Director, Apps and Systems Security DevOps Application, Rose Hill
Job Description
Director, Apps and Systems Security DevOps Application, Rose Hill
Fordham University
Fordham University has an excellent reputation as a dynamic institution located in New York City. Founded in 1841, Fordham enrolls more than 16,000 undergraduate and graduate students in its 9 Colleges and Schools.
- Fordham University offers a comprehensive and competitive benefits package to its employees, which includes medical, dental, vision, life, and disability insurance.
- We offer tuition remission for employees and their dependents
- A generous employer match towards a 403(b) retirement plan.
- As a tax-exempt organization under section 501(c)(3) of the Internal Revenue Code (IRC), Fordham is considered a qualifying employer for the Public Service Loan Forgiveness (PSLF) program, a federal program designed to forgive student loan debt for employees of certain public and certain nonprofit employers.
- As part of its work-life balance program, the University provides generous PTO including 15 vacation days, 12 sick days, 2 personal days, 6 summer Fridays, and holidays that include paid time off between Christmas and New year.
- University employees have access to the Employee Assistance Program (EAP). EAP provides no-cost, professional, and confidential services, to help employees and family members address a variety of personal, family, life, and work-related issues.
Hybrid Policy:
Please review the Hybrid Policy here.
https://www.fordham.edu/human-resources/policies-guides-and-agreements/hybridremote-work-policy-for-administrators/
Position Summary
Reporting to the Senior Director of DevOps Planning, the Director of Application and System Security is responsible for shaping and implementing the security strategy for applications and systems, both on-premises and in the Cloud.
This position ensures that security principles are integrated into the configuration of systems and the development and deployment of web applications across all stages. Additionally, this position collaborates closely with application and engineering teams to proactively address current and potential security threats and oversees the University’s system configuration management, maintains a
secure Software Development Life Cycle (SDLC) program, and conducts regular audits, assessments, penetration tests, and vulnerability scans of systems and applications.
This position may require occasional evening, weekend, and holiday hours.
Essential Functions
- Formulates, defines, and executes application and system security strategies aimed at enhancing the adoption of new technologies, and assesses the effects of these technologies on intended audiences through comprehensive impact analysis.
- Manages the overall system configuration to ensure security and compliance, and ensures security is a core component in system configurations and the development/deployment process of web applications at all phases.
- Oversees the security aspects of running systems and applications in both Cloud and On-Prem environments.
- Partners with application and engineering teams to safeguard against existing and emerging security threats.
- Implements vulnerability scanning of applications to detect potential security issues, and leads penetration testing initiatives to identify vulnerabilities.
- Crafts communications strategies by developing key messaging elements and channels, establishing timelines for agreed-upon actions, and
overseeing the execution of the strategy. - Is responsible for a secure Software Development Life Cycle (SDLC) program.
- Performs periodic audits and assessments for system and application security.
- Negotiates with vendors, partners, and internal departments to achieve optimal security outcomes.
Essential Functions Note
- This list is not intended to be an exhaustive list.
- The University may assign additional related duties as necessary.
Management Responsibilities
Guides work of other employees who perform essentially the same work and/or student workers. Organizes, sets priorities, schedules and reviews work, but is generally not responsible for final decisions in hiring, performance management or compensation.
Additional Functions
- Formulates training strategies through the assessment of available materials, development of training plans, selection of appropriate delivery
methods, and management of related risks and issues.
Required Qualifications: Education and Experience
Bachelor’s degree in computer science or a related field.
Minimum of six years of IT resource and security management experience, including performing Threat Modeling and integrating these practices into the product lifecycle, conducting Attack and Penetration assessments and reviews, implementing a successful, highly automated SDLC program and using application vulnerability scanning products and Security Information and Event Management (SIEM) tools.
Required Qualifications: Knowledge and Skills
- Proficiency in authoritative standards, guidelines, and best practices in information security.
- Knowledge of cloud computing, virtualization, Cybersecurity framework (CSF), and ITIL framework.
- Proven ability in leading teams focused on System Security Architecture, Secure Development Lifecycle Management, Application Security (Web and Mobile), Cloud Technology and Security, Risk, and Compliance.
- Proficiency in penetration testing.
- Excellent verbal and written communication skills, including public speaking experience.
- Strong analytical and problem-solving abilities.
- Effective customer focus and management of client expectations.
- Excellent collaboration and team-building capabilities.
- Good organizational and time management skills.
- Demonstrated ability in consensus building across business and technology teams.
- Proven ability to develop and maintain vendor relationships
- Successful candidates should have a knowledge of and commitment to the goals of Jesuit Education.
Preferred Qualifications
- Background in security or technology administration within a Higher Education setting or a comparably decentralized environment.
- Previous experience in roles such as network, server, database, or application administration.
- Proficiency in using Project Management tools, such as Microsoft Project.
- Possession of relevant information security certifications, including but not limited to CISSP, CISM, CCSP, CISA, or GIAC.
Minimum Starting Salary: $128,000
Maximum Starting Salary: $160,000
Note: Salary is commensurate with qualifications, experience, and skills.
START DATE: ASAP
APPLY HERE: https://careers.fordham.edu/postings/8353
ABOUT FORDHAM
Founded in 1841, Fordham is the Jesuit University of New York, offering an exceptional education distinguished by the Jesuit tradition to more than 16,000 students in its 9 colleges and schools. It has residential campuses in the Bronx and Manhattan, a campus in West Harrison, N.Y., the Louis Calder Center Biological Field Station in Armonk, N.Y., and the London Centre in the United Kingdom.
Fordham University is committed to excellence through diversity and welcomes candidates of all backgrounds.
Fordham is an Equal Opportunity Employer – Veterans/Disabled and other protected categories
*Please mention you saw this ad on AcademeCareers.*