# Advertised Summary Job Description
Reporting to the Executive Director of the ITG Project Management Office, the Associate Director of Cyber Security has direct oversight and management of the Business School''s cyber security infrastructure. The candidate will be responsible for maintaining, monitoring and reporting the cyber-security operations posture of the Business School. The candidate will be responsible for business continuity/disaster recovery, developing and ensuring cyber-security controls in systems development, setting cyber-security policy, and leading cyber-security and business continuity initiatives. He/she will be the "point person" during cyber security attacks and remediating cyber security threats.
The candidate will support ITG to ensure that the security policy / program is aligned with business risks, applicable regulations, University/CUIT requirements, and will keep abreast of IT security threats and controls.
Responsibilities:
1. Provide support for security events from key security products and services. Additionally, react to and take action upon alerts from network infrastructure security tools. Respond to escalation requests from the Help Desk, Infrastructure Services, Change Management or other IT representatives.
2. Architect, design, test and deploy security controls and technologies to enhance the security of the environment.
3. Develop and document security-related processes and procedures to help secure, mature and enhance the security of the environment.
4. Provide security incident response leadership and support.
5. Review, create and implement network and vulnerability scans using existing tools.
6. Perform information security assessments for new systems and monitor existing systems for intrusion detection, compliance with policies, procedures and standards.
7. Perform business continuity assessments and establish a business continuity and disaster recovery framework. Work with appropriate constituents to develop business impact analysis.
8. Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used to support cyber security operations.
9. Monitor and check the components of the information technology infrastructure to identify risks and compensating controls that can be put in place for cyber-security and business continuity purposes.
10. Initiates, facilitates and promotes activities to create information security and business continuity awareness within ITG and provides training and oversight consistent with established CUIT and Columbia Business School security policies and procedures.
11. Respond to cyber-security and business continuity risks and incidents as they occur. This includes periods when the incumbent may be on-call on a 24/7 basis. Develop, implement, and coordinate incident handling procedures.
# Minimum Qualifications for Grade Applicant meet these minimum qualifications to be considered an applicant
Bachelor''s Degree required. Candidate must have a minimum of 5 years demonstrated experience in an IT function related to Information Security with clear hands-on knowledge of Information Security technical details and management.
# Additional Position-Specific Minimum Qualifications Applicant meet these minimum qualifications to be considered an applicant
Candidate must have knowledge of risk and controls inherent in technology and multiple platforms.
Solid working knowledge with anti-virus/malware tools, intrusion detection/prevention, network firewalls, application firewalls, web proxy, incident management tools, and DLP necessary.
Experience resolving DDos, man-in-the-middle and other types of spam/phishing attacks required.
Experience implementing network security policies needed. Must have experience with incident response. Solid base experience with network security fundamentals such as policies and encryption needed. Ability to work independently and creatively solve complex technical problems required. Excellent organization, interpersonal and time management skills required as well as the ability to multi task. The applicant will be expected to demonstrate effective communication of complex technical issues and be able to balance information security requirements and the Columbia Business School''s mission, goals and culture.
# Preferred Qualifications
CISSP or CISM strongly preferred. CBCP certification is a plus. Project management experience is a plus. Preferred candidate will have knowledge of various security and risk assessment tools.
# Special Instructions
# Special Indications This position works with:
There are no special indications for this position
*Job Title:* Associate Director, Cyber-Security and Business Continuity, Information Technology Group
*Job Requisition Number:* 073832
*Department:* 5102- BUS School Administration
*Location:* Morningside
*Job Type:* Officer Full-Time Regular
*Hours Per Week:* 35
*Job Family:* Technical / Information Technology
*Salary Grade:* 13
*Salary Range:* Commensurate with experience
*HIPAA Compliance training required:* No
*Participation in Medical Surveillance required:* No
*What type of posting? Is this a waiver request?:* Standard Posting
*Requisition Open Date:* 05-23-2014
*Requisition Close Date:* Open Until Filled
*Quick Link:* jobs.columbia.edu/applicants/Central?quickFind=142070
*EEO Statement:* Columbia University is an Equal Opportunity/Affirmative Action employer --Race/Gender/Disability/Veteran.
*Local Hiring:* Columbia University is committed to the hiring of qualified local residents.