Job Description
To provide IT Compliance/Audit, Risk Management, Controls mapping and operational information security support, and to support the University Information Security Office Program to advance in principle, policy and practice. To provide awareness and training to ITS and departmental stakeholders who have responsibilities for systems and applications.
Knowledge, skills and abilities
Comprehensive understanding of cloud computing security configurations, preferably with experience in AWS, GCP, and/or Microsoft Azure. Thorough understanding of IT security and privacy frameworks, standards and regulations, including ISO27001, NIST, HIPAA\HITRUST, PCI-DSS, GLBA, DMCA, and export control laws. Considerable knowledge in cybersecurity in one or more roles, including security analyst, compliance and regulations, risk management or audit.
Strong analytical, organizational, and problem-solving skills. Proven written and oral communications skills. Strong project leadership skills with both legacy and emerging technologies to assess and manage business risk and enforce security controls. Proven project management, multitasking, and organizational skills. Demonstrated ability to integrate cybersecurity into business processes. High level of integrity and trustworthiness, with the confidence to represent the organization and security leadership professionally. Ability to work effectively with diverse teams and promote a positive enterprise-wide security culture. Ability to maintain credibility with the team and external stakeholders through sustained industry knowledge. Efficient self-starter requiring minimal supervision.
Special licenses, registration or certification
None.
Education or training
None.
Level and type of experience
Considerable experience with information security, risk analysis, audit, privacy, compliance or related fields. Considerable experience with security architecture and implementation of technical controls. Working management experience, including leading and developing technical teams.
Additional Considerations (supplemental knowledge, skills, abilities, education, experience, licensure, certification)
Basic understanding of service design, delivery concepts and control frameworks. Familiarity with IT Continuity of Operations and Disaster Recovery planning. Familiarity with security analysis tasks such as network security monitoring, incident investigation and handling, vulnerability scanning, penetration testing, and forensics. Forward thinking with strong business acumen and flexibility.
Some experience working in a higher-education information security, compliance or audit office.
Some experience with IT risk assessment and risk management processes such as OCTAVE, Binary Risk Management, or NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems. Security or Assurance certification such as CISSP, CRISC, CGEIT, CCSK.
Project Management (PMP) and\or Service Management (ITIL) certification(s).
Conditions of Employment
This position is designated as sensitive. A fingerprint-based criminal history check will be required of the final candidate.
This is a remote position working a traditional 40-hour week.
This is an open until filled recruitment. This recruitment may close after the five-day required posting period when a suitable pool of applicants has been generated.