Apply on Employer Site

N.C. Department of Information Technology · 14 hours ago

IT Security and Compliance Manager II

Wake County, NC

Full-time

Hybrid

Mid, Senior Level

$101K/yr - $122K/yr

4+ years exp

The North Carolina Department of Information Technology is seeking an IT Security and Compliance Manager II to join the Information Security Office. This role focuses on cybersecurity leadership, program development, and compliance support for the 58 community colleges across North Carolina, ensuring the security of systems and data.

Information Technology & Services

Work & Life Balance

No H1B

Responsibilities

Deliver strategic and tactical cybersecurity guidance to college CIO, IT leadership, and executive teams

Collaborate with senior administration and academic leaders to define and implement a continuous improvement model for information security while fostering strong relationships across the institution

Serve as the technical authority on multiple technologies, including on-premises and cloud security

Provide leadership and support for the design and execution of a comprehensive, institution-wide information security program

Assist in defining near-term, annual, and long-term security goals, strategies, metrics, and reporting mechanisms

Develop maturity models and roadmaps for continuous improvement aligned with local and system-wide policies and standards

Drive security education and awareness initiatives

Provide expert advice on security best practices, vulnerabilities, and remediation strategies to reduce institutional risk

Monitor and interpret evolving cybersecurity threats, trends, and regulatory changes impacting higher education at state, system, and national levels

Partner with compliance leadership to build integrated security and compliance programs

Ensure adherence to state and federal regulations (FERPA, PCI, HIPAA, FSA, GLBA, NIST 800-53/800-171)

Support colleges with audit readiness, external assessments and compliance checks

Assist colleges in identifying and responding to threats

Assist and coordinate institutional response to security incidents

Act as liaison to system and state resources during major events

Participate in Cyber Incident Response Teams (CIRT) for investigation and resolution

Maintain and expand professional knowledge and skills through ongoing education and engagement with industry best practices

Qualification

Cybersecurity LeadershipInformation Security Program DevelopmentComplianceAudit SupportIncident Response LeadershipTechnical Architecture UnderstandingRisk Management ExpertiseSecurity Operations & ForensicsProfessional DevelopmentCommunication SkillsCollaboration Skills

Required

Bachelor's degree in computer science or a related IT field or related degree from an appropriately accredited institution and three years of progressive experience in IT security or closely related area including two years of supervisory experience

or Associate degree in computer science or a related IT field or related degree from an appropriately accredited institution and four years of progressive experience in IT security or closely related area which includes two years supervisory experience

or an equivalent combination of education and experience

Preferred

Minimum of 3 years of hands-on cybersecurity experience, including demonstrated organization and program leadership, problem-solving, process improvement, and project management capabilities

Preferred certifications demonstrating experience include, but are not limited to, CISSP, CCSP, CISM, GCSA, CEH, GCIA, GCIH, and SANS

Demonstrated understanding of security governance, frameworks, policies, and procedures, as well as compliance with federal and state privacy laws and regulations such as GLBA, FERPA, HIPAA, PCI-DSS, NIST 800-53/800-171, and CIS Controls

Proven experience in deploying, operating, and maintaining enterprise or local information security programs and technical controls

Skilled in conducting risk assessments, audits, and reviews, with experience in vulnerability analysis, control evaluation, likelihood determination, and risk prioritization

Solid knowledge of network and application architecture, including network protocols, routers, switches, and how these systems interoperate

Experience with incident response, intrusion detection, vulnerability and patch management, log analysis, and computer/network forensics

Excellent written and verbal communication skills, with experience presenting to executive leadership

Strong interpersonal and organizational abilities, and a proven track record of working effectively across cross-functional teams and diverse technical audiences

Benefits

Health insurance options

Standard and supplemental retirement plans

NCFlex program (numerous high-quality, low-cost benefits on a pre-tax basis)

Paid vacation

Sick leave

Community service leave

Paid parental leave

Personal observance

Twelve (12) holidays/year

Fourteen (14) vacation days/year which increase as the length of service increases and accumulate year-to-year

Twelve (12) sick days/year which is cumulative indefinitely

Longevity pays lump sum payout yearly (based on length of service beginning 10 years and up)

401K, 457, and 403(b) plans

Company

N.C. Department of Information Technology

The N.C.

Founded in 2015

Raleigh, North Carolina, USA

1001-5000 employees

https://it.nc.gov

Funding

Current Stage

Late Stage

Leadership Team

Torre Jessup

Chief Operating Officer

Alysa Kelly

Executive Assistant to Chief Deputy/CIO/Chief Privacy Officer/Director of Enterprise Operations

Recent News

Government Technology US

Scouting Gen Z: Finding Next-Generation Gov Tech Talent

2025-11-08

Government Technology US

New N.C. Tech Leaders Anchor Security, Privacy Strategies

2025-08-13

Government Technology US

Prioritizing for Impact: North Carolina CIO Teena Piccione Digs In

2025-07-09

Company data provided by crunchbase