Job Number: 107491
Department: OIT: Enterprise IT Security
Campus Location (For Posting) : City
Discover Your Career at Emory University
Emory University is a leading research university that fosters excellence and attracts world-class talent to innovate today and prepare leaders for the future. We welcome candidates who can contribute to the diversity and excellence of our academic community.
In this role, you will lead the Emory Enterprise Security IT Risk and Compliance team.
The IT Risk and Compliance manager manages the design, implementation, operation, and evolution of Emory’s enterprise-wide IT risk management and compliance programs across the entire Emory enterprise (all Emory schools, divisions, and lines of business). This includes all relevant IT compliance regimes (e.g. HIPAA, PCI, GLBA, GDPR, FERPA, FISMA, CMMC, NSPM-33, FDA CFR 21 Part 11).
- Technical design, implementation, maintenance, and strategic thought-leadership responsibilities for multiple information security disciplines such as security policy, awareness and education, risk management, incident response, vulnerability management, intrusion detection and prevention, regulatory compliance, and security operations.
- Drafts and reviews information security policies, processes, and procedures.
- Prepares information security awareness and education materials and other documentation.
- Determines and documents information security requirements and controls necessary for the protection of information resources.
- Implements and administers plans, processes, and procedures necessary to ensure compliance.
- Supervises other information security professionals and acts as a senior consultant to internal and external stakeholders or auditors as well as senior management.
- Provides guidance and assistance regarding information security matters such as the interpretation of information security policies and requirements or their applicability to particular situations.
- Oversees information security incident response activities, risk assessment and risk management activities, and vulnerability assessment and vulnerability management activities spanning multiple business units.
- Manages detailed network, operating system, database, and application vulnerability assessments and security configuration audits.
- Manages information security projects and initiatives.
- Oversees operational tasks supporting information security functions such as intrusion detection and prevention, security event log analysis, management reporting, virus prevention and remediation, encryption, network segmentation, remote access and authentication.
- Supports, maintains, monitors, troubleshoots and enhances security infrastructure tools, methodologies, software, and hardware.
- Independently develops automated tools and methodologies in support of Information Security functions.
- Analyzes data from Information Security functions and provides reports and recommended response actions to Information Security management.
- Represents Information Security to other organizations on information security related matters, as assigned.
- Publishes regular status reports and submits to management.
- Performs related responsibilities as required.
- A Bachelor’s degree and seven years of related IT experience including demonstrated technical expertise in multiple information security domains, project management skills and lead or supervisory experience or an equivalent combination of education, training and experience.
- Excellent project management and team participation skills.
- Good written and verbal communication skills.
- Strongly preferred qualifications include: knowledge of information security technologies, methodologies, and practices in security policy, standards, and best practices; security awareness; security incident response; risk assessment and management; vulnerability assessment and management; intrusion detection and prevention; system administration (Windows, OS X, Linux, Solaris, etc.); auditing and security administration of network, operating system, database and application security; access control; encryption; firewalls and proxies; networking; security event log analysis; virus prevention and remediation; and programming/scripting.
- Security certifications are a plus (e.g. SANS/GIAC, CISSP, CISA, CISM).
- Expert knowledge of information security technologies, methodologies, and practices in several of the following domains:
- Security policy, standards, and best practices;
- IT risk assessment and risk management;
- IT compliance;
- Vulnerability assessment and management;
- Configuration assessment and management;
- Auditing and security administration of networks, operating systems, web servers, databases and applications;
- Security education and awareness;
- Experience with Archer or other eGRC platforms.
- Familiarity with conducting assessments using NIST standards such as 800-171, and 800-53.
Location: Greater Atlanta area preferred but open to other arrangements for the right candidate
Must obtain and continuously maintain one or more of the following certifications:
- PCIP – PCI Professional
- PCI ISA – PCI Internal Security Assessor
- PCI QSA – PCI Qualified Security Assessor
- CAP – Certified Authorization Professional
- CFCP – Certified FISMA Compliance Practitioner
- CISA – Certified Information Systems Auditor
- CISSP – Certified Information Systems Security Professional
- CISM – Certified Information Security Manager
NOTE: This role will be granted the opportunity to work from home regularly but must be able to commute to Emory University location as needed. Emory reserves the right to change this status with notice to employee.
Emory Supports a Diverse and Inclusive Culture
The COVID-19 vaccine or an approved exemption is currently only required for individuals working in a clinical setting. For more information on the University or Hospital policies, including exemptions, please see our website.
Emory University is dedicated to providing equal opportunities and equal access to all individuals regardless of race, color, religion, ethnic or national origin, gender, genetic information, age, disability, sexual orientation, gender identity, gender expression, and veteran’s status. Emory University does not discriminate in admissions, educational programs, or employment on the basis of any factor stated above or prohibited under applicable law. Students, faculty, and staff are assured of participation in University programs and in the use of facilities without such discrimination. Emory University complies with Executive Order 11246, as amended, Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veteran’s Readjustment Assistance Act, and applicable executive orders, federal and state regulations regarding nondiscrimination, equal opportunity and affirmative action. Emory University is committed to achieving a diverse workforce through application of its affirmative action, equal opportunity and nondiscrimination policy in all aspects of employment including recruitment, hiring, promotions, transfers, discipline, terminations, wage and salary administration, benefits, and training. Inquiries regarding this policy should be directed to the Emory University Department of Equity and Inclusion, 201 Dowman Drive, Administration Building, Atlanta, GA 30322.
Emory University is committed to providing reasonable accommodations to qualified individuals with disabilities upon request. To request this document in an alternate format or to request a reasonable accommodation, please contact the Department of Accessibility Services at 404-727-9877 (V) | 404-712-2049 (TDD). Please note that one week advance notice is preferred.