• Proficiency in HTML, CSS, and JavaScript
• Strong understanding of responsive design principles
• Experience with frontend frameworks - React, Angular, or Vue.js
• Knowledge of RESTful APIs and asynchronous request handling
• Experience with building tools and automation frameworks
• Good understanding of browser rendering behavior and performance
• Problem-solving and debugging skills
• Ability to collaborate with designers and backend developers

Must-Have Skills

• Strong expertise in HTML5, CSS3, Flexbox, Grid, and responsive design methodologies.
• Solid experience with Angular (preferably Angular 12+).
• Understanding of RESTful integrations and frontend state management.
• Strong problem-solving mindset with a commitment to clean, maintainable code.
• Strong understanding of Git workflows including branching strategies and clean version control practices.
• Hands-on experience with frontend UI libraries, particularly Material and PrimeNG.
• Knowledge of best practices for code organization, change detection optimization and reusable components.
• Competent in debugging front-end code using browser developer tools.

Nice to Have

• Experience with Figma-based handoff workflows.
• Exposure to Agile delivery environments.

• Education: Bachelor’s degree in Computer Science, Software Engineering, or a related field

• Experience: 2-5 years of experience in frontend development

   

Broad knowledge of computer security issues, requirements, solutions, and trends, especially in the higher education environment.\
• Knowledge of applicable business processes and operations of customer organizations.
• Knowledge of new and emerging information technology (IT) and information security technologies.
• Knowledge of risk management processes, including steps and methods for assessing risk.
• Knowledge of system lifecycle management principles, including software security and usability.
• Knowledge of critical information technology (IT) procurement requirements.
• Strong interpersonal and communication skills, plus the ability to achieve goals through influence, collaboration, and cooperation.
• Demonstrated ability to work effectively with an array of constituencies in a community that is both demographically and technologically diverse.
• Ability to think critically and analyze information and situations, present findings and make recommendations; ability to turn data into information and present it in a meaningful manner.
• Ability to analyze issues and solve sensitive and complex problems under pressure. Skilled in interpersonal communication and conflict resolution.
• Excellent written and verbal skills.
• Excellent presentation skills and experience in public speaking or training.

Competencies:
• Decision Making
o Decisions may affect a work unit or area within a department. May contribute to business and operational decisions that affect the department.
• Problem Solving
o Problems are varied, requiring analysis or interpretation of the situation. Problems are solved using knowledge and skills, and general precedents and practices.
• Independence of Action
o Results are defined and existing practices are used as guidelines to determine specific work methods and carries out work activities independently; supervisor/manager is available to resolve problems.
• Communication and Collaboration
o Contacts and information are primarily within the job’s working group, department and/or campus.
o Contacts and information sharing are external to the job’s department, but internal to the campus/campuses (i.e. other departments/campuses, central administration/services such as Human Resources, Payroll, Finance, Facilities, Mail Services, Student Services, etc.)
o Contacts and information sharing are internal/external to the College, for the primary reason of scheduling, coordinating services, collaborating, etc.
Required Industry Certifications
• At least one relevant certification, e.g. Certified Identity and Access Manager (CIAM), Certified Identity Management Professional (CIMP), Certified Identity Governance Expert (CIGE), Certified Information Systems Security Professional (CISSP

