Reporting to the CISO & AVP, Security & Identity Access Management, the Director, Cyber Security will be responsible for leading and managing the cyber security design and monitoring efforts (on premise and off-premises systems) of Columbia University (CU), which includes but is not exclusive to oversight of all enterprise network security design/monitoring functions such as: incident response, logs correlation, detection and monitoring of network traffic anomalies, creation and monitoring of cyber security dashboards, network security architecture implementation, and liaising with University constituents on premise and cloud security implementation strategies and ongoing monitoring of risks and remediation. The incumbent will manage a Cyber Security Team.
Ensures successful execution of the core functions of the Cyber Security design and monitoring for CU on premise and off-premises network/systems, including: threat detection and prevention, incident response, systems and network security monitoring, forensics, vulnerability management, and data loss prevention at enterprise scale.
Assigns staff to various tasks, supervises and directs their activities, reviews and evaluates their work performance.
Evaluates and hires new staff members as required.
Compiles information and prepares cyber security incident reports.
Investigates anomalous activity of network and systems logs.
Builds custom SIEM detection rules.
Assist CISO in providing Cyber Security As a Service to CU decentralized technology service areas
Creates and maintains dashboards / KPIs that monitor cyber security (on-premise and off-premises).
Maintains ongoing awareness of shifts in threat landscape and attacker methodologies; recommends appropriate strategic and operational changes to the security program to address new threats.
Serves as an internal cyber security consultant on information security projects/initiatives, automation of security testing in new projects as assigned by the CISO.
Participates in the University???s major new systems implementation projects (on premise and off-premises), as assigned by the CISO, to ensure that appropriate cyber security controls are built into system prior to production cutover.
Liaises with other information technology groups in investigation and resolution of security incidents.
Performs ongoing system and network health checks (on & off premises) on identified high risk network segments, systems, and applications and follows up on remediation.
Manages the monitoring of intrusion detection and security information management systems to discover APT attacks and/or mitigate malicious activity on networks.
Reviews and correlates logs and messages to identify instances of possible security infractions or vulnerabilities (on premise and off-premises).
Conduct annual Cyber Security and Incident Response Training at Columbia
All other duties as assigned.
Bachelor's degree or equivalent required. Advanced degree desirable.
7-9 years' related work experience.
Expertise in building and designing security automation workflows and processes.
Experience securing all 3 major clouds (AWS, Azure, and GCP).
Ability to lead investigations from advanced persistent threats.
Operational and managerial experience with core security operations functions, including some or all of: incident response, vulnerability management, network and security monitoring, network access control, and data loss prevention.
Understanding of net flow, packet analysis, DNS, system log file analysis, forensics tools, and other alerts to conduct incident response activities.
Understanding of networking concepts, network security architecture and common modern operating systems, including Windows, Mac OSX, Linux, Unix, and mobile device platforms including Android and iOS.
Experience in presentation of information security to diverse group of non-security professionals in IT settings and/or Stakeholders.
Knowledge of IT security regulations and best practices
Excellent written and verbal communication skills.
Demonstrated ability to work in a fast-paced, deadline driven environment.
Demonstrated excellence in a variety of competencies including teamwork/collaboration, analytical thinking, communication and influencing skills, and technical expertise.
Ability to work with changing priorities and with multiple projects.
Ability to be precise and attentive to detail is essential.
Ability to work with minimal supervision.
Ability to work weekend and off-hour work as and when needed.
3+ years of management experience.
BS degree in Computer Science is a plus.
Diverse knowledge of information technologies and security controls in on premises and cloud environments.
Previous experience with security/identity projects.
Equal Opportunity Employer / Disability / Veteran
Columbia University is committed to the hiring of qualified local residents.
Columbia University is one of the world's most important centers of research and at the same time a distinctive and distinguished learning environment for undergraduates and graduate students in many scholarly and professional fields. The University recognizes the importance of its location in New York City and seeks to link its research and teaching to the vast resources of a great metropolis. It seeks to attract a diverse and international faculty and student body, to support research and teaching on global issues, and to create academic relationships with many countries and regions. It expects all areas of the university to advance knowledge and learning at the highest level and to convey the products of its efforts to the world.