CISO & IT Director Information Security-ITACD
Job DetailsJob LocationMain Campus - Edmond, OKPosition TypeStaffJob CategoryOTRS ClassifiedDescriptionSalary:
Salary is disclosed within the application as an application question.
Position Overview:
Under the general direction of the Chief Information Officer, the Director of Information Security and Chief Information Security Officer (CISO) provides strategic leadership for centralized, enterprise-level technology service delivery for the Office of Information Technology.
Responsible for the development, delivery, and oversight of comprehensive information security and risk management plans for the University.
Accountable for ensuring alignment with IT vision and strategy within area of responsibility.
Ensures the area's technological level remains up to date, defines standards, and implements new policies, procedures, and techniques with 24x7 availability and support.
As part of the Leadership Team, the Director must effectively communicate and collaborate with leadership, and staff, across the university to support strong partnerships between IT and the community, and to ensure that the Office of Information Technology is positioned to meet the current and future needs of UCO.
Responsible for performing job duties in accordance with the mission, vision, and values of the University of Central Oklahoma.
Department Specific Job Functions:
The Director of Information Security and CISO has university-wide responsibility regarding all matters of information technology security.
Provides security oversight for all information technology assets, including infrastructure, end-point devices, applications, communications technology, etc.
This position works closely with the IT leadership team to create, articulate, and implement university-wide security vision and strategy to support the high quality and reliability of the services offered by UCO OIT.
Oversees the creation and maintenance of the university's information technology security policies and practices, lead security risk assessments and their management for the university and develop and manage university-wide education and training regarding information technology security policies.
Partner with the University stakeholders and other IT domains to define and establish an enterprise-wide Information Security Management Program (SMP) with supporting organization structure and clear ownership and accountability.
Direct/oversee all activities related to Information Security - Cyber Security, Incident Response, Risk Management, Policy Development / Enforcement, Security Monitoring, and Security Compliance.
Deploy an information security and risk management framework, leveraging industry best practices, which can support a cross-organizational strategy for information security management.
Develop, implement and maintain a university-wide information security plan.
Prepare, document, maintain and disseminate information security policies and procedures including information security controls, incident response planning, and identity and access management policies.
Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced.
Ensure information security compliance through implementation of university-wide information security training and periodic security audits.
These audits should be scheduled periodically and be both internal and external in nature.
Review and respond to breaches or incidents in the confidentiality, integrity or availability of institutional data including impact analysis and recommendations for avoiding similar vulnerabilities.
Ensure compliance with the changing laws and applicable regulations.
Identify vulnerabilities, threats and incidents in the university's information technology infrastructure and work with OIT service owners to resolve these issues.
Maintain a current understanding of the IT threat landscape for the industry.
Constantly update the cyber security strategy to leverage new technology and threat information.
Manage, coach, and mentor direct reports and others in the organization.
Ensure team members' technical skills are kept current by identifying and supporting appropriate training and other professional development opportunities.
Facilitate effective communications and knowledge sharing between IT Managers by facilitating regular leadership team meetings for those within area of responsibility.
Oversee key performance indicators and Service Level Agreement (SLA) metrics to meet management targets.
Report performance to senior leadership on a frequent basis.
Understand and proactively manage the funding/budget for area of responsibility.
Proactively negotiate and manage the contracts for all consultants and contractors working within area of responsibility.
Assists in the development and maintenance of an IT Policy framework and a holistic set of IT Policies for the university.
Create, support and drive change leadership and transformational initiatives.
Leads and promotes efforts for innovation, creative problem solving, and continuous improvement in the organization.
Performs other duties as assigned.
Qualifications / Experience Required:
Bachelor's degree or equivalent work experience that provides extensive knowledge of fundamental theories, principles, and concepts.
Requires the application of expertise in a chosen field to achieve results.
Extensive knowledge and compressive understanding of functional area.
7
years of experience with leading planning, including program development and innovation, program prioritization, and assessment.
Appropriate profession accomplishments and credentials.
