Whatcom Community College is accredited by The Northwest Commission on Colleges and Universities. WCC is a public associate degree granting college with an accomplished faculty and staff who serve 11,000 students annually on its beautiful 72-acre campus in Bellingham, Washington, through face-to-face, hybrid, and online courses. Whatcom offers transfer degrees, professional and technical training programs, as well as basic education, job skills, and community & continuing education classes. The College is committed to equal opportunity and believes diversity of experiences and cultures enrich our campus community. For more information about WCC, please visit www.whatcom.edu.
Whatcom’s campus is located in Bellingham (population 86,720). Bellingham showcases a strong commitment to education and is regularly rated on “best of the Northwest” lists. The 12th largest city in Washington State, Bellingham is midway between Seattle and Vancouver, B.C. Canada. The city is surrounded by the rural landscape of Whatcom County (population 212,540), which is home to a thriving network of farms and scenic wilderness. As you explore our community, you’ll discover historic neighborhoods, waterfront cities, farmlands and mountain towns all within a few dozen miles of each other. Bellingham and Whatcom County are known for their outdoor activities and being ranked second in the nation for arts businesses per capita. Whether your idea of fun is visiting galleries, watching live theater, kayaking, hiking, snowboarding, or unwinding with a good book, you’ll love Bellingham and Whatcom County. To learn more about Bellingham, please visit: http://www.bellingham.org
Whatcom Community College welcomes applications for an Information Technology Security Manager. The IT Security Manager is an integral member of the Information Technology department and is responsible for the confidentiality, integrity and availability of all information technology systems and user/system data for Whatcom Community College (WCC). This position is to ensure created, acquired, or maintained information is used by authorized users for its intended purpose; to protect college information from internal/external threats; and to assure WCC complies with statutory and regulatory requirements regarding information access, security, and privacy.
The primary focus of the position is to reduce risk to the campus network, users, and data with an emphasis on securing wired, wireless, and remote communications; client devices, servers, and related networking gear. This position serves as the "point of contact" during IT security attacks and is expected to lead efforts to remediate IT security threats.
This position will facilitate yearly end-user security training. This position also serves as the designated backup-up to the IT Director, serves as project manager for larger IT initiatives as assigned, acts as the IT Director's designee for information security matters, and serves as the campus contact point for external auditors and agencies on IT security and privacy matters.
The position is responsible for understanding complex security issues and communicating these issues to both technical and non-technical peers and management. This position will interface with other IT employees to implement platforms that will function in a complex environment, integrating with technologies such as network security systems, DHCP, DNS, AD, monitoring systems, authentication systems, and other centralized infrastructure services.
The candidate must be a well-rounded individual with deep technical expertise along with strong communication, organizational, interpersonal, and project management skills.
Key responsibilities of this role include, but are not limited to:
- Define and implement effective data security and information security guidelines, procedures, and audits to ensure all college information is protected from internal and external threats and vulnerabilities. This includes data security procedures, disaster recovery, reporting, and business continuity plans that meet state requirements.
- Document and map the architecture of current security infrastructure, and develop the information security roadmap for future improvements.
- Develop and implement an Incident Reporting and Response System to address security incidents (breaches), respond to alleged policy violations, or complaints from external/internal parties. Serve as the official campus contact point for information security, and lead investigations.
- Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection, patch management verification and remediation, and perform vulnerability testing, including external and internal penetration testing.
- Serve as designated HIPAA Security and Privacy Officer; oversee PCI compliance for all information technology systems and services; work with internal departments on reporting/auditing; create required policies and audit compliance of policies.
- Work with HR and other IT employees on eDiscovery requests and legal holds, record management, and evidence collection.
- Lead the analysis of network traffic and system logs to determine corrective action and implement counter-measures; evaluate security incidents, develop solutions and communicate results to end users and technical staff.
- Respond to cybersecurity and business continuity risks and incidents as they occur, regardless of the time of day, or day of week.
- Lead the management and configuration of Security Information Event Management (SIEM) products including monitoring, reporting, analysis and development of use cases.
- Assist in the management and configuration of End Point Security products.
- Provide reports to Network Support and Desktop Support team to ensure all devices on the network adhere to strict network engineering and security specifications.
- Actively participate as the college representative to the Information Technology Commission's IT Security Council.
- Participate in campus meetings, designated campus events and committee activities, external conferences, seminars, and professional development opportunities.
- Performs other job-related duties as needed or assigned.
Qualifications, Salary and Appointment
- Associates degree in network security, information security, or related field; or three or more years of experience working in the information technology security field.
- Minimum three  years' experience with a mix of the following infrastructure technologies is required: Microsoft Active Directory, Windows Server 2012-2019, advanced threat firewall technologies, routers and switches including VLAN's and policy controls.
- Higher education experience.
- Proficiency and experience in performing security risk and compliance assessments in fast-paced, global business and technology environments.
- Good understanding of SANS 20 security standards as well as other information security management and compliance frameworks.
- Basic understanding of U.S. and global regulatory compliance drivers and requirements relevant to information security and data protection, such as U.S. State statutes, FERPA, HIPPAA, PCI.
- Strong understanding of enterprise, network, system/endpoint, application and data protection standards, benchmarks, processes, applications, tools, techniques, issues and security risks.
- Experience in researching, authoring or supporting development of information security policies and standards.
- Current certifications in one or more of the following: Certified Information Systems Security Professional CISSP, Certified Information Systems Auditor CISA, GIAC Security Essentials Certificate (GSEC), Cisco Certified Security Professional CCSP, CompTIA Security+, Certified Information Security Manager CISM, Certified Information Privacy Manager CIPM, or equivalent industry certifications.
- Experience in configuring, deploying, and monitoring security infrastructure: IDS/IPS, endpoint control, advanced threat gateways, vulnerability scanners, SIEM tools.
- Knowledge and experience with shell scripting and programming languages such as PowerShell, BASH, C, C++, C#, Python and application development environments.
- Experience with internet network communications such as TCP/IP, HTTP, DNS, SMTP, NTP, BGP.
- Advanced knowledge of Apache, IIS, MySQL, PHP/Python/Perl (LAMP) technology/toolkit.
- Experience with IT Infrastructure Library (ITIL) - particularly incident, change, release, and/or problem management.
- Work is performed in a normal, temperature controlled office environment.
- Work is sedentary in nature.
- Frequent use of computer and exposure to terminal screens.
- Work involves constant interruptions and requirement to answer on demand questions by phone, in person, or electronically.
Salary and Appointment:
- This is a full-time Administrative/Exempt position. Exempt from Washington State civil service law with an annual salary based upon a range of $70,000-$74,000 depending on experience.
- The position comes with a full benefit package, including health, dental, life, long-term disability insurance and a retirement plan.
Additionally, as a Washington State, public higher education institution, WCC offers the following:
- Whatcom Community College is a qualified employer for the PSLF program. If you work for the College full time, have had Direct Loans and are on an eligible repayment plan, you are eligible to apply.
- Full-time employees are eligible to apply and participate in the Whatcom Community College Employee Tuition Program, which provides a tuition waiver for available and eligible WCC courses.
- As soon as can be arranged with successful candidate.
Application Due Date:
- For guaranteed consideration, application packets should be received by Monday, January 13th, 2020 at 4:59 pm. Position open until filled.
To apply please visit us at: