IT Security and Compliance Manager II

Agency

Division

Job Classification Title

Position Number

Grade

About Us

The North Carolina Community College System (System Office) is a statewide network of 58 public community colleges. The system enrolls over 500000 students annually. It is the 3rd largest in the nation based on the number of colleges. It also provides data to the North Carolina Learning Object Repository by collecting contributing and sharing digital learning resources for use in traditional or distance learning environments. The mission of the North Carolina Community College System is to open the door to high-quality accessible educational opportunities that minimize barriers to post-secondary education maximize student success develop a global multicultural and competent workforce and improve the lives and wellbeing of N.C. citizens.

Description of Work

Knowledge Skills and Abilities/Management Preferences

RECRUITMENT RANGE: $101416-$121956

EHRA - The position is designated Statutory Exempt (EHRA) and is exempt from the State Human Resources Act

This position may be eligible for hybrid or remote work in accordance with state and agency policy and depending on the location of selected candidate.

Candidates must reside in North Carolina at the time of hiring. Relocation assistance is not available for this position.

The Information Security Office is seeking a dedicated cybersecurity professional to join our dynamic team supporting the 58 Great Community Colleges across North Carolina.

As part of this collaborative group youll play a critical role in safeguarding the systems and data that empower thousands of students faculty and staff every day. This is more than a jobits an opportunity to make a statewide impact strengthen cybersecurity resilience and help shape the future of higher education in North Carolina.

The System Office Information Security Officer (ISO) role focuses on cybersecurity advocacy thought leadership and providing support to the multiple community colleges which they are assigned to encompassing the duties and responsibilities outlined below.

Cybersecurity Leadership

Deliver strategic and tactical cybersecurity guidance to college CIO IT leadership and executive teams. Collaborate with senior administration and academic leaders to define and implement a continuous improvement model for information security while fostering strong relationships across the institution.

Information Technology Security Expertise

Serve as the technical authority on multiple technologies including on-premises and cloud security. Robust experience in a broad range of IT solutions from networks to servers and cloud-based platforms such as Microsoft Azure Office 365 Amazon Web Services (AWS) and Google Workspace (G-Suite).

Information Security Program Development

Provide leadership and support for the design and execution of a comprehensive institution-wide information security program. Assist in defining near-term annual and long-term security goals strategies metrics and reporting mechanisms. Develop maturity models and roadmaps for continuous improvement aligned with local and system-wide policies and standards.

Security Awareness and Advisory

Drive security education and awareness initiatives. Provide expert advice on security best practices vulnerabilities and remediation strategies to reduce institutional risk.

Regulatory and Industry Awareness

Monitor and interpret evolving cybersecurity threats trends and regulatory changes impacting higher education at state system and national levels.

Compliance and Audit Support

Partner with compliance leadership to build integrated security and compliance programs. Ensure adherence to state and federal regulations (FERPA PCI HIPAA FSA GLBA NIST 800-53/800-171). Support colleges with audit readiness external assessments and compliance checks.

Incident Response Leadership

Assist colleges in identifying and responding to threats. Assist and coordinate institutional response to security incidents. Act as liaison to system and state resources during major events. Participate in Cyber Incident Response Teams (CIRT) for investigation and resolution.

Professional Development

Maintain and expand professional knowledge and skills through ongoing education and engagement with industry best practices.

Candidates must reside in North Carolina at the time of assistance is not available for this position.

This position may be eligible for hybrid or remote work in accordance with state and agency policy and depending on the location of selected candidate.

Minimum Education and Experience

Some state job postings say you can qualify by an equivalent combination of education and experience. If that language appears below then you may qualify through EITHER years of education OR years of directly related experience OR a combination of both. See the Education and Experience Equivalency Guide for details.

Knowledge Skills and Abilities/Management Preferences

Minimum Education and Experience

Some state job postings say you can qualify by an equivalent combination of education and experience. If that language appears below then you may qualify through EITHER years of education OR years of directly related experience OR a combination of both. See the Education and Experience Equivalency Guide for details.

