Chief Information Security Officer- IT-Information Security
Company: University of Delaware
Location: Newark
Posted on: September 21, 2024
Job Description:
Chief Information Security Officer- IT-Information Security
Apply now Job no: 501015 College / VP Area: Vice President for
ITWork type: Staff Location: Newark/Hybrid Categories: Information
Technology, Full Time JOB TITLE: Chief Information Security
OfficerCONTEXT OF THE JOB:The IT Information Security Office
assesses risks to University information assets and works closely
with a broad range of University constituencies to implement
appropriate administrative, technical, and physical controls to
comply with laws, regulations, funding agency requirements and
security policies. The office develops, implements, and maintains a
comprehensive information security program and establishes
policies, procedures, training, and awareness initiatives designed
to protect University information resources, limit liability, and
prevent legal and regulatory violations. In addition, the office
defines, promotes, and enforces policies and standards to manage
risks throughout the digital identity lifecycle, including user
identification and authentication, user privileges and account
management, in accordance with laws, regulations and contractual
obligations.Under limited direction from the Vice President for
Information Technologies and the Chief Information Officer, the
Chief Information Security Officer (CISO) is responsible for
information security governance, including strategy and program
administration, policy development, enforcement and compliance,
risk assessment, incident response, and training and awareness
programs. This position has overall responsibility for ensuring
that appropriate policies, standards, procedures, and automated
mechanisms, designed to appropriately protect the security of
information and facilities are documented and followed across the
Institutions (University of Delaware and University of Delaware
Clinics). Sensitive or protected information may include
information related to students, employees, faculty and patients,
as well as information protected by state, federal, or industry
policy (FERPA, HIPAA, FISMA, PCI, etc.). This information may exist
in either electronic or paper form. Physical security solutions
like building access control system and security cameras are also
supported through the CISO's office.MAJOR
RESPONSIBILITIES:Information Security Strategy
- Guide and counsel the VP of IT, IT staff, and key members of
the University leadership team; working closely with executive and
academic leaders in defining objectives for information
security.
- Meet with and inform executive leadership and the Board of
Trustees as needed.
- Lead the information security planning process to establish an
inclusive and comprehensive information security program for the
entire institution in support of academic, research, and
administrative information systems and technology. This Includes
establishing annual and long-range security and compliance goals,
defining security strategies, metrics, reporting mechanisms and
program services, and creating maturity models and a roadmap for
continual program improvements. Information Security Program
Administration
- Provide leadership, direction, and guidance in assessing and
evaluating University-wide information security risks.
- Develop, implement, and maintain a written information security
program that addresses people, processes, and technology.
- Identify and implement management, operational and technical
safeguards to manage risks associated with confidentiality,
integrity, availability and compliance with laws, regulations,
contractual or funding agency or other external requirements and
University IT security policies for central IT-controlled
systems.
- Identify and compile metrics to continuously assess the
efficacy of the risk management program and opportunities for
improvement.
- Provide data risk management consultation to IT leaders, data
stewards (officials responsible for different types of
institutional data-human resources, registrar, etc.), custodians,
technical experts, deans and administrative leaders on a wide
variety of complex information security issues.
- Work with data stewards and custodians to establish appropriate
data management protocols.
- Lead the development, implementation and maintenance of
information stewardship and security policies, standards and
protocols that create and maintain a risk management framework for
University information resources, data and systems.
- Define University-wide data management roles and
responsibilities for complying with applicable laws, regulations,
contractual, funding agency and other external requirements.
- Publish and promote information security policies to the
University community.
- Serve as the University compliance officer with respect to
federal, state and/or local information security laws, regulations,
contractual or funding agency or other external requirements.
- Work with the campus-designated officers and Vice President &
General Counsel on compliance issues as necessary (e.g., FERPA
records access, ITAR export controls and HIPAA privacy).
- Oversee monitoring and documentation of compliance assessment
and enforcement of data stewardship and information security
policies, protocols, and guidelines.
- Assess impacts of new technologies on the risks to the
University's central IT information assets; establish risk
management processes to review potential impacts of implementation
of new technologies.
- Guide the development of Identity and Access Management program
goals and strategic roadmap.
- Oversee the service team to implement best in class identity
management life cycle process in accordance with University
policies, laws and contractual obligations.
- Work closely with the University office of Vice President &
General Counsel to establish privacy and security requirements for
vendors of commercial software and/or services; assess vendor
privacy and security safeguards.
- Negotiate contract language to place risk-appropriate privacy
and security obligations on the application provider.
- Establish and oversees protocols to identify, assess, publicize
and/or coordinate responses to IT threats and vulnerabilities that
affect the University.
- Work closely with internal IT application developers to create
information security quality-assurance processes that address
information security throughout the software development life
cycle.
- Coordinate with appropriate process owners for central IT
disaster recovery, including preparation, testing and maintenance
of the disaster recovery plan.
- Participate in the evaluation of commercial information
security hardware and software offerings.
- Work closely with the UD Police Department, Public Safety and
Facilities group to provide application and user support for
physical security related technical solutions.
