Assistant Director of Application and System Security

Founded in 1841, Fordham is the Jesuit University of New York, offering an exceptional education distinguished by the Jesuit tradition to more than 16,000 students in its nine colleges and schools. It has residential campuses in the Bronx and Manhattan, a campus in West Harrison, N.Y., the Louis Calder Center Biological Field Station in Armonk, N.Y., and the London Centre in the United Kingdom. Fordham offers a comprehensive benefits package that includes medical, dental, and vision insurance; flexible spending accounts; retirement plans; life insurance; short- and long-term disability; employee assistance program (EAP); tuition remission; and generous time off. Successful candidates should have a knowledge of and commitment to the goals of Jesuit Education.

Reporting to the Senior Director of DevOps Planning, the Assistant Director is responsible for the daily management, execution, and supervision of security operations for applications and systems, both on-premises and in the Cloud.

• Install, configure, and hand over technologies intended to keep university resources safe and secure.
• Ensure that security principles are practically applied during the configuration of systems and throughout the development and deployment of web applications.
• Work directly with application and engineering teams to implement solutions that address current and potential security threats.
• Coordinate system configuration management and support a secure Software Development Life Cycle (SDLC) program.
• Schedule regular audits, assessments, penetration tests, and vulnerability scans.

• Execute application and system security strategies defined by leadership to enhance the adoption of new technologies and analyse their impact on the university community.
• Monitor system configurations to ensure security and compliance, ensuring security protocols are followed during the development and deployment of servers and web applications.
• Supervise the daily security operations of systems and applications in both Cloud and On-Prem environments.
• Collaborate directly with application and engineering teams to implement safeguards against existing and emerging security threats.
• Coordinate and perform vulnerability scanning of applications to detect issues and lead penetration testing initiatives to identify vulnerabilities.
• Support the maintenance and execution of a secure SDLC program.
• Conduct periodic audits and assessments for system and application security under management’s directives.
• Collaborate with development teams to integrate security controls into enterprise applications, student systems, learning management systems, and research platforms.

This list is not intended to be an exhaustive list. The University may assign additional related duties as necessary.

• Provide peer-level coordination or subject-matter guidance to colleagues performing similar work and/or student, part-time workers, including helping organise tasks, clarify priorities, or review work for quality or consistency.

• Deliver training plans and materials to staff to ensure success of initiatives and to manage security risks and issues.
• Maintain working relationships with university departments, external partners, and vendors.
• Implement practical solutions to resolve security challenges.
• Adapt daily workflows in response to the evolving cybersecurity landscape.
• Support the negotiation process with vendors and partners to achieve security outcomes.
• Maintain awareness of the latest cybersecurity trends, threats, and technologies.
• Uphold high ethical standards and integrity in all cybersecurity practices.

• Bachelor’s degree in computer science or a related field, or equivalent combination of education and 4 years of directly related work experience.
• Working knowledge of authoritative standards, guidelines, and best practices in information security.
• Experience participating in or coordinating attack and penetration assessments and reviews.
• Familiarity with cloud computing, virtualization, Cybersecurity framework (CSF), CIS Benchmarks, and the ITIL framework.
• Experience working within a highly automated SSDLC program.
• Ability to apply Threat Modeling practices within the product lifecycle.
• Experience in implementing and operating application vulnerability scanning products and Security Information and Event Management (SIEM) tools in both Windows and Linux environments.
• Strong verbal and written communication skills and ability to collaborate effectively across teams.
• Strong analytical and problem-solving abilities.
• Good organisational and time-management skills.
• Ability to balance security with academic and operational needs.

• 1-2 years of experience in an information security position.
• Experience in security or technology administration within a Higher Education setting.
• Previous hands-on experience in roles such as network, server, database, or application administration.
• Familiarity with Project Management tools, such as Microsoft Project.
• Possession of or ability to obtain relevant information security certifications (e.g., SSCP, GSEC, CISSP, or CISM).

• Minimum Starting Salary: $104,000
• Maximum Starting Salary: $130,000
• Salary is commensurate with qualifications, experience, and skills.

Fordham University is committed to excellence and welcomes candidates of all backgrounds. Fordham University is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.

• Sitting: Nearly continuously
• Repetitive hand motion (typing): Often
• Hearing, listening, talking: Often
• Standing: Seldom
• Walking: Seldom
• Running: Not required
• Bending, stooping, kneeling, squatting, crouching, crawling: Not required
• Climbing stairs: Seldom
• Climbing ladders: Not required
• Reaching overhead: Not required
• Pulling, pushing: Not required
• Shoveling: Not required
• Lifting (up to 20 pounds): Not required
• Lifting (up to 50 pounds): Not required
• Lifting (over 50 pounds): Not required

Office Environment – Employees are protected from weather conditions or contaminants, but not necessarily occasional temperature changes.

• Required Documents: Resume, Cover Letter
• Optional Documents: None specified