The University of South Alabama is one of the fastest growing universities in the South, providing quality academic programs, innovative classroom experiences, and a campus rich in diversity and student life.
Provides strategic guidance and coordination for risk and compliance management of University of South Alabama information technology programs; creates, implements, and improves IT risks and compliance management processes specifically for meeting compliance in regards to NIST SP 800-171, NIST SP 800-53, DFAR 252-204-7012; working closely with the Director, Information Security, this position reports to the Assistant Vice President of Information Technology with dotted line reporting to both the Vice President of Finance and Administration and Vice President of Research.
Responsibilities include coordinating and, in some cases, performing security reviews, risk assessments, risk management, policy standards and guidelines, security awareness and training, audit coordination and project management; implements and monitors the University's complex information and data security environment in accordance with best practices and standards; specifically, NIST SP 800-171, NIST SP 800-53, DFARS 252-204-7012, and related requirements, with initial emphasis on appropriate compliance with the 110 controls of NIST SP 800-171; serves as subject matter expert on security requirements and ongoing risk and compliance assessment program development, including policy and procedures development and implementation and compliance with relevant policies; ensures the offices that support campus security, to include, the Attorney's Office and Campus Police, are fully aware of the campus' activities relating to NIST SP 800-171 and related regulatory and compliance requirements; provides periodic reporting on information technology risk and compliance issues to the Assistant Vice President of Information Technology, Vice President of Finance and Administration, and Vice President of Research; works with and acts as liaison with external entities to assist in establishing policies and procedures related to new and expanding regulations regarding information and data security; ensures external entities are responding to campus needs and contractual requirements; remains on 24-hour call for problem determination and corrective action; regular and prompt attendance; ability to work schedule as defined and additional hours as required; related duties as required.
Bachelor's degree in a related field from an accredited institution as approved and accepted by the University of South Alabama and five years of combined professional experience in Information Technology, Information Security, and Project Management. Demonstrated experience in security, risk, and compliance disciplines is required. Bachelor's degree in Computer Science and Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) are preferred.