Information Security Manager/ ITC

The Information Security Manager at New Mexico Tech (NMT) is a pivotal role within the ITC department, responsible for developing, maintaining, and implementing comprehensive information security policies, procedures, and standards. Reporting directly to the Director of ITC or the Chief Information Officer (CIO), the manager will collaborate with various staff members to ensure the security of IT operations, systems, and networks. This position is integral to the incident response team, where the manager may directly engage in responding to security incidents, overseeing remediation efforts, and ensuring the resolution of such incidents effectively. In this role, the Information Security Manager will conduct regular IT risk assessments to identify vulnerabilities and potential threats to the university's information systems. The manager will also be tasked with creating or modifying security and privacy policies that align with NMT's operational needs. A significant part of the job involves monitoring and analyzing security alerts generated from firewalls, wireless access points, and other critical devices and systems. The manager will prepare for and implement security standards, procedures, and controls that comply with various regulatory frameworks, including GLBA, FCI, FTI, NIST 800-171, and the Cybersecurity Maturity Model Certification (CMMC). Additionally, the Information Security Manager may assist in configuring, operating, and co-administering various security control devices, such as firewalls, VPNs, Endpoint Detection and Response (EDR) systems, and Data Loss Prevention systems. A thorough understanding of technology, departmental procedures, and university protocols is essential, as the manager will support staff across all areas of the IT department and the university concerning security matters. This includes oversight of phone systems, networking, wireless infrastructure, help desk operations, computer systems, data center operations, vendor management, inventory, and project management. The role may also involve other duties as assigned, ensuring a comprehensive approach to information security across the university.