Posted: Oct 21, 2024

Cybersecurity Analyst and Program Manager

Baylor School - Chattanooga, TN
Full-time
Salary: Monthly
Application Deadline: N/A
Education

Baylor School is excited to announce the creation of this new and critical senior position within the Technology Team. If you are a cybersecurity professional who wants to apply your knowledge to develop cyber programs, provide leadership in your area of expertise, and retain a daily technical role … all while making a real, tangible, difference to the lives of our students and future leaders … apply today! This position is eligible for remote and hybrid work, although on-campus is preferred.

Job Summary - Reporting directly to the Chief Information Officer, the Cybersecurity Analyst and Program Manager (herein, “Cyber Manager”) is a critical position that owns and oversees Baylor School’s enterprise cybersecurity program (which includes vulnerability management, patch management, endpoint protection, vendor risk assessment, and communications) and is responsible for daily security operations as well as strategic cyber initiatives. The Cyber Manager establishes an enterprise security stance through policy, architecture, controls, and internal education and is the primary point of contact for vulnerability assessments, audits, and mitigation activities.

As the institution’s most senior cyber analyst, the Cyber Manager maintains, develops, and configures the school’s security information and event management (SIEM) tools, investigates incidents and events, performs proactive threat hunting, plays a key leadership role in incident response, and is a subject matter expert for the school’s disaster response and business continuity efforts.

The Cyber Manager has a secondary role as Microsoft 365 tenant administrator and is a cybersecurity subject matter expert and consultant for all members of the Technology Team.

You might see job titles like the following that perform a similar role: Senior Cyber Analyst; Information Security Manager; Senior Systems Administrator; Assistant CISO; IT Security Manager; Cybersecurity Specialist.

The Team - The Baylor School Technology Team is a highly collaborative, inclusive, and enthusiastic group of IT professionals who take pride in their work and relish the opportunity to learn, teach, and share their expertise. Covering all aspects of technology from administrative systems to communications platforms, audio-visual to classroom equipment, and emergency notification to residential life, the team excels at balancing user advocacy, equity, and regulatory compliance to provide Baylor School’s employees and students alike with a first-class technology environment. Under the new leadership of Dr. Dave Robinson, the team is undergoing a period of strategic investment by the school; this new position is evidence of that commitment.

The School - Baylor School is an independent (private) school for grades 6-12 located on nearly 700 acres along, and overlooking, the Tennessee River and surrounding mountains. The school enrolls 1,110 students, including 237 boarding students from 26 states and 16 countries. Students and faculty are drawn by the school’s strong academic programs, diverse extracurricular activities, supportive school community, and impressive facilities. Our students thrive in a college preparatory community that features Global Scholars and student exchange programs, a STEM curriculum that includes an independent research component, a civic scholars program focused on leadership outside of the school community, championship athletic programs, a thriving fine arts program, and an alumni network that impresses, from Pulitzer Prize winners to PGA pros.

The Chattanooga Area - Chattanooga is a vibrant city that offers an exceptional quality of life and a thriving work environment. Nestled along the banks of the Tennessee River and surrounded by picturesque mountains, Chattanooga offers stunning natural beauty and a wealth of outdoor activities, from hiking and biking to kayaking and rock climbing. The city is known for its innovative spirit, with a burgeoning tech scene and a strong commitment to sustainability, earning it the nickname “Gig City” for its high-speed internet infrastructure. Chattanooga’s rich cultural scene, diverse dining options, and friendly community make it an ideal place to call home. Whether you’re looking to advance your career or enjoy a balanced lifestyle, Chattanooga provides the perfect backdrop for both professional growth and personal fulfillment.

Position Responsibilities

Enterprise cybersecurity strategy, planning, and procedures

  • Create (with the CIO), oversee, and manage the System Security Plan (SSP), and similar enterprise documents.
  • Create and maintain policies, standards, security baselines, procedures, and recommendations.
  • Create, maintain, and manage Enterprise (IT) Business Continuity Plan and (IT) Disaster Recovery Plan.

Continuing education and familiarization with

  • Current cyber threat landscape
  • Best practices for cybersecurity, information security, and related disciplines

Operational Security

Vulnerability Management:

  • Create, oversee, and manage the IT vulnerability management program
  • Lead for all vulnerability assessments, penetration tests, and audits; including developing and tracking to completion resultant Plan of Actions and Milestones (POAM).
  • Regular assessment of endpoint security, enterprise vulnerability stance

Senior Cyber Analyst:

  • Perform all cyber investigations
  • Perform regular threat hunting and strengthen the cyber architecture based on findings
  • Manage and configure the enterprise SIEM
  • Proactively assess the security posture of the enterprise
  • Perform red and/or blue team activities as deemed appropriate
  • Primary point of contact for MDR services
  • Monitor threat intelligence feeds for proactive mitigation of threats

Risk assessment:

  • Perform regular risk assessments for compliance, best practice, new solutions prior to deployment, and internal processes
  • Perform vendor risk assessments

Champion the confidentiality, integrity, and availability of enterprise data

Presentation and Knowledge Sharing

  • Regular presentation to CIO, IT Team, School Leadership, and Board of the cybersecurity program, accomplishments, limitations, strategy, and plans
  • Educational presentation to employees regarding current cybersecurity threats and protections
  • Supervise regular security awareness training and campaigns for all school students and employees
  • Develop and maintain cooperative relationships with all constituents to support a culture of open dialog and appropriate levels of transparency around cybersecurity decisions

Microsoft Tenant Administration

  • Backup administrator for enterprise Microsoft tenant

Requirements

Education and Training

  • College diploma, university degree, or 5 years of directly relevant technical experience and training
  • Minimum of 3 years experience as a cybersecurity analyst or in a similar role

Demonstrated Experience at the Enterprise Level

  • Security architecture
  • Policy development
  • Vulnerability management
  • Risk assessment
  • Threat hunting, log analysis, or SIEM management
  • Identity management
  • Understanding and navigating compliance, legal, or regulatory frameworks
  • Implementing controls within NIST, or similar, frameworks

Demonstrated Technical Skills

  • Microsoft tenant management

Essential Qualities

  • Collaborative decision-making
  • Transparent communication
  • Equitable, inclusive, and impartial approach to decision-making

Preferred Qualifications

  • Minimum of 5 years experience as a cybersecurity analyst or in a similar role
  • One or more of the following qualifications: GIAC Security Essentials Certification, GIAC Security Leadership Certification, ISACA Certified Information Security Manager, Microsoft Certified Systems Engineer: Security, (ISC)2 SCCP, (ISC)2 CISSP, (ISC)2 ISSAP, (ISC)2 ISSMP
  • Demonstrated technical experience managing and configuring one or more of the following platforms: Microsoft Purview, Microsoft Sentinel, Next Generation Firewall
  • Practical experience in one or more of the following: Vulnerability assessment, Penetration testing, Risk assessment
  • Experience in educational environments, especially K-12 or Higher Education
  • Experience in private or independent schools, colleges, or universities

Note: The Cyber Manager is expected to gain, if not already held, the CISSP qualification within 1 year of starting the position, or within 2.5 years if additional industry experience is required per the qualification requirements. Professional development funds are available to cover the cost of the course, training, and an exam.

Accountability

This senior position is expected to work with minimal direction, take critical actions independently, make critical decisions independently, and make a significant positive impact on the cybersecurity of the campus and its user community. The Chief Information Officer is available for guidance and consultation whenever needed.

For full details, including example competencies, view the job description posted online.