Designs and Leads Cybersecurity ProgramsLeads the design, development, implementation, and ongoing enhancement of enterprise-level complex cybersecurity programs for assigned domains (e.g., incident response, vulnerability management, threat intelligence, risk management).Creates policies, procedures, playbooks/runbooks, and automation to support program execution.Oversees program governance, maturity roadmaps, and continuous improvement initiatives.Partners with the campus Information Security Office on security architecture, tooling, and enterprise-wide initiatives.Leads real-time response and resolution for critical security events across assigned domains.Leads response to complex security incidents (detection, analysis, containment, eradication, recovery) using advanced threat hunting techniques and collaborating with the campus Information Security Office, who owns and manages the SIEM/SOAR/other security tools.Directs Governance, Risk, and ComplianceEstablishes and enforces security policies, standards, and procedures aligned with regulatory mandates.Monitors adherence to HIPAA, FERPA, PCI DSS, GDPR, ISO 27001, and NIST frameworks.Manages risk registers, evaluates control effectiveness, and leads remediation planning for high-risk findings.Oversees internal and external audits; prepares compliance reports, attestations, and evidence.Conducts third-party and vendor security assessments to ensure compliance with organizational standards and regulatory requirements.Operationalizes Threat Intelligence and Risk ManagementCollects and applies threat intelligence to enhance detection, prevention, and response capabilities.Identifies control gaps and recommends improvements to security architecture and processes.Automates workflows for threat enrichment, triage, and reporting to improve efficiency.Integrates threat intelligence into SIEM/SOAR platforms and detection use cases.Conducts proactive analysis and advanced techniques to identify and mitigate emerging risks across domains.Develops Metrics and ReportingEstablishes cybersecurity KPIs and dashboards (e.g., MTTR, vulnerability SLAs).Aggregates data for executive and board-level reporting.Provides actionable recommendations based on trend analysis and performance metrics.Communicates findings effectively to technical and non-technical stakeholders.Mentors and Trains AnalystsGuides analysts on advanced techniques, tools, and best practices.Reviews casework and provides constructive feedback to improve quality.Develops training materials and assists on tabletop exercises; promotes knowledge sharing within the team.Promotes Security AwarenessSupports enterprise-wide security awareness initiatives and outreach.Contributes content for campaigns, briefings, and learning sessions.Helps cultivate a risk-aware environment through education and engagement.Leads Cybersecurity Projects and InitiativesLeads discrete security projects, risk assessments, and implementation of new solutions.Collaborates with IT and cross-functional teams to integrate security into SDLC and strategic initiatives.Manages projects and ensures alignment with organizational objectives.Marginal or Periodic Functions:Helps with updates to disaster recovery and incident response plans.Represents the organization during cybersecurity audits and external assessments.Participates in professional development, advanced training, and conferences.Adheres to internal controls and reporting structure.Performs related duties as required.KNOWLEDGE/SKILLS/ABILITIESProblem SolvingUses rigorous logic and data to solve difficult problems; probes for root causes; blends analysis, experience, and judgment to craft practical solutions.Diagnoses root causes of security issues across programs using correlated telemetry and evidence.Frames hypotheses, tests alternatives, and selects mitigations that reduce risk while sustaining operations.Documents decision paths and lessons learned; folds improvements into playbooks and standard work.Decision QualityMakes sound, timely decisions based on analysis and judgment; considers risk, impact, and trade-offs; acts decisively when required.Applies risk criteria to prioritize actions during incidents and remediation.Commits to containment or eradication under uncertainty; adjusts as new intelligence emerges.Records rationale, residual risk, and next steps for transparent communication.Process ManagementDesigns and manages processes that are clear, efficient, and scalable; defines roles, handoffs, metrics, and continuous improvement mechanisms.Builds governance, procedures, and runbooks for cybersecurity programs.Automates repetitive tasks and tracks KPIs to improve efficiency and outcomes.Conducts program reviews and integrates improvements into tooling and processes.Functional/Technical SkillsPossesses and applies technical knowledge to perform effectively; keeps skills current and applies them to solve real problems.Applies expert knowledge of operating systems, network protocols, SIEM/SOAR platforms, and vulnerability tools.Uses threat intelligence to enhance detections and strengthen preventive controls.Aligns control designs with frameworks (NIST CSF, NIST 800-53, HITRUST).Priority SettingFocuses time and resources on the most critical tasks; quickly senses what will help or hinder goal achievement; removes roadblocks and creates focus.Triages alerts and cases to direct resources to high-impact events and initiatives.Balances strategic improvements with urgent operational demands.Communicates trade-offs and timelines to stakeholders.Dealing with AmbiguityActs effectively without complete information; shifts gears comfortably; is calm and effective amid change and uncertainty.Initiates containment and investigative steps based on partial indicators.Adapts hypotheses and approach with new artifacts and intelligence.Provides clear guidance to stakeholders during evolving situations.Developing OthersProvides feedback and coaching; helps others learn and grow; creates opportunities for skill development and ready-now capability.Coaches junior analysts on tooling, decision criteria, and investigative methods.Creates training materials and standard work to accelerate readiness.Encourages knowledge sharing through tabletop exercises and debriefs.