Bachelors degree in computer science or a related IT field or related degree from an appropriately accredited institution and three years of progressive experience in IT security or closely related area including two years of supervisory experience;

or Associate degree in computer science or a related IT field or related degree from an appropriately accredited institution and four years of progressive experience in IT security or closely related area which includes two years supervisory experience; or an equivalent combination of education and experience.

The following Management Preferences are not required but applicants that possess these skills are preferred:

Cybersecurity Experience & Leadership:Minimum of 3 years of hands-on cybersecurity experience including demonstrated organization and program leadership problem-solving process improvement and project management capabilities. Preferred certifications demonstrating experience include but are not limited to CISSP CCSP CISM GCSA CEH GCIA GCIH and SANS.

Information Security Knowledge:Demonstrated understanding of security governance frameworks policies and procedures as well as compliance with federal and state privacy laws and regulations such as GLBA FERPA HIPAA PCI-DSS NIST 800-53/800-171 and CIS Controls.

Security Program Implementation:Proven experience in deploying operating and maintaining enterprise or local information security programs and technical controls.

Risk Management Expertise:Skilled in conducting risk assessments audits and reviews with experience in vulnerability analysis control evaluation likelihood determination and risk prioritization.

Technical Architecture Understanding:Solid knowledge of network and application architecture including network protocols routers switches and how these systems interoperate.

Security Operations & Forensics:Experience with incident response intrusion detection vulnerability and patch management log analysis and computer/network forensics.

Communication & Collaboration Skills:Excellent written and verbal communication skills with experience presenting to executive leadership. Strong interpersonal and organizational abilities and a proven track record of working effectively across cross-functional teams and diverse technical audiences.

STATE EMPLOYEE COMPENSATION & BENEFITS:All System employees are valued and offered a wide variety of competitive and family-friendly benefits. The state of North Carolina provides excellent comprehensive benefits. Employees may choose to participate in health insurance options standard and supplemental retirement plans and the NCFlex program (numerous high-quality low-cost benefits on a pre-tax basis). Employees also receive paid vacation sick and community service addition paid parental leave and personal observance is available to eligible employees. Some highlights include:

• The best-funded pension plan/retirement system in the nation according to Moodys Investors Service
• Twelve (12) holidays/year
• Fourteen (14) vacation days/year which increase as the length of service increases and accumulate year-to-year
• Twelve (12) sick days/year which is cumulative indefinitely
• Longevity pays lump sum payout yearly (based on length of service beginning 10 years and up)
• 401K 457 and 403(b) plans

Learn more about employee perks/benefits:

• Why Work For NC
• NC OSHR: Benefits
• NC OSHR: Total Compensation Calculator

The North Carolina Community College System Office uses the Merit-Based Recruitment and Selection Plan to fill positions SUBJECT to the State Human Resources Act with the most qualified applicants. When a salary range or recruitment range is posted the actual salary will be based on relevant competencies knowledge skills and abilities internal equity and budgetary considerations pertinent to the advertised position. All post-high school degrees must be from appropriately accredited institutions.

Individuals interested in applying for this position must complete the online process at Résumés will not be accepted in lieu of the application. Work history and credentials must appear on the application to receive consideration during the selection process.

For further information please contact:

RECRUITMENT ADMINISTRATOR
North Carolina Community College System
Human Resources Caswell Building
5001 Mail Service Center Raleigh NC 27699-5001
Email:

EEO Statement

The State of North Carolina is an Equal Employment Opportunity Employer and dedicated to providing employees with a work environment free from all forms of unlawful employment discrimination harassment or retaliation. The state provides reasonable accommodation to employees and applicants with disabilities; known limitations related to pregnancy childbirth or related medical conditions; and for religious beliefs observances and practices.

Recruiter:

Recruiter Email: