...
Duties and Responsibilities
Leadership
- Perform other duties as assigned to ensure the smooth functioning of the department and maintain the reputation of the organization as a viable business partner.
- Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
- Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates.
...
Risk
- Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
- Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the University's information and technology systems.
...
- Must be able to assess computer hardware, software, and systems for security risks or violations and work with ITS and campus staff and technology vendors to recommend solutions. Develop strategies to address awareness and training for all stakeholders as well as technical solutions. Must be able to assess the status of complex multi-location projects as well as identify and implement appropriate corrective measures to resolve issues as they arise. Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations.
Contingency planning (IR, BC, DR)
...
Knowledge, Skills, and Abilities
Minimum Qualifications
- <<x>> years of advanced IT skills with high level of information security experience and expertise
- Knowledge of information security risk management frameworks and compliance practices.
- Knowledge of securing network technologies, client, and server operating systems.
- Ability to develop security standards and guidelines based on best practices and industry standards
- Experience responding to, analyzing, and communicating information security incidents
- <<x>> years of planning and managing security projects
- Excellent interpersonal, communication, and presentation skills, including formal report writing experience
- Understanding of common security standards and regulations relating to a higher education environment (e.g., PCI DSS, FERPA, ISO2700x, etc.)
- Must be well versed with laws affecting the higher education environment in the following areas:
- Student Privacy
- Health Care
- Finance
- Research Compliance
- State Regulations
Preferred Qualifications
Bachelor’s degree in information technology or other related field
Information security experience in higher education or state/local government
Skills in documenting risk and compliance activities
Information security related training or certifications such as CISSP or CRISC
Experience performing information security audits or risk assessments
Familiarity with security auditing processes
Must be familiar with dashboard creation
Must have an understanding of campus policy development and dissemination
...