Essential Functions:
Identity and Access Management
• Design, implement, and manage identity services solutions, including authentication, authorization, and identity lifecycle management to provide a strong IAM program.
• Ensure the integrity and security of the College's identity data.
• Identify and evaluate complex business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement.
• Develop and maintain Role-Based Access control (RBAC), Attribute-Based Access control (ABAC), and least-privilege models to reduce access risk.
• Integrate systems with Single Sign-on (SSO) and Multi-Factor Authentication (MFA) using SSO and MFA technologies.
• Implement and manage Privileged Account Management (PAM) controls including credential vaulting and session monitoring.
• Monitor, investigate, and respond to IAM-related incidents, abnormal login behavior, and security alerts.
• Maintain detailed documentation of IAM architecture, configurations, integrations, and process flows.
• Ensure IAM alignment with regulatory, audit, and compliance requirements across the organization.
• Identify the broader impact of current decisions related to user access, data access and information security
Strategic Leadership
• Envisions organizational outcomes and facilitates alignment with them.
• Aligns IAM processes across the organization, and develops and documents standards for organizational use.
• Understands business and information technology management processes and demonstrates advanced understanding of business processes, internal control risk management, IT controls and related standards.
• Lead the planning, development, and execution of IAM projects, ensuring they are completed on time and within budget and aligned with IAM best practices.
• Collaborate with security architecture, application owners, and infrastructure teams to design scalable and secure IAM solutions.
• Define and track IAM metrics, KPIs, and maturity indicators to support continuous improvement.
• Advise senior management on IAM-related risks and security posture.
Awareness, Training and Other Communications
• Fosters an understanding of the need for and application of the IAM system, and facilitates decision making with the end users.
• Builds and nurtures positive working relationships with College units and departments.
• Identifies opportunities to improve engagement with the College units and departments.

Perform other duties as assigned

Bachelor's degree from an accredited college or university with course work in computer science, information systems, cybersecurity, or a related field, and/or any combination of
education, training, and experience that provides the required knowledge, and expertise to perform the essential functions of the position. • Four years of progressively responsible experience in the management of identity and access management, or similar experience managing complex applications, projects or systems.
• Proven experience in designing and implementing IAM solutions in a complex organization.
• Experience dealing with complex risk-related issues with managing vendor relationships, information security or regulatory compliance programs, and audits.

Working knowledge of computer network defense and vulnerability assessment tools and their capabilities.
• Working knowledge of network protocols (e.g., TCP/IP (Transmission Control Protocol/Internet Protocol), DHCP (Dynamic Host Configuration Protocol), DNS (Domain Name System).
• Working knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of new and emerging information technology (IT) and information security
technologies.
• Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.
• Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
• Ability to accurately and completely source all data used in intelligence, assessment, and/or planning products.
• Skill in using incident handling methodologies.
• Skill in collecting data from a variety of cyber defense resources.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in assessing security controls based on cybersecurity principles and tenets.
• Skill in implementing security controls and tools.
• Strong interpersonal and communication skills.
• Ability to achieve goals through influence, collaboration, and cooperation.
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Ability to produce technical documentation.

• Ability to handle and maintain confidential information.
• Ability to exercise judgment when policies are not well-defined.
• Ability to think critically, analyze issues and solve sensitive and complex problems under pressure.
• Ability to work effectively with an array of constituencies in a community that is both demographically and technologically diverse

Perform assessments of systems and networks within the College environment and identify where those systems/networks deviate from approved configurations, or College policy.
o Measure effectiveness of defense-in-depth architecture against known vulnerabilities.
o Conduct vulnerability scanning activities across the enterprise.
o Analyze scan results to identify security weaknesses, misconfigurations, and areas of elevated risk.
o Correlate vulnerability data with current threat intelligence to assess exploitability and potential impact.
o Produce detailed reports on identified vulnerabilities, severity levels, business impact, and remediation status.
o Coordinate and support remediation efforts across business owners and support teams.
o Supports security awareness and education efforts for the College community, i.e. Employees, Students, Contractors, Volunteers, etc.
• Analyze data from cyber defense tools (e.g. Vulnerability Management tools, EDR, SEG, IDS alerts, firewalls, network traffic logs) for the purposes of mitigating threats.
o Review SIEM and/or audit logs to identify anomalous activity and potential threats to network resources.
o Perform continuous monitoring and analysis of system and user activity to identify malicious activity.
o Maintain detailed tracking of vulnerabilities, including deadlines, remediation progress, ownership, and closure.
o Manage, and update Plans of Action and Milestones (POA&Ms).
o Correlate events across a wide variety of source data (indications and warnings).
o Notify management of incidents that may require additional attention.
o Stay current with existing and evolving technologies to provide enhanced security service offerings to stakeholder groups.
o Act as a security consultant to help identify business needs and design appropriate security controls.
o Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• Manage security incidents. Act as a trusted point of contact and provide expertise for incidents and executes incident response activities including escalation to upper management.
o Serve on the Cybersecurity Incident Response Team.
o Respond to alerts received from monitoring systems.
o Perform event correlation to gain situational awareness and determine the impact of an observed attack.
o Provide timely analysis of events to distinguish malicious incidents and events from benign activities.
o Analyze malicious activity to determine weaknesses exploited, exploitation methods, and effects on systems and information.
o Provide recommendations for improvements as needed.