Qualifications / Experience Preferred:
7
years of experience as an Information Security Officer or in a related role.
Proven management experience in an IT field.
Professional Certifications in field of information security, e.
g.
CISSP, GIAC, strongly preferred.
Experience working in Higher Education and within a large university environment, preferred.
Experience managing cross-functional teams and influencing senior level management.
Knowledge / Skills / Abilities:
Excellent understanding and knowledge of the field of information technology security.
Knowledge of information technology networks, systems, security monitoring and identity systems.
Proven ability to strategically plan both new technologies and create a vision and roadmap for solution delivery.
Proven ability to translate business requirements into solutions that map to technology capabilities.
Familiarity with FERPA, state and federal guidelines on privacy, transactions, and security.
Knowledge of systems risk and risk assessment concepts.
Excellent leadership skills, the ability to work collaboratively within a team, and ability to inspire team members.
Must have broad, technical IT knowledge with analytical skills and business acumen.
Strong management skills with direct experience managing a diverse group of technology staff.
Strong written and verbal skills with proven project management experience.
Excellent analytical, organizational, and communication skills.
Demonstrated capacity for self-directed learning and ability to exercise independent thinking and judgment.
Demonstrated capacity to foster trust and develop the talents and expertise of staff so that they are able to assume expanded responsibilities.
Demonstrated and exceptional customer-focus and service orientation.
Strong interpersonal skills and the ability to work effectively and collegially with business stakeholders and colleagues is required.
Adheres to and complies with UCO's shared values and the Office of Information Technology's Code of Ethics.
This position is on-call 24x7x365 and requires the successful candidate to have high-speed internet access to their residence, and maintain a smart phone on which to receive telephone calls, email, SMS messages from servers and authorized OIT personnel.
Physical Demands:
Reasonable accommodations (in accordance with ADA requirements) may be made, upon request, to enable individuals with disabilities to perform essential functions.
Recommended Skills Analytical Auditing Business Process Improvement Business Requirements Certified Information Systems Security Professional Coaching And Mentoring Estimated Salary: $20 to $28 per hour based on qualifications.
Salary is disclosed within the application as an application question.
Position Overview:
Under the general direction of the Chief Information Officer, the Director of Information Security and Chief Information Security Officer (CISO) provides strategic leadership for centralized, enterprise-level technology service delivery for the Office of Information Technology.
Responsible for the development, delivery, and oversight of comprehensive information security and risk management plans for the University.
Accountable for ensuring alignment with IT vision and strategy within area of responsibility.
Ensures the area's technological level remains up to date, defines standards, and implements new policies, procedures, and techniques with 24x7 availability and support.
As part of the Leadership Team, the Director must effectively communicate and collaborate with leadership, and staff, across the university to support strong partnerships between IT and the community, and to ensure that the Office of Information Technology is positioned to meet the current and future needs of UCO.
Responsible for performing job duties in accordance with the mission, vision, and values of the University of Central Oklahoma.
Department Specific Job Functions:
The Director of Information Security and CISO has university-wide responsibility regarding all matters of information technology security.
Provides security oversight for all information technology assets, including infrastructure, end-point devices, applications, communications technology, etc.
This position works closely with the IT leadership team to create, articulate, and implement university-wide security vision and strategy to support the high quality and reliability of the services offered by UCO OIT.
Oversees the creation and maintenance of the university's information technology security policies and practices, lead security risk assessments and their management for the university and develop and manage university-wide education and training regarding information technology security policies.
Partner with the University stakeholders and other IT domains to define and establish an enterprise-wide Information Security Management Program (SMP) with supporting organization structure and clear ownership and accountability.
Direct/oversee all activities related to Information Security - Cyber Security, Incident Response, Risk Management, Policy Development / Enforcement, Security Monitoring, and Security Compliance.
Deploy an information security and risk management framework, leveraging industry best practices, which can support a cross-organizational strategy for information security management.
Develop, implement and maintain a university-wide information security plan.
