External Security Services Information Security Officer in Information Technology Exchange Center
: Job Details :

Faculty/Professional ProfessionalDepartment: Information Technology Exchange CenterLocal Title: External Security Services Information Security OfficerBudget Title: Supervising Programmer/AnalystRank: SL-5Line Number: TBDSalary Range: $77,346 -$143,611 Competitive based on experience.FTE: Full-TimeNegotiating Unit: UUPFLSA: ExemptDepartment WebsiteBrief Job DescriptionITEC's External Security Services Information Security Officer (ESISO) is part of a team responsible for providing strategic cybersecurity leadership and advisory services to higher education institutions. This role involves assessing, and implementing ITEC security program strategies, policies, and frameworks that align with the unique security needs of universities and colleges. The ESISO will act as a trusted security partner, helping institutions manage cyber risks, ensure regulatory compliance, and safeguard critical academic, research, and administrative data.The ESISO is a professional advocate for security and advisor to campus management, especially in helping management establish Program priorities and security-serving projects.The ESISO participates directly in conversations with ITEC and campus senior management and, as needed, carries the insights and concerns of the Team to management. The ESISO is the primary lens for campuses to which they are assigned to help manage new and ongoing risks and security-affecting situations and must be a clear and articulate advocate for what the ESISO sees as needed, communicating in terms and methods that resonate with the business so that executive management can make well informed decisions.The ESISO must have a good grasp of the current range of matters that the profession, regulations, and standards describe as comprising organizational information security programs in complex organizations in the US. ITEC itself functions within the College of Buffalo, which functions with SUNY, which further functions within New York State government.With Team leadership and security program management as the primary focus, the role also has a strong project management emphasis. The ESISO must be able to coordinate deliverables to campuses with the Service Delivery Manager for Security Services.Responsibilities include helping define and oversee approved campus security projects, and working on tasks in such project.The ESISO assists campuses with security-related incidents. They will help investigate and evaluate security-focused software which promises to be useful to campus security posture and support senior management at the campuses in determining system requirements and capabilities, as well as appropriate hardware and software configurations.Please see for more information.The location for this position is in Buffalo, NY. An office location at a New York State or SUNY Institution may be possible.Multiple selections may be made from this posting.Required Qualifications Bachelor's degree in a security, computing, programming, networking or related field, or equivalent years of professional work experience.Demonstrated current and/or previous leadership positions.Demonstrated experience supervising a team.Good presentation skills, interpersonal skills, written and communication skills.This position is designated as a critical or security-sensitive position; therefore, the candidate must successfully complete a criminal history check and be determined to be security position qualified. Candidates are required to self-report convictions.Demonstrated familiarity with security standards including NIST 800-53, 800-171, NIST Cybersecurity Framework (CSF) or equivalents.Experience monitoring and evaluating vulnerability publications from reputable security organizationsPreferred Qualifications Master's degree in information security or assurance, such as MSIACertifications related to Security Operations/Architecture/Engineering: ISC2: CISM, CISSP or SSCP.(CISSP-ISSAP or ISSEPa plus); relevant SANS GIAC series; or others, like PNPT, OSCP, CEH, CISM, CISA, or CySA+Familiarity with Security Tools such as Zeek, Snort, Suricata, Nmap, Metasploit, Wireshark, OpenVAS, Autopsy.Demonstrated familiarity with privacy regulations such as FERPA, PCI, HIPAA and GLBAWorking or managerial experience in a large organization, especially higher education.Recent operational or administrative experience with EDR, SIEM, IDS/IPS SystemsExperience responding to or advising the response to a security breach, such as notification, chain of custody, guiding forensics, or compliance reportingFamiliarity or experience with network hardware e.g. switches, VLANs, routers, and access control lists; Familiarity or experience with network software protocols e.g. TCP/IP, BGP, NFS, iSCSI, QoS, SDN, HTTPS, TLS, etc.Experience in System Administration for Windows servers, vCenter/ESXi, Linux, Hypervisors a plus.Experience with Single-Sign on protocols e.g. SAML2, OpenID, CAS and Multifactor authentication.Cloud provider experience and/or certifications with any of Azure, AWS, Google Cloud.Membership in REN-ISAC, MS-ISAC, or other industry ISACFamiliarity with Banner Student Information Systems or a similar product.Experience with Zero Trust Networks.Experience using enterprise security products (e.g. EDR, IDS/IPS, SIEM systems, firewalls, etc)Anticipated Date of Hire: 10/01/2025Priority Review Date Application Deadline Date: 09/17/2025recblid f9be9n5q99zi7530feuk0qztpoapdn