Reporting to the Vice President of Information Technology, the Information Security Specialist is responsible for managing information security strategies, planning, and policies, and developing and maintaining data security programs for the College. The Information Security Specialist helps ensure protection of institutional data and assets, leads cybersecurity risk management practices, and assesses vulnerability status to continuously monitor and enhance the College’s information security protocols. The incumbent must have a strong understanding of data protection practices, related regulations, and security infrastructure, and will help ensure adherence to appropriate controls and regulatory compliance, as well as regularly conduct user training programs and awareness campaigns to promote a culture of information security and privacy aware environment.

Essential functions – 90 %

• Develop and maintain a comprehensive information security and privacy standards and system security frameworks, and implement policies and processes to enhance controls and reduce risk across the College.
• Working with VP of IT, develop responses to requests for information that include, but are not limited to, institutional audits, insurance renewals, and official agencies.
• Assess and evaluate compliance against information security policies and standards, proactively identifying non-conforming areas, assessing risk, enforcing set policies, and providing risk response strategies as appropriate to balance compliance and innovation. Recommend and implement compliance measures that mitigate risks and maximize access to education.
• Advise IT management in future state problems, challenges, and industry trends and regulations in cyber security controls and data protection, and work collaboratively to enhance capabilities and processes.
• Monitor regulatory and legislative landscape, and recommend change requirements to maintain compliance. Stay current on industry trends around cyber risk and data protection practices. Assist IT management with compliance regulations that include, but are not limited to, FERPA, PCI, GLBA, GDPR, and PIPL.
• Working closely with IT, help analyze and investigate known and emerging threats to determine risks, address risk response strategies, and recommend proactive cyber risk management programs that contribute to a secure and resilient infrastructure.
• Prepare reporting and/or dashboards as appropriate on security compliance, cyber risks, and incident management. Document research and analysis encompassing historical trend, current state, and predictive analysis.
• Create and deliver data security training programs to maximize protection for the College and to increase user awareness and knowledge about information security.
• Regularly conduct information security awareness campaigns and training for faculty, staff, and students that include best practices on data privacy and security principles.
• Create and maintain business continuity plans, and other applicable recovery plans. Help organize contingency plans and coordinate scheduling of periodic tests. Collaborate and coordinate the business continuity plans across College departments and maintain up-to-date plans.
• Help assess role-based access, including physical/facilities control systems and access levels through periodic reviews, in addition to technical and administrative control measures.
• Help assess equipment protection of College properties to ensure compliance to data protection and system security policies.
• Support IT staff in the evaluation of solutions, development of procedures, and testing of data protection measures.

Non-essential functions – 10 %

• Lead or participate in committees as assigned
• Other duties as assigned

• Bachelor’s Degree in Information Security, Cybersecurity, Computer Science, Information Systems, or a related field
• Security Certification such as CISSP, CISM, CISA, and PCIP
• 5 years of information security experience in an enterprise setting
• Strong knowledge of data protection regulations such as FERPA, PCI, GLBA, GDPR, and PIPL
• Strong knowledge with security incident response practices
• Strong knowledge of data security of ERP systems, and security practices and advancement of related auxiliary systems
• Experience with compliance controls through control implementations and process design
• Knowledge of vulnerability scans and penetration tests, and intrusion detection methodologies
• Knowledge of firewalls, cryptography, identity and access management systems, directory services, SSO, and secure web and application development with strong understanding of security industry and best practices in network, application, database, and hardware platforms
• Knowledge of application security and database technologies used to store enterprise information, directory services, and information systems auditing
• Strong verbal and written communication skills in both business and technical subject areas with ability to effectively communicate complex information to diverse audiences
• Strong research and analytical skills with proven ability to anticipate, measure, and plan for emerging risks to meet anticipated needs
• Strong organizational and collaborative skills with ability to manage multiple projects, facilitate discussions, and recommend solutions
• Experience with complex project or program management
• Experience developing and conducting security campaigns and training programs
• Ability to work outside of normal business hours
• Ability to work independently as a self-starter
• A commitment to DEIAB and culture, and the ability to establish and maintain effective working relationships within ArtCenter’s diverse communities

Preferred Qualifications

• Experience in higher education
• Cyber incident response management experience
• Regulatory experience and/or background in compliance and controls