Prepare, document, maintain and disseminate information security policies and procedures including information security controls, incident response planning, and identity and access management policies.
Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced.
Ensure information security compliance through implementation of university-wide information security training and periodic security audits.
These audits should be scheduled periodically and be both internal and external in nature.
Review and respond to breaches or incidents in the confidentiality, integrity or availability of institutional data including impact analysis and recommendations for avoiding similar vulnerabilities.
Ensure compliance with the changing laws and applicable regulations.
Identify vulnerabilities, threats and incidents in the university's information technology infrastructure and work with OIT service owners to resolve these issues.
Maintain a current understanding of the IT threat landscape for the industry.
Constantly update the cyber security strategy to leverage new technology and threat information.
Manage, coach, and mentor direct reports and others in the organization.
Ensure team members' technical skills are kept current by identifying and supporting appropriate training and other professional development opportunities.
Facilitate effective communications and knowledge sharing between IT Managers by facilitating regular leadership team meetings for those within area of responsibility.
Oversee key performance indicators and Service Level Agreement (SLA) metrics to meet management targets.
Report performance to senior leadership on a frequent basis.
Understand and proactively manage the funding/budget for area of responsibility.
Proactively negotiate and manage the contracts for all consultants and contractors working within area of responsibility.
Assists in the development and maintenance of an IT Policy framework and a holistic set of IT Policies for the university.
Create, support and drive change leadership and transformational initiatives.
Leads and promotes efforts for innovation, creative problem solving, and continuous improvement in the organization.
Performs other duties as assigned.
Qualifications / Experience Required:
Bachelor's degree or equivalent work experience that provides extensive knowledge of fundamental theories, principles, and concepts.
Requires the application of expertise in a chosen field to achieve results.
Extensive knowledge and compressive understanding of functional area.
7
years of experience with leading planning, including program development and innovation, program prioritization, and assessment.
Appropriate profession accomplishments and credentials.
Qualifications / Experience Preferred:
7
years of experience as an Information Security Officer or in a related role.
Proven management experience in an IT field.
Professional Certifications in field of information security, e.
g.
CISSP, GIAC, strongly preferred.
Experience working in Higher Education and within a large university environment, preferred.
Experience managing cross-functional teams and influencing senior level management.
Knowledge / Skills / Abilities:
Excellent understanding and knowledge of the field of information technology security.
Knowledge of information technology networks, systems, security monitoring and identity systems.
Proven ability to strategically plan both new technologies and create a vision and roadmap for solution delivery.
Proven ability to translate business requirements into solutions that map to technology capabilities.
Familiarity with FERPA, state and federal guidelines on privacy, transactions, and security.
Knowledge of systems risk and risk assessment concepts.
Excellent leadership skills, the ability to work collaboratively within a team, and ability to inspire team members.
Must have broad, technical IT knowledge with analytical skills and business acumen.
Strong management skills with direct experience managing a diverse group of technology staff.
Strong written and verbal skills with proven project management experience.
Excellent analytical, organizational, and communication skills.
Demonstrated capacity for self-directed learning and ability to exercise independent thinking and judgment.
Demonstrated capacity to foster trust and develop the talents and expertise of staff so that they are able to assume expanded responsibilities.
Demonstrated and exceptional customer-focus and service orientation.
Strong interpersonal skills and the ability to work effectively and collegially with business stakeholders and colleagues is required.
Adheres to and complies with UCO's shared values and the Office of Information Technology's Code of Ethics.
This position is on-call 24x7x365 and requires the successful candidate to have high-speed internet access to their residence, and maintain a smart phone on which to receive telephone calls, email, SMS messages from servers and authorized OIT personnel.
Physical Demands:
Reasonable accommodations (in accordance with ADA requirements) may be made, upon request, to enable individuals with disabilities to perform essential functions.
Recommended Skills Analytical Auditing Business Process Improvement Business Requirements Certified Information Systems Security Professional Coaching And Mentoring Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
