Health and Wellness benefits
• BCBS Dental
• Discounted vision services
• 13 paid holidays and generous paid time off for sick, vacation, and personal days
• Employer-paid life insurance, and short-term and long-term disability
• Voluntary Insurance: life, critical illness, hospital indemnity, accident,
• Voluntary Benefits: employee discounts and pet insurance
• 9% employer contribution to a 403(b) retirement plan after 1 year of service with no vesting schedule or match requirement
• Qualified Public Service Loan Forgiveness Employer