Under general direction of the CIO at UWRF with input from the CIO at UW-Stout. This position will report to UWRF but is expected to conduct all duties and responsibilities of the position equally amongst the two campuses. This position is responsible for research, development, implementation and ongoing monitoring of IT security and regulatory compliance policies, controls, programs and facilities, including the development and maintenance of a comprehensive Information Security Assurance Program that encompasses awareness, training, risk assessment and mitigation, incident response and disaster recovery and business continuity.
This position also establishes an overall framework for IT policy development as well as performing or overseeing the actual research, development and implementation of IT policies to ensure effective and efficient IT operations and compliance with applicable laws and regulations governing University data and IT operations.
This position is a full-time position with 50% appointment to UW-River Falls and 50% appointment to UW-Stout. While work and regulations will be similar, each campus is independent and policies and procedures in some cases may be unique at each campus. Each campus will expect this employee to work from on-site during information security incidents as needed. The home campus for this position will be UW-River Falls and the employment policies of that campus will apply to this position.
Global universities and their information security threats never sleep, there may be a need for this position to be an information security response leader while working outside of normal business hours including nights, weekends and holidays.
Required Knowledge, Skills and Abilities:
• Must be a US Citizen. • Ability to pass Wisconsin Department of Justice, Crime Information Bureau, finger-printed background check (CJIS) conducted by the University Police department (https://www.doj.state.wi.us/dles/cib/background-check-criminal-history-information) within six months of hire and must maintain this status as a condition of employment. • Bachelor’s Degree in Information Security, Computer Science, Management Information Systems, Business, or a related field. • Minimum of 3 years progressively increasing responsibility in an IT policy, IT security or IT governance role preferably in a higher-education setting. • Must hold, or be able to obtain within six months of hire, a management-oriented security certification (e.g., CISSP, CISM or GSEC). • Knowledge of networking technologies including network security technologies including firewalls, VPN, network intrusion detection / prevention and related systems. • Strong knowledge of IT security practices, application development and operational frameworks such as Incommon Assurance, NIST CyberSecuity Framework, ISO/IEC 27001 Security Framework, Open Web Application Security Project (OWASP) practices or Control Objectives for Information and Related Technologies COBIT. • Strong knowledge of data and security regulations and their application in Higher Education, including FERPA, HIPAA-HITECH, PCI, GLBA, FTC’s Red Flags Rule, GDPR, CJIS, WI Statute 134.98 and other applicable regulations. • Ability in leading an Information Security Response team including triage of daily operational events and leadership of incident management teams including the ability to drive coordination with organizational management in a corelated response. • Ability to lead internal and external regulatory self-assessment, audit and compliance response teams, to coach team members in providing responses in a truthful and coordinated manner while ensuring not to increase the risk profile for the institution. • Ability to implement organizational change while utilizing IT project management principles, processes and methodologies. • Strong ability to form and lead cross-functional teams in implementing process and organizational change. • Ability to form strong business partnerships across distinct campus departments and business units. • Ability to articulate strategy and vision and present plans, proposals and issues to executive management. • Ability to manage multiple competing priorities and remain calm and focused in high-pressure situations. • Ability to be self-directed under a general supervision by the two Chief Information Officers at two separate and distinct institutions. Ability to mitigate conflicting priorities and to decrease redundancy between the organizations while developing gained efficiencies of scale between the two organizations (do once, repeat results.) Account for time and provide written reports of activities to the organizations.