• Bachelor's degree from an accredited college or university with course work in cybersecurity and information technology or a related field, and/or any combination of education, training, and experience that provides the required knowledge, and expertise to perform the essential functions of the position.
• Three years of working experience in various aspects of information technology as an analyst/engineer or similar professional level, including systems administration, networking and/or application development.
• Three years of working experience in cybersecurity as an analyst or security engineer.
• Experience in incident handling/response and disaster recovery planning.
• Experience in OS, network, and application hardening using baselines such as CIS or STIG.

• Knowledge of cyber security and privacy industry, including the technology used to protect the confidentiality, integrity and availability of sensitive information.
• Working knowledge of security frameworks and regulatory requirements such as NIST SP 800-171, CIS Controls, FERPA, GLBA, PCI-DSS, and privacy standards.
• Knowledge, appreciation and prioritization of principles and practices of project organization, planning, records management, and general administration.
• Working knowledge of IT enterprise operations, architecture, and IT as a Service.
• Strong understanding of vulnerability management principles, methodologies, and tools
• Familiarity with patch management processes, secure configuration standards, and system hardening practices.
• Working knowledge of common threat vectors, exploitation techniques, and the vulnerability lifecycle.
• Knowledge of risk management concepts, risk scoring, risk registers, and POA&M tracking.
• Familiarity with SOC reports, third-party risk assessments, and due diligence reviews.
• Ability to analyze vulnerability data, correlate findings with threat intelligence, and assess potential business impact.
• Skilled in interpreting scan results, identifying false positives, and validating remediation actions.
• Ability to perform root-cause analysis for recurring or high-risk findings.
• Strong attention to detail when documenting risks, findings, or compliance gaps.
• Ability to manage multiple assessments, findings, risks, and remediation efforts simultaneously.
• Skill in writing policies, standards, processes and procedures.
• Skill in leading and/or conducting audits, assessments or reviews of technical systems and processes.
• Effective verbal and written communication skills, presentation, and public speaking skills.
• Effective skills in developing and presenting educational or training programs.
• Effective planning, organizational and multi-tasking skills with minimal supervision.
• Ability to think critically and analyze information and situations; present findings and make recommendations.
• Ability to identify compliance and security needs independent of management direction.
• Ability to grasp technical concepts at all levels of computer systems, from system hardware components and architecture to system integration and implementations.
• Ability to work independently and as part of a team.
• Ability to advise, train, and motivate technical and non-technical individuals in regulatory compliance and information and systems security efforts.
• Ability to work effectively with an array of constituencies in a community that is both demographically and technologically diverse.
• Ability to communicate technical concepts and data to non-technical audiences.
• Ability to achieve goals through influence, collaboration, and cooperation.
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Ability to produce technical documentation.
• Ability to handle and maintain confidential information.
• Ability to exercise judgment when policies are not well-defined.
• Ability to think critically, analyze issues and solve sensitive and complex problems under pressure.

