Information Security Engineer

The Information Security Engineer provides security engineering expertise to the NYU community. Manage information and cybersecurity engagements and deliver security engineering and audit services for all technology change initiatives to all business units and schools including global locations. Partner with schools and units, critical stakeholders in Research, and various IT teams to define the scope, work effort, and deliverables for the information security engagement and oversee multiple arrangements.

Document and address NYU information security, and hybrid Cloud and systems security engineering requirements throughout the acquisition life cycle working. Identify opportunities for improvement and further development of services, including the development of cybersecurity technical standards and guidelines. Identify cybersecurity control requirements for technology and secure research initiatives. Design effective and practical solutions to meet those requirements in alignment with the overall objectives while establishing buy-in from the schools and units.

Act as a subject matter expert, assess the business impact of information security risks in the enterprise, and identify options and recommendations for mitigating those risks. The Information Security Engineer is vital in safeguarding research and intellectual property. Understanding of security frameworks such as NIST and ISO, comprehending information security regulations, and proactively identifying and addressing emerging compliance issues and threats to research assets.

Audit system security via the GOIS Security Validation Process. Evaluate and develop secure solutions based on approved security architectures. Work closely with other functional area engineers and information security specialists to ensure acceptable security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently and support NYU objectives. Communicate information security and secure research risks and solutions to various technical and non-technical audiences and levels of management.

Communicate and interact effectively and professionally with co-workers, management, internal and external customers, and partners.

Bachelor's Degree or equivalent combination of education and experience.

5+ years experience involving information technology and/or information security, compliance, or risk management.

5+ years Experience with structured Information Security Enterprise Architecture practices, hybrid cloud deployments, and on-premise-to-cloud migration deployments. Experience in designing, implementing, and delivering security for cloud-native, distributed computing, and architectural solutions with the principle of 'Secure by Design.” Experience delivering information security expertise through a deep understanding of the academic and secure research environment, IT security technologies, and processes supporting the university research mission.

Maintaining and applying understanding of NIST frameworks to public cloud solutions. Providing timely operational, technical, and consultative guidance to promote a secure and compliant technology environment by maintaining confidentiality and acting with the highest ethical standards.

Demonstrated understanding of IT security principles and concepts. Ability to communicate information and security concepts to non-technical audiences. Knowledge of cybersecurity applied to the cloud, data, applications, platforms, operating systems, and networks. Have a strong working understanding of information and cybersecurity architectural principles and models. Ability to develop cybersecurity standards and patterns. Strong ability to navigate an NYU multi-school and global campuses environment and build cross-functional relationships with the local IT and security leadership teams.

Organized, process-oriented, and able to manage multiple concurrent work streams. Excellent written and verbal communication skills. Must be able to effectively communicate…