The Information Systems Security Manager [ISSM] is a member of the Technology Services leadership team reporting to the Chief Finance Officer. The ISSM is responsible for contributing to the School's risk management initiatives and maintaining its compliance with relevant information technology laws policies and practices. The ISSM is responsible to develop and manage an information security program that protects and ensures the confidentiality, integrity, and availability of critical information and systems for the School.
The ISSM serves as the contact for Digital Millennium Copyright Act notices, leads both technical and administrative initiatives for risk, vulnerability, and penetration assessment and remediation, IT incident response handling, Cloud and Systems integration, contract review, and security assessment, PCI-DSS systems deployment and compliance and campus security awareness campaigns. The ISSM maintains a responsibility to, and thorough understanding of, legal issues pertaining to computing, networking, telecommunications and work with various School departments and committees to develop policies and procedures to ensure compliance with these issues and to educate the School community on these issues.
Deals with legal and policy issues pertaining to computing, networking, and telecommunications.
Serves as the primary coordinator of the Information Security Program to ensure compliance with the Gramm Leach Bliley Act pertaining to financial records and confidential information.
Creates and maintains the Loyola High School Information Security Plan which documents compliance with various state and federal statutes pertaining to electronic security and privacy.
Actively monitors security, policy and legal websites for proceedings and legislative initiatives which could have a legal bearing upon computing, networking, and telecommunications activities at the School.
Deals with security issues pertaining to computing, networking, and telecommunications.
Monitors various system logs and reports looking for evidence of unauthorized access, possible copyright infringement, and computer worms, virus or malware infestation.
Scans computing systems and networks looking for evidence of unsecured computers and computer worms, virus or malware infestation.
Utilizes and cross-references computer logs to identify individuals responsible for various activities ranging from copyright infringement and generating excessive network traffic through violations of legal statutes.
Blocks and restores access to network connectivity from computers involved in policy or legal violations.
Identifies and recommends methods to make computing systems at Loyola more secure.
Coordinates response to computing, networking, and telecommunications security incidents with the CFO, President, Principal, and the Director of Human Resources.
Participates in the evaluation and implementation of security related technologies such as authentication and authorization mechanisms, encryption, certificate services, anti-virus, and malware software, network filtering, firewalls, and proxy servers
Works closely with Information Technology staff on the identification and implementation of appropriate security software and appliances.
Develops and implements security-related audit reports:
reports student violations to the Principal and to the Dean of Men
faculty and staff violations to the CFO, and the Director of Human Resources
Develops and coordinates testing procedures to ensure campus-wide accessibility to data and software.
Provides some leadership and oversight of team members to ensure compliance with legal regulations and School Policies related to Information Security; implements best practices to protect Loyola 's digital information environment; responds to Information security threats; ensures secure and appropriate access to School computing systems.
Works closely with the IT Director and provides guidelines, tools, and training for best practices, accuracy, and efficiency in account provisioning and maintenance.
Provides guidelines and training to ensure the protection of privacy and confidential information.
Communicates with staff regarding planning efforts, new directions or recommendations and significant events in Identity Management, Security, and Information Policies.
Lead planning committees and project committees related to Loyola 's Information Security Environment.
Manages communications and support issues pertaining to computing, networking, and telecommunications.
Responsible for making campus-wide announcements in response to security and support issues regarding computing, networking, and telecommunications.
Provides training and technical support for confidential and protected systems.
Manages and authorizes user access based on Loyola 's computing and telecommunications policies and procedures.
Trains users about specifics of access to particular systems and promotes ethical use of protected information.
Educates the user community on the ethical use of computing, networking and telecommunications resources.
Provides technical support to the Loyola Community on all issues pertaining to computing security, viruses and worms, copyright and other laws and general computing issues.
Oversees the development of a security awareness program for the School community.
Works with Human Resources to update and maintain relevancy in the School’s Acceptable Use Policy [AUP] signed annually by every employee, and at time of hire.
Participates in professional development by maintaining relevant Security Industry certifications and compliance training, relevant to the position and the needs of the School.
Responsible to abide by all ethical standards put forth by Security industry certification bodies such as ISC2, SANS, ISACA, PCI-DSS and others as appropriate.
Responsible to maintain Continuing Professional Education and other re-certification qualifications as required to maintain appropriate information security related credentials.
Responsible to advance and protect the information security of the School and provide awareness, training, and education to others within the community
EDUCATION, SPECIFIC KNOWLEDGE, SKILLS AND ABILITIES
Bachelor's Degree in Computer Science or related degree, or equivalent combination of education and experience
Two to five years of related work experience
Project management training and/or certification preferred
CISSP, CISM, or SANS Certifications preferred
Superior communication and interpersonal skills enabling the incumbent to work successfully with employees at all levels.
Excellent writing ability and organizational skills
Solid analytical, decision making and problem-solving skills