- Partner and consult with leaders across Grounds to define the
risks that accompany new AI technology.
- Assist the research community with a solutions-oriented
approach.
- Identify, prioritize, develop and leverage risk-based security
metrics to provide visibility of security posture to different
groups of audiences and leverage the data to make informed program
decisions.
- Develop and implement information security incident response
and reporting plans and protocols to address University information
security incidents and respond to alleged policy violations or
complaints from external parties.
- Investigate reported policy infractions and identify
remediation steps needed and/or recommend disciplinary
sanctions.
- Keep abreast of security incidents and oversee protocols for
assessing likelihood of data breaches.
- Convene and or participate as a key member of security incident
response teams as needed to plan and conduct appropriate
institutional responses to information security breaches.
- Serve as the official campus contact point for information
security, privacy, and copyright infringement incidents.Information
Security Training and Awareness Programs
- Provide leadership as a standing member of the Information
Security Awareness Program Steering Committee, creating education
and awareness programs and advising campus constituencies at all
levels on security issues, best practices, and
vulnerabilities.
- Pursue student security initiatives to address student
information privacy and security awareness needs.
- Develop and deliver ad-hoc security awareness
presentations.
- Work with Internal Auditing, external auditors, and consultants
as appropriate on security audits compliance checks and control
assessment engagements.
- Establish a cooperative working relationship with law
enforcement-including campus police or public safety and local,
state, and federal officials-for reporting incidents and conducting
investigations.
- Act as the official point of contact for representing UD on
Information Security and/or privacy matters.Knowledge Maintenance
and Professional Development
- Stay abreast of information privacy and security issues,
legislation and regulations affecting higher education at the
institutional, state, and national level.
- Participate in national policy and practice discussions and
communicate to campus about those topics.
- Collaborate with other colleges and universities to share
information or resources, as necessary, to improve the overall
security of the higher education sector.
- Engage in professional development to maintain continual growth
in professional skills and knowledge essential to the position.Unit
Administration
- Direct the administration and activities of the IT Technical
Security and IT Security Policy and Compliance groups. Set
department goals and objectives, reassess and redefine priorities
as appropriate to meet IT unit and University goals.
- Directly or indirectly supervise department staff including
staff for Information Security, Campus and Public Safety, UD Police
Department and CHS Clinic Staff; evaluate performance and provide
guidance and feedback, assess need for technical and professional
growth, and recommend development opportunities.General
- Prepare and present technical and non-technical data and
information to UD stakeholders.
- Manage programs, services, processes, and budgets of IT
security teams that report to the CISO.
- Work closely with other teams of the Information Technologies
Division to develop procedures, standards, processes, and
communication paths to forward security work and the work of the
broader division.
- Participate in the development of and engage in IT
governance.
- Serve as a leader and member of institutional committees and
professional groups.
- Perform other job-related duties as required.QUALIFICATIONS:
- Master's degree and seven years' experience in information
security, information technology or related area, or equivalent
combination of education, certification, and experience.
- Certification as a Certified Information Security Systems
Security Professional (CISSP), Certified Chief Information Security
Officer (CCISO), or Certified Information Security Manager (CISM)
or equivalent is preferred.
- A minimum of five years of experience with technology policy
and security administration.
- Demonstrated experience with evolving, state-of-the-art
information security technologies and approaches.
- Knowledge of computer forensic investigation methodology and
investigation tools.
- Experience with information system auditing including security
reviews, control selection, and evaluation of systems using a
risk-based approach.
- Experience in developing and administering a risk-based
information security program.
- Extensive working knowledge of and experience in the policy and
regulatory environment of information security, especially in
higher education is desirable.
- Knowledge of, and experience with information security
management, risk assessment, and regulatory compliance.
- Knowledge of, and experience with one or more of the industries
accepted controls framework (FISMA, ISO, NIST, etc).
- Knowledge of federal and state privacy and security laws and
regulations including FERPA, HIPAA, GLBA, PCI, and PCI-DSS.
- Possess integrity and high standards of professional
conduct.
- Demonstrated strong interpersonal and communications skills and
the ability to achieve goals through influence, collaboration, and
cooperation.
- Experience and skill in developing and administering policy and
procedure in a complex environment.
- Demonstrated ability to communicate technical concepts and
solutions to both technical and non-technical audiences.
- Demonstrated ability to work with senior university staff and
senior technical personnel.
- Proven ability to build strong and diverse teams.
- Proven ability to build relationships with and influence
external and internal partners and stakeholders of all levels.
- Ability to work collaboratively with a broad range of campus
constituencies and diverse groups.
- Preferred experience working in a higher education or a
research environment.
- Demonstrates an understanding and consideration of the
differing needs and concerns of individuals with varying
identities, cultures, and backgrounds.
- Committed to fostering a workplace culture of belonging, where
diversity is celebrated, and equity is a core value.
#J-18808-Ljbffr
Keywords: University of Delaware, Newark , Chief Information Security Officer- IT-Information Security, Executive , Newark, New Jersey
Didn't find what you're looking for? Search again!
Loading more jobs...