Full Time Employee Contractor
Strategy ? Develop, maintain, promote and socialize across all Campus constituents a Campus information security strategy that is consistent with a public research institution. Provide broad oversight and direction to the Campus identity and access management team.
Program Management - Oversee campus information security programs (including Identity and Access Management) and activities within the unit and across the Campus to ensure effective implementation of the Campus information security strategy and critical security-related functions and services. Maintain and oversee security-related requirements for campus suppliers and partners doing business with the Campus. Manage large-scale security incident response efforts.
Policy - Manage campus information security policies, standards, procedures and guidelines are aligned with the Campus strategy, and regularly reviewed to reflect changing threat landscapes, Campus conditions, regulatory requirements, and industry best practices. Manage campuswide IT policies.
Governance ? Ensure the proper functioning of information risk governance on the Campus, obtaining senior leadership consensus on information security strategy, reporting to senior leadership the current state of the Campus information security program, and balancing information security with privacy concerns for the Campus.
Consultation - Provide expertise to senior management and executives levels on information risk.
Coordination - Manage security-related interaction with the Campus and System Legal, the Privacy, Business Contracts and Brand Protection, Office of Ethics Risk and Compliance Services, Campus Police, other law enforcement agencies, and other Risk Management offices to ensure sufficient coordination of the Campus information security risk management program.
Representation/Outreach - Serve as the campus authority and representative campus-wide, system-wide, nationally and beyond on matters related to information security.
? Bachelors degree in related area and/or equivalent experience/training. Advanced degree preferred
? In-depth knowledge of information technology security functional areas and as it relates to all aspects of the protection of Campus information assets and institutional data, including but not limited to personally identifiable information, education records, health records, human subjects data and financial data.
? In-depth understanding of privacy and security laws (state and federal), industry standards, information security policy frameworks, as well as extensive knowledge about a wide range of privacy/security laws, regulations and standards relevant to higher education.
? Proven management expertise in determining and recommending actions and affecting change across the Campus, providing a clear understanding and the information necessary for departments and individuals to carry out their responsibilities for information security risk management.
? Strong understanding of identity and access management domain including associated technologies and solutions
? Proven ability to balance information security needs with the organization's strategic plans, values, and other risks to formulate effective solutions
? Proven strong communication skills with project teams, stakeholders, senior management, and external contacts including both technical and non-technical audiences.
? High level interpersonal skills in order to work with both technical and non-technical personnel at various levels on campus.
? The ability to influence, or gain acceptance from, others in sensitive situations, without damage to the relationship.