UIW Mission University of the Incarnate Word is a Catholic institution that welcomes to its community persons of diverse backgrounds, in the belief that their respectful interaction advances the discovery of truth, mutual understanding, self-realization, and the common good.
Position Summary The Director of Information Security will complement the central office IT leadership team by developing strategies, policies, and procedures to effectively protect university information assets and mitigate institutional risk.
The Director of Information Security is a full-time, exempt position dedicated to IT security. S/he is responsible for the development and enforcement of the University's information security policy and strategy. The Director will oversee the selection, development, deployment, monitoring, maintenance, and enhancement of the university's security technology. The Director will develop and sponsor an information security education and awareness program by effectively communicating broadly and by collaborating with leadership in administrative divisions and schools across the university to deliver the program successfully, educating administrators, faculty, and staff. The Director will keep current with cyber-security threats, communicate effectively and take appropriate action to reduce the probability of risk to the institution. Addressing the expansion and availability of consumer-focused digital technologies, the director will recommend the adoption or exclusion of technologies and practices that afford the community a balance of convenience with secure and safe practices. The Director of Information Security will collaborate with other IT directors in developing strategy and policy related to securing privileged access to and storage of university data residing in central repositories both on premise and in the cloud and will assist with overseeing the successful implementation. The Director will help university leadership develop and implement risk management procedures across the enterprise by understanding key IT services that must be maintained to reduce financial loss and critical customer service capability. The Director will monitor and oversee the viability, stability and security of data backup and recovery processes and stable performance of high-availability services. The Director will coordinate with IT leadership, systems engineers, analysts, administrators, and auditors to identify and plan for security and safe practices in all aspects of data, applications, hardware, telecommunications, and computer installations. The Director of Information Security will be responsible to perform and coordinate IT risk assessments, IT audits, and security incident investigations. Other duties and related work as necessary or assigned.
Job Duties Job Duty Name Develops information security strategies, policies, and procedures
Description of Job Duties Publishes and works with university constituents in delivering IT security standards, best practices, architecture and systems to ensure information system security across the enterprise. Ensures the implementation of processes and methods for auditing and addressing non-compliance to information security standards. Guides the facilitation of non-compliant environments to compliant environments. Directs/guides others as needed in the planning and implementation of security administration for all IT projects. Will oversee the selection, development, deployment, monitoring, maintenance, and enhancement of the university’s security technology. Works closely with other IT directors to ensure the viability, stability and security of data backup and recovery processes and excellent performance of high-availability services
Job Duty Name Develops, implements, and monitors a program of information security education and awareness
Description of Job Duties Works collaboratively with university leadership to develop and deliver a program to educate administrators, faculty, and staff about how best to safeguard information assets and to comply with legislative mandates such as HIPAA, PCI-DSS, FERPA, et.al. Uses influence to bring others on board while monitoring and verifying compliance.
Job Duty Name Leadership
Description of Job Duties Participates on the Information Resources leadership team. Works with IT and university leaders in providing critical guidance on general information security, the IT systems and services employed to reduce risk and human behaviors that subject the institution to risk in regards to data privacy or conflicts with security policy provisions. Educates and influences others to conform to information security policy, the handling of data in compliance with regulations, and best practices. Will directly supervise IT personnel.
Job Duty Name Performs IT risk assessments, audits, and security incident investigations
Description of Job Duties Uses methods and tools to conduct vulnerability assessments, testing internal and external network perimeters for accessibility. Establishes log management best practices and monitors logs for nefarious or suspicious activity. Investigates and analyzes activity associated with a security incident. Reports findings and recommends remediation. Works with internal and external auditors to ensure compliance with adopted IT policy and procedures, and legislation related to data privacy or security provisions in safeguarding specific information.
Job Duty Name Manages Information Security Budget
Description of Job Duties Develops and manages a budget. Collaborates with other IT directors to direct operational funds toward priority security projects. Requests new funding for priority projects with appropriate justification. Follows university procedures to procure technology and services that support the information security strategy.
Knowledge Skills and Abilities • Strong balance of technical and communication skills • Exceptional writing, speaking, and general communication skills • Exceptional knowledge of information security standards and best-practices such as the NIST Cybersecurity Framework or ISO 27001. • Ability for independent thinking, working, and self-discipline and self-motivation • Executive level professionalism with information technology and security technical background • Sufficient knowledge of technologies that support a strong security posture for a complex infrastructure largely Cisco-based including switches, firewalls, F5 load balancers, routers, telecommunication gear, Meraki and Cisco wireless networks, and Cisco VPN. • Sufficient knowledge and technical skills in areas such as identifying and preventing common and wireless attacks. Additionally, knowledge of secure and effective access controls, authentication, password management, DNS, cryptography fundamentals, ICMP, IPv6, public key infrastructure, Linux, Windows servers, VMWare, network mapping, and network protocols. • Knowledge of legislation and information security practices to comply with HIPAA, PCI-DSS, FERPA, and others. • Ability to effectively communicate with and collaborate with a diverse populations and individuals from diverse communities and cultures across all university administrative divisions, academic programs, and health science professional schools. • Ability to work with other IT directors and teams to institute strategy, policy, and best practices to mitigate institutional risk. • Knowledge of network systems, software and hardware platforms, and endpoint protection. • Works with other IT directors in setting performance expectations of staff and manages subordinates effectively. • Employee shall adhere to all applicable rules and regulations of the University, the Conference, and the NCAA.
Required Education Bachelor’s Degree in appropriate technology or related discipline
Required Work Experience Five years of experience in a technology leadership position that is relevant to described knowledge, abilities, and responsibilities.
Preferred Qualifications • Master’s Degree • Hold relevant information security certifications such as: o CompTIA Security+ o CEH: Certified Ethical Hacker o GSEC: SANSGIAC Security Essentials o CISSP: Certified Information Systems Security Professional o CISM: Certified Information Security Manager o Experience in higher education in a technology leadership position.
Required Certifications, Licenses or Registrations
Posting Number: AS521PO Job Type: Full Time Job Category: Administrator (exempt) Desired Start Date: Position End Date (if temporary): Reports To: VP of Information Resources & CIO Salary: Open Date: 10/30/2017 Close Date: Open Until Filled: Yes
Special Instructions to Applicant Please submit a letter of interest, resume explaining any gaps in employment, and contact information for three professional references preferably of supervisors.
UIW is committed to a policy of equal opportunity in employment, without regard to race, color, national origin, disability, genetic information, veteran status, sex, gender, age, or religion (except in limited circumstances when religious preference is both permitted by law and deemed appropriate as a matter of University policy).