Reports directly to the most senior Information Security professional (currently Manager, Information Security) and, indirectly, to the Vice President for Digital Innovation and Technology/CIO. The Information Security Systems Administrator (ISSA) is a hands-on role that requires a high level of technical expertise in the broad range of systems, networking, and information security technologies in use at Hofstra University. The person in this position is responsible for a broad range of tasks, including the day-to-day administration of cybersecurity tools and devices, as well as security information and event management (SIEM) systems. This role will at times contribute significantly to the security related administration aspects of a wide variety of IT systems and services across the university.
Additionally, as legal and regulatory compliance drivers continue to grow in impact and importance, the ISSAâ€™s collaborates frequently with members of the Universityâ€™s Internal Audit department.
This position interfaces frequently with other colleagues in Hofstra Information Technology Services, Northwell Health Information Technology, peers at other institutions, and third-party systems, software, security, SaaS, and IaaS vendors.
Responsibilities include, but are not limited to:
System Administration and Use â€¢Administers and uses the various systems, virtual appliances, and physical appliances including SIEM and log management systems used to detect, defend, and defeat breaches of information security. This includes management at the hardware, operating system, and application layers, as well as on network-specific security devices, in accordance with the defined university policies, standards and procedures, as well as with industry best practices and manufacturer guidelines. â€¢Performs user and access administration on designated systems and applications, in accordance with the defined policies, standards and procedures. â€¢Performs installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems. â€¢Evaluates software patches for criticality and, where appropriate, collaborates with colleagues to schedule and apply patches, remove or otherwise mitigate known control weaknesses, such as unnecessary services or applications or redundant user accounts, as a means of hardening systems in accordance with security policies and standards. â€¢Performs normal and exceptional processing of user access and change requests for designated systems, escalating such requests when appropriate.
Threat and Vulnerability Detection, Mitigation and Analysis â€¢Maintains an expert working knowledge of extant vulnerabilities and threats, and monitors security vulnerability information from vendors and third parties. â€¢Monitors system logs, SIEM tools, service specific threat detection (such as Office 365â€™s security tools), and network traffic for unusual or suspicious activity. Interprets such activity, reports as appropriate, and takes additional action as necessary. â€¢Performs threat and vulnerability assessments and various tests including penetration tests, in some cases followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities. â€¢Reports unresolved security exposures, misuse of resources or noncompliance situations using defined escalation processes. â€¢Locates and repairs security problems and failures. â€¢Collates security incident and event data to produce monthly exception and management reports. â€¢Implements or coordinates remediation required by audits or advisory, and document exceptions as necessary
Project, People, and Process Leadership â€¢Researches, recommends, evaluates and implements cybersecurity solutions that identify and/or protect against potential threats, and respond to security violations. â€¢Trains and mentors junior team members in the use of security tools, the preparation of security reports and the resolution of security issues. â€¢Develops and maintains documentation for security systems and procedures. â€¢Investigates and resolves security violations by providing postmortem analysis to illuminate the issues and possible solutions. â€¢Participates in infrastructure projects to develop, plan and implement specifications for network and distributed system security technologies in support of key information systems Collaboration and Professional Development â€¢Participates in cybersecurity working groups â€¢Maintains, through participation in professional organizations, conferences, and direct training, an expert working knowledge of information security theory and practice.
The expected start date for this position is September 1, 2021.
Internal Number: 898872-21
About Hofstra University
Hofstra University is a nationally ranked and recognized private university in Hempstead, N.Y. that is the only school to ever host three consecutive presidential debates (2008, 2012 and 2016). At Hofstra, students get the best of both worlds. Our campus is a leafy oasis just a quick train ride away from New York City and all its cultural, recreational and professional opportunities. We offer small classes and personal attention, with the resources, technology and facilities of a large university. Students can choose from more than 160 undergraduate program options and 165 graduate program options in the liberal arts and sciences, education, health professions and human services, the Peter S. Kalikow School of Government, Public Policy and International Affairs, the Fred DeMatteis School of Engineering and Applied Science, the Frank G. Zarb School of Business, the Lawrence Herbert School of Communication, the Maurice A. Deane School of Law, the Hofstra Northwell School of Graduate Nursing and Physician Assistant Studies, and the Donald and Barbara Zucker School of Medicine at Hofstra/Northwell. Hofstra University is a dynamic community of more than 11,000 students from around the w...orld who are dedicated to civic engagement, academic excellence and becoming leaders in their communities and their careers.