• Governance and Compliance:
o Maintain the GRC framework in alignment with organizational policies and regulatory requirements, including FERPA, GLBA, PCI-DSS, and other privacy regulations.
o Support compliance activities related to security frameworks such as NIST SP 800-171, CIS Controls, and PCI-DSS.
o Analyze requirements needed to comply with college policies and procedures, industry standards, and federal, state, and local regulations.
o Conduct regular reviews, assessments, and updates of policies, standards, and procedures to reflect changes in frameworks, regulations, and industry standards.
• Risk Management:
o Maintain and update the risk register with identified risks, assessments, mitigation strategies, and status updates.
o Evaluate and prioritize vulnerabilities based on severity, risk exposure, exploit likelihood, and business impact.
o Document risk exceptions in accordance with established policies, ensuring proper review and approval workflows.
o Document, track and communicate risk exceptions to relevant stakeholders to promote transparency and understanding.
o Perform risk assessments and prepare reports summarizing findings and recommendations for management.
o Monitor emerging risks, industry trends, and regulatory changes; recommend enhancements based on best practices.
• Security Controls Validation:
o Validate the implementation and effectiveness of security controls by conducting and participating in internal assessments and audits.
o Collaborate with IT and security teams to remediate identified control gaps and track follow-up actions.
• Third-Party Risk Management:
o Conduct assessments of third-party vendors, including reviewing and validating security and privacy documents, and compliance evidence.
o Ensure vendors meet organizational risk, security, and compliance requirements.
o Track vendor risks, findings, and remediation activities as part of the third-party risk management program.
• Vulnerability Management:
o Conduct regular vulnerability scans and assessments across networks, systems, applications, and cloud platforms.
o Analyze scan results to identify security weaknesses, misconfigurations, and areas of elevated risk.
o Correlate vulnerability data with current threat intelligence to assess exploitability and potential impact.
o Continuously monitor the environment for new vulnerabilities, zero-days, and emerging threats.
• POA&M Management:
o Maintain detailed tracking of vulnerabilities, including deadlines, remediation progress, ownership, and closure.
o Develop, manage, and update Plans of Action and Milestones (POA&Ms).
o Validate remediation actions to ensure vulnerabilities are effectively resolved.
o Participate in cross-functional remediation projects to ensure timely and effective risk reduction.
• Reporting & Documentation:
o Produce detailed reports on identified vulnerabilities, severity levels, business impact, and remediation status.
o Maintain documentation of assessment findings, remediation efforts, compliance standards, and audit requirements.
o Present management summaries and dashboards for leadership and governance committees.
• Training & Awareness:
o Deliver training sessions on risk management practices, compliance requirements, and security standards.
o Conduct training sessions to raise awareness on vulnerabilities, secure configurations, and mitigation best practices.
o Foster a culture of compliance and risk awareness across the organization.

Competencies:
• Decision Making
o Decisions may affect a work unit or area within a department. May contribute to business and operational decisions that affect the department.
• Problem Solving
o Problems are varied, requiring analysis or interpretation of the situation. Problems are solved using knowledge and skills, and general precedents and practices.
• Independence of Action
o Results are defined and existing practices are used as guidelines to determine specific work methods and carries out work activities independently; supervisor/manager is available to resolve problems.
• Communication and Collaboration
o Contacts and information are primarily within the job’s working group, department and/or campus.
o Contacts and information sharing are external to the job’s department, but internal to the campus/campuses (i.e. other departments/campuses, central administration/services such as Human Resources, Payroll, Finance, Facilities, Mail Services, Student Services, etc.)
o Contacts and information sharing are internal/external to the College, for the primary reason of scheduling, coordinating services, collaborating, etc.

Minimum Education, Training and Experience Required:
• Bachelor's degree from an accredited college or university with course work in cybersecurity and information technology or a related field, and/or any combination of education, training, and experience that provides the required knowledge, and expertise to perform the essential functions of the position.
• Three years of information security experience including conducting risk assessments/audits/reviews of information systems and assessing and/or mitigating information security threats/risk and/or three years of working experience with security requirements, systems, security architecture, as related to risk management.

Required Industry Certifications:

Certified in Risk and Information Systems Control (CRISC)
• Certified in Governance, Risk and Compliance (CGRC)
• Certified Information Systems Security Professional (CISSP)
• CompTIA Security+
• CompTIA Cybersecurity Analyst (CySA+)
• Certified Ethical Hacker) (CEH)
• GIAC Vulnerability Assessment
• Tenable/ Nessus certification