Information Security Engineer

The Information Security Engineer provides security engineering expertise to the NYU community. Manage information and cybersecurity engagements and deliver security engineering and audit services for all technology change initiatives to all business units and schools including global locations. Partner with schools and units, critical stakeholders in Research, and various IT teams to define the scope, work effort, and deliverables for the information security engagement and oversee multiple arrangements. Document and address NYU information security, and hybrid Cloud and systems security engineering requirements throughout the acquisition life cycle working. Identify opportunities for improvement and further development of services, including the development of cybersecurity technical standards and guidelines. Identify cybersecurity control requirements for technology and secure research initiatives. Design effective and practical solutions to meet those requirements in alignment with the overall objectives while establishing buy-in from the schools and units. Act as a subject matter expert, assess the business impact of information security risks in the enterprise, and identify options and recommendations for mitigating those risks. The Information Security Engineer is vital in safeguarding research and intellectual property. Understanding of security frameworks such as NIST and ISO, comprehending information security regulations, and proactively identifying and addressing emerging compliance issues and threats to research assets. Audit system security via the GOIS Security Validation Process. Evaluate and develop secure solutions based on approved security architectures. Work closely with other functional area engineers and information security specialists to ensure acceptable security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently and support NYU objectives. Communicate information security and secure research risks and solutions to various technical and non-technical audiences and levels of management. Communicate and interact effectively and professionally with co-workers, management, internal and external customers, and partners.

Required Education:
Bachelor's Degree or equivalent combination of education and experience

Required Experience:
5+ years experience involving information technology and/or information security, compliance, or risk management.

Preferred Experience:
5+ years Experience with structured Information Security Enterprise Architecture practices, hybrid cloud deployments, and on-premise-to-cloud migration deployments. Experience in designing, implementing, and delivering security for cloud-native, distributed computing, and architectural solutions with the principle of 'Secure by Design.” Experience delivering information security expertise through a deep understanding of the academic and secure research environment, IT security technologies, and processes supporting the university research mission. Maintaining and applying understanding of NIST frameworks to public cloud solutions. Providing timely operational, technical, and consultative guidance to promote a secure and compliant technology environment by maintaining confidentiality and acting with the highest ethical standards.

Required Skills, Knowledge and Abilities:
Demonstrated understanding of IT security principles and concepts. Ability to communicate information and security concepts to non-technical audiences. Knowledge of cybersecurity applied to the cloud, data, applications, platforms, operating systems, and networks. Have a strong working understanding of information and cybersecurity architectural principles and models. Ability to develop cybersecurity standards and patterns. Strong ability to navigate an NYU multi-school and global campuses environment and build cross-functional relationships with the local IT and security leadership teams. Organized, process-oriented, and able to manage multiple concurrent work streams. Excellent written and verbal communication skills. Must be able to effectively communicate technically with strong understanding of Zero Trust, Privileged Access Management, and Identity Management to lead multifunctional projects or initiatives—knowledge of laws, regulations, and standards relevant to higher education.

Preferred Skills, Knowledge and Abilities:
Knowledge of advanced security controls and information security best practices. Knowledge of enterprise infrastructure and application monitoring tools. Familiarity with security frameworks such as CIS, NIST, ISO, and PCI-DSS. Familiarity with cloud architecture and security concepts. Working knowledge of computer network protocols, network security architecture, and computer architecture. Working knowledge of network systems, security principles, applications, and risk and compliance initiatives. Advanced knowledge of Risk assessment and Compliance processes and required supporting artifacts. Understanding of contemporary security theory and application (including vulnerabilities, exploitation techniques, and attack vectors). Knowledge in developing processes and systems for building and maintaining high-performance computing and cloud systems and secure research enclaves in an efficient, compliant, and repeatable fashion.

In compliance with NYC's Pay Transparency Act, the annual base salary range for this position is USD $130,000.00 to USD $150,000.00. New York University considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as, market and organizational considerations when extending an offer. This pay range represents base pay only and excludes any additional items such as incentives, bonuses, clinical compensation, or other items.

NYU aims to be among the greenest urban campuses in the country and carbon neutral by 2040. Learn more at nyu.edu/nyugreen.

EOE/AA/Minorities/Females/Vet/Disabled/Sexual Orientation/Gender Identity