Founded in 1841, Fordham is the Jesuit University of New York, offering an exceptional education distinguished by the Jesuit tradition to more than 16,000 students in its nine colleges and schools. It has residential campuses in the Bronx and Manhattan, a campus in West Harrison, N.Y., the Louis Calder Center Biological Field Station in Armonk, N.Y., and the London Centre in the United Kingdom.

The University offers a comprehensive benefits package that includes medical, dental, and vision insurance; flexible spending accounts; retirement plans; life insurance; short and long-term disability; employee assistance program (EAP); tuition remission; and generous time off.

Successful candidates should have a knowledge of and commitment to the goals of Jesuit Education.

Reporting to the Senior Director of DevOps Planning, the Director of Application and System Security is responsible for shaping and implementing the security strategy for applications and systems, both on-premises and in the Cloud.

This position ensures that security principles are integrated into the configuration of systems and the development and deployment of web applications across all stages. Additionally, this position collaborates closely with application and engineering teams to proactively address current and potential security threats and oversees the University’s system configuration management, maintains a secure Software Development Life Cycle (SDLC) program, and conducts regular audits, assessments, penetration tests, and vulnerability scans of systems and applications.


This position may require occasional evening, weekend, and holiday hours.

Formulates, defines, and executes application and system security strategies aimed at enhancing the adoption of new technologies and assesses the effects of these technologies on intended audiences through comprehensive impact analysis.

Manages the overall system configuration to ensure security and compliance, and ensures security is a core component in system configurations and the development/deployment process of web applications at all phases.

Oversees the security aspects of running systems and applications in both Cloud and On-Prem environments.

Partners with application and engineering teams to safeguard against existing and emerging security threats.

Implements vulnerability scanning of applications to detect potential security issues and leads penetration testing initiatives to identify vulnerabilities.

Crafts communications strategies by developing key messaging elements and channels, establishing timelines for agreed-upon actions, and overseeing the execution of the strategy.

Is responsible for a secure Software Development Life Cycle (SDLC) program.

Performs periodic audits and assessments for system and application security.

Negotiates with vendors, partners, and internal departments to achieve optimal security outcomes.

Formulates training strategies through the assessment of available materials, development of training plans, selection of appropriate delivery methods, and management of related risks and issues.

Bachelor’s degree in computer science or a related field.

Minimum of six years of IT resource and security management experience, including performing Threat Modeling and integrating these practices into the product lifecycle, conducting Attack and Penetration assessments and reviews, implementing a successful, highly automated SDLC program and using application vulnerability scanning products and Security Information and Event Management (SIEM) tools.

Proficiency in authoritative standards, guidelines, and best practices in information security.

Knowledge of cloud computing, virtualization, Cybersecurity framework (CSF), and ITIL framework.

Proven ability in leading teams focused on System Security Architecture, Secure Development Lifecycle Management, Application Security (Web and Mobile), Cloud Technology and Security, Risk, and Compliance.

Proficiency in penetration testing.

Excellent verbal and written communication skills, including public speaking experience.

Strong analytical and problem-solving abilities.

Effective customer focus and management of client expectations.

Excellent collaboration and team-building capabilities.

Good organizational and time management skills.

Demonstrated ability in consensus building across business and technology teams.

Proven ability to develop and maintain vendor relationships.

Background in security or technology administration within a Higher Education setting or a comparably decentralized environment.

Previous experience in roles such as network, server, database, or application administration.

Proficiency in using Project Management tools, such as Microsoft Project.

Possession of relevant information security certifications, including but not limited to CISSP, CISM, CCSP, CISA, or GIAC.

Fordham University is committed to excellence and welcomes candidates of all backgrounds.

Fordham University is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.