Primary owner of Information Security Program, Policies, Plans and Awareness Initiatives for MOHELA.
administration, maintenance, development and/or implementation of security measures for information systems and business functions.
Work closely with management, infrastructure team, development staff and other team members to ensure data protections are in place.
Primary liaison with Federal Student Aid Information System Security Officer personnel.
Manage small team of staff supporting Risk Management function.
Additional responsibilities may be assigned as deemed necessary.
Essential Duties and Responsibilities:
Network Analysis & Vulnerability Management –
Establishes and maintains network security policy, standards, processes, and procedures.
Provide ongoing management of Information Security procedures, specifications, and drawings for improving strategies and continued organizational enhancement.
Performs regular network vulnerability assessments, providing specific guidance to infrastructure personnel on exposures and remediation requirements.
Security Audits –
Lead efforts associated with
performing security audits and creating documentation and remediation plans.
Document and report on existing controls to support internal and external audits.
Provide updates to senior and executive management personnel regarding status & improvement objectives.
Risk Management –
Lead or assist in performing of risk assessments of functional areas
to identify areas of risk, vulnerabilities and to recommend alternative strategies.
- Key contributor towards strategic direction with regard to related
governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance), including engagement with senior and middle management personnel throughout the organization to provide an improved overall security posture for the
- Leads the design, implementation, operation and maintenance
of the Information Security Management Systems based on the NIST 800 requirements or other regulatory requirements as applicable
Incident Response –
Ensure prepared incident security management team is in place and capable of responding to security events and incidents.
Project Management –
Serve as technical lead for security projects.
This includes communicating across technical organizations and creating discrete design, testing, and deployment plans
Create documentation and provide training to different teams to enhance awareness of vulnerabilities and other security related issues in an effort to reducing those risks.
Provide depth for specific infrastructure management functions for at least two competencies within the realm of storage, compute, networking, desktop, and firewall
Maintain strong technical proficiency in areas core to the organizational technological mission.
Bachelor's degree in MIS, Computer Science, Information Security or related field from a four year college or university required, or equivalent combination of education and
8 years + of combined IT and application, networking, operating system or database security work experience with a broad range of exposure to systems management, configuration,
diagnostics and administration functions.
Experience applying or developing Sarbanes/Oxley controls or federal standards in financial organizations.
Experience with managing, coordinating, responding to internally and externally initiated financial audits, IT system audits, and management inquiries.
Working knowledge of IT organizations and data center specifically understanding system production structure/controls and generally software development processes.
Hold a CISSP certification or meet the minimum standards to attain CISSP accreditation within a 6 month period.
A knowledge and understanding of Federal Information Security Management Act (FISMA), including the NIST 800 series and Federal Information Processing Standards (FIPS) guidelines and regulations would be plus.
Must be able to obtain an appropriate public trust security clearance as required of federal government
contractors to include a background check conducted by the U.S. Government to determine eligibility and suitability for federal contract employment for public trust or sensitive positions
To build a diverse workforce, MOHELA encourages applications from individuals with disabilities, minorities
In compliance with the American Disabilities Act Amendment Act (ADAA), if you have a disability and
would like to request an accommodation in order to apply for a position with MOHELA, please call 636.733.3700 x3571, TDD 7-1-1, or email
All qualified applicants will receive consideration for employment without regard to race, color,
religion, sex or national origin.