IT Security and Compliance Manager II

About The Position

Requirements

• Bachelor's degree in computer science or a related IT field or related degree from an appropriately accredited institution and three years of progressive experience in IT security or closely related area including two years of supervisory experience; or Associate degree in computer science or a related IT field or related degree from an appropriately accredited institution and four years of progressive experience in IT security or closely related area which includes two years supervisory experience; or an equivalent combination of education and experience.
• Candidates must reside in North Carolina at the time of hiring.

Nice To Haves

• Cybersecurity Experience & Leadership: Minimum of 3 years of hands-on cybersecurity experience, including demonstrated organization and program leadership, problem-solving, process improvement, and project management capabilities. Preferred certifications demonstrating experience include, but are not limited to, CISSP, CCSP, CISM, GCSA, CEH, GCIA, GCIH, and SANS.
• Information Security Knowledge: Demonstrated understanding of security governance, frameworks, policies, and procedures, as well as compliance with federal and state privacy laws and regulations such as GLBA, FERPA, HIPAA, PCI-DSS, NIST 800-53/800-171, and CIS Controls.
• Security Program Implementation: Proven experience in deploying, operating, and maintaining enterprise or local information security programs and technical controls.
• Risk Management Expertise: Skilled in conducting risk assessments, audits, and reviews, with experience in vulnerability analysis, control evaluation, likelihood determination, and risk prioritization.
• Technical Architecture Understanding: Solid knowledge of network and application architecture, including network protocols, routers, switches, and how these systems interoperate.
• Security Operations & Forensics: Experience with incident response, intrusion detection, vulnerability and patch management, log analysis, and computer/network forensics.
• Communication & Collaboration Skills: Excellent written and verbal communication skills, with experience presenting to executive leadership. Strong interpersonal and organizational abilities, and a proven track record of working effectively across cross-functional teams and diverse technical audiences.

Responsibilities

• Cybersecurity Leadership Deliver strategic and tactical cybersecurity guidance to college CIO, IT leadership, and executive teams. Collaborate with senior administration and academic leaders to define and implement a continuous improvement model for information security while fostering strong relationships across the institution.
• Information Technology Security Expertise Serve as the technical authority on multiple technologies, including on-premises and cloud security. Robust experience in a broad range of IT solutions from networks to servers and cloud-based platforms such as Microsoft Azure, Office 365, Amazon Web Services (AWS), and Google Workspace (G-Suite).
• Information Security Program Development Provide leadership and support for the design and execution of a comprehensive, institution-wide information security program. Assist in defining near-term, annual, and long-term security goals, strategies, metrics, and reporting mechanisms. Develop maturity models and roadmaps for continuous improvement aligned with local and system-wide policies and standards.
• Security Awareness and Advisory Drive security education and awareness initiatives. Provide expert advice on security best practices, vulnerabilities, and remediation strategies to reduce institutional risk.
• Regulatory and Industry Awareness Monitor and interpret evolving cybersecurity threats, trends, and regulatory changes impacting higher education at state, system, and national levels.
• Compliance and Audit Support Partner with compliance leadership to build integrated security and compliance programs. Ensure adherence to state and federal regulations (FERPA, PCI, HIPAA, FSA, GLBA, NIST 800-53/800-171). Support colleges with audit readiness, external assessments and compliance checks.
• Incident Response Leadership Assist colleges in identifying and responding to threats. Assist and coordinate institutional response to security incidents. Act as liaison to system and state resources during major events. Participate in Cyber Incident Response Teams (CIRT) for investigation and resolution.
• Professional Development Maintain and expand professional knowledge and skills through ongoing education and engagement with industry best practices.

Benefits

• All System employees are valued and offered a wide variety of competitive and family-friendly benefits.
• The state of North Carolina provides excellent comprehensive benefits.
• Employees may choose to participate in health insurance options, standard and supplemental retirement plans, and the NCFlex program (numerous high-quality, low-cost benefits on a pre-tax basis).
• Employees also receive paid vacation, sick, and community service leave.
• In addition, paid parental leave, and personal observance is available to eligible employees.
• The best-funded pension plan/retirement system in the nation according to Moody’s Investor’s Service
• Twelve (12) holidays/year
• Fourteen (14) vacation days/year which increase as the length of service increases and accumulate year-to-year
• Twelve (12) sick days/year which is cumulative indefinitely
• Longevity pays lump sum payout yearly (based on length of service beginning 10 years and up)
• 401K, 457, and 403(b) plans