Overview

Date:  November 6, 2020

Position Available:  Director of Information Security

Position Reports to:  Director of Information Technology Services

Department:  Information Technology Services (ITS)

FLSA Status:  Exempt

Schedule:  Full-time, Monday – Friday, 8:30 AM – 4:30 PM; Occasional evening and weekend work required; Occasional travel is required.

 

Please apply online:  https://franciscan.edu/director-of-information-security/

 

POSITION SUMMARY

The Director of Information Security will serve as the lead architect of the cyber security program at Franciscan University of Steubenville and will design, implement, track, and report on the cyber security initiatives of the University.  In addition, this role will be the lead for internal or external audits, conduct in-house regulatory risk assessments for several compliance areas (GDPR, FERPA, PCI, HIPAA, etc.), and will manage the University firewalls.

 

PRIMARY RESPONSIBILITIES

 

1.      Program Leadership:  Create and manage institution-wide information security governance processes and establish an information security program and project priorities.  Provide guidance and counsel to the Director of ITS and key members of the University leadership team, working closely with administration, academic leaders, and the campus community in defining objectives for information security while building relationships and goodwill.

 

2.      Policy Compliance and Audit:  Work with the Director of ITS to drive effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.  Monitor and restrict access to sensitive, confidential, or other high-security data. Work with Internal Audit, State Board of Regents, Auditor General’s Office and outside consultants, as appropriate, on required security assessments and audits.

 

3.      Outreach, Education, and Training:  Work closely with ITS leaders, technical experts, deans, and administrative leaders across campus on a wide variety of security issues that require an in-depth understanding of the IT environment. Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities. Work with campus groups to build awareness and a sense of common purpose around security. Pursue student security initiatives to address unique needs in protecting identity theft, mobile social media security, and online reputation program.

 

4.      Risk Management and Incident Response:  Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise. Convene Ad Hoc Security Committee, as appropriate, and provide leadership for breach response and notification actions for the University. Develop, implement, and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk. Provide direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies. Examine impacts of new technologies on the Institution’s overall information security. Establish processes to review implementation of new technologies to ensure security compliance.

 

This is not intended to be an all-inclusive list.  Additional duties, expectations and responsibilities may be added or changed as needed to meet the University’s needs.

 

REQUIREMENTS

Must understand, support and embrace the mission of Franciscan University of Steubenville and possess the following:

 

Work Experience

·        7+ years of information security, IT operations, and compliance experience.

·        Working knowledge and experience in the policy and regulatory environment of information security, particularly in higher education, is highly desirable.

·        Experience in risk mitigation and management required.

·        Demonstrated, current knowledge of emerging privacy legislation, security threats, technical challenges, and developments in system protection and IT security standards; latest security regulations, adversaries, alerts, and vulnerabilities.

·        Demonstrated experience advising and collaborating with senior management is required.

·        The ability to work in a team/collaborative environment with a broad range of constituencies is essential.

·        Higher education experience a plus.

 

Competencies

·        Dealing with Ambiguity: Works well in situations where there is no single right answer.

·        Decision-making: Appropriately considers the various stakeholders who might be impacted by a decision.

·        Managerial Courage: Does not hesitate to take an unpopular or non-traditional stand on a particular issue.

·        Planning: Accurately assesses the complexity and difficulty of specific projects and initiatives.

·        Strategic Thinking: Follows relevant trends and accurately anticipates future implications for the University.

·        Technical/Functional Skills: Actively seeks out ways to practice and continually improve the required skills or knowledge.

·        Verbal Communications: Presents effectively in multiple settings: one-on-one, small/large groups, peers, staff, and managers.

·        Written Communications: Effectively identifies and organizes the key points needed for an effective written communication.

 

Education

·        Bachelor’s degree in Computer Science, Information Management, or other related field is required; an advanced degree is preferred.

·        Professional certification (e.g., CISSP, CISM, CISA, CEH) is highly desirable.

 

Technical Skills

·        Demonstrated skills in IT risk management and mitigation, particularly with respect to data security and privacy issues.

·        Demonstrated skills in IT security policy development.

 

Workplace Factors

·        Occasional weekend and evening work required.

·        Occasional travel is required.

 

Candidates must submit an online application, a resume and a cover letter that demonstrates their fit for the position based on their experience, accomplishments and skills as well as their desire to advance the mission of Franciscan University.

 

Please apply online:  https://franciscan.edu/director-of-information-security/

 

For other information and job postings, visit our website at https://www.franciscan.edu

 

Franciscan University of Steubenville is committed to principles of equal opportunity and is an equal opportunity employer.