Under the direction of the CIO, the Information Security Analyst is responsible for assisting with the development and delivery of a comprehensive information security program for Massasoit Community College. The purpose of the position is to assure that information created, acquired, or maintained by Massasoit and its authorized users is handled in accordance with its intended purpose; to protect Massasoit information and its infrastructure from external or internal threats; and to assure Massasoit complies with appropriate requirements around information access, security, and privacy.

Essential Functions:

Policymaking and Planning

• Help develop, publish, and maintain the College's information security policies, standards, and procedures. Draft changes or additional policies as necessary. Ensure that policies comply with both external and internal requirements. Monitor College-wide compliance.
• Conduct risk assessments and provide recommendations to help the College develop security standards and procedures that support strategic, tactical, and operational objectives on a cost-effective basis.
• Identify information recovery and security risks, help develop and implement solutions College-wide.
• Maintain and stay up to date with the latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities relating to the College.

Operations

• Review results of vulnerability testing, PII scanning, and other assessments and work with other ITS staff to address findings.
• Work with ITS technical staff and consult with internal and external College partners to plan and implement information security initiatives.
• Lead in the prevention, detection, containment, correction and documentation of security incidents and breaches.
• Monitor the threat environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
• Develop and deliver training and awareness programs on information security and privacy matters for staff, faculty, and students.
• Organize tabletop and simulation exercises for incident response handling and business continuity.

Additional responsibilities

• Focuses on the Commonwealth's Equity Agenda by applying related best practices throughout all job functions.
• Perform additional duties and fulfill responsibilities as required.

• Bachelor's degree or equivalent work experience in a related field
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
• Ability to identify and mitigate network vulnerabilities and explain how to avoid them
• Demonstrated ability to work with diverse groups of people
• Information systems/networking knowledge

Preferred:

• Bachelor's degree or higher relating to the field of information security
• 3-5 years of increasing responsibility in Information Technology
• Experience in developing or administering an information security program
• Knowledge of common information technology and information security frameworks such as NIST 800-171
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
• Knowledge and understanding of relevant legal and regulatory requirements, such as Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry/Data Security Standard, Family Educational Rights Privacy Act (FERPA) and Sarbanes-Oxley Act (SOX)

Position Status: Non-unit Professional, full-time state funded with benefits.

Hours: 37.5 per week, Monday - Friday with a hybrid schedule option

Salary: $72,257 - $90,324 annually based upon education and experience

Worksite: Assignments will include all Massasoit sites and additional locations as necessary.

Deadline to Apply: May 5, 2024