Director of Identity, Security & Compliance
The Director of Identity, Security and Compliance (ISC) reports to the Chief Information Officer (CIO) and is the head IT security officer for the university. The Director of ISC will be responsible for the planning, development and implementation of the university's overall information systems security program to promote K-State information systems reliability and accessibility, while protecting and defending against unauthorized access to systems, networks, and data.
Responsibilities include: incident management, risk assessment, security controls, awareness training, security policy and compliance, and IT security architecture, policies, and standards.
Information about the Department:
The Office of Information Security and Compliance works to help all K-Staters understand the importance of using good security practices and common sense when they use their computers on the Internet. The ISC team is responsible for risk management, compliance, information security operations and the overall coordination for all information security at Kansas State University.
Diversity and Inclusion:
Kansas State University embraces diversity, and promotes inclusion in every sector of the institution. The university established the Office of Diversity, led by the associate vice president for diversity and a dedicated staff. Additionally, each college has a designated Diversity Point Person to provide insight and guidance.
Kansas State University received the prestigious Higher Education Excellence in Diversity, or HEED, award from Insight Into Diversity magazine for the past three years. Multicultural students account for 15 percent of our student population, a university record and continuing trend.
The successful candidate will:
IT Security Program
- Lead the planning, design, development, integration, testing, documentation, training, implementation and maintenance of university IT security systems and products.
- Provide leadership through strong working relationships and collaboration across the university community to develop strategic goals for information security compliance and risk mediation.
Security Architecture, Policy, Procedures, Standards, and Guidelines
- Develop and maintain an IT Security Architecture for the university.
- Lead and coordinate the development and maintenance of information systems security policies, procedures, standards, and guidelines, ensuring compliance with federal and state laws and regulations and Regents and university policies and standards.
- Analyze new federal and state statutory requirements, university policies, and other security initiatives to determine changes necessary for adoption/compliance and makes appropriate recommendations.
- Develop and maintain the campus Incident Management Plan and chair the Security Incident Response Team (SIRT).
- Ensure monitoring of security-related information sources for security alerts and assess security breaches/ events,oversee appropriate corrective actions, inform the campus community, and identify needed changes based on new security technologies or threats.
- Serve as the liaison with external agencies and organizations, including law enforcement, as needed for incident response and planning.
- Supervise and lead the work of the IT Security Team in ITS.
- Oversee the performance of assigned staff, including providing regular, constructive feedback and coaching towards goal attainment and professional development.
- Manage project teams dealing with IT security issues, optimizing the contribution of people involved.
Communications, Training, and Outreach
- Oversee the development and implementation of training programs and communications to make systems, network, and data users aware of and understand security policies and procedures.
Research and Analysis
- Lead or conduct special projects or studies related to information systems security.
- Stay well-informed of best practices in the IT security field, coordinate and/or evaluates new and emerging security practices and technologies, and recommends and promotes adoption as appropriate.
- Provides expert advice related to information and systems security to university executives and serves as an internal consulting resource on information security issues.
- Serve as a member of the CIO's Executive Leadership Team and the Enterprise IT Leadership and Operations Management Teams.
- Represent the university with federal, state, local, and professional organizations in the area of IT security.
Required Minimum Qualifications:
- Bachelor's degree in computer science or related field, or bachelor's degree in an unrelated field plus at least ten (10) years' experience in information technology services
- Two years' experience in systems analysis, designing, coding, testing, and maintaining enterprise software applications
- Experience designing, implementing, and/or managing major components of an IT security program or managing an IT operations or service unit in a distributed technology environment
- Competence/experience in the areas of risk analysis and security management for data, information, and applications; IT security standards and best practices; privacy and security legislation; security architectures and technologies; incident detection and response; and disaster recovery support
- Experience coordinating the development and implementation of IT policies and procedures
- Experience evaluating and implementing new practices and technologies to improve an organization's over- all IT security program
- Experience working collaboratively with a wide range of individuals
- Experience building coalitions and professional relationships with internal and external constituencies to achieve results
- Strong interpersonal skills
- Strong analytical skills
- Must be able to acquire and maintain a top-secret security clearance
- Effective communicator (orally and in writing) with non-technical and technical audiences, including senior executives, managers, staff, vendors, and colleagues
- Post-baccalaureate degree in technology, business administration, or related field
- Certification relevant to IT security (CISA, CISM, CISSP, GIAC/GSEC, etc.)
- Experience working with IT security laws and regulations applicable in higher education
- Experience providing IT security services in a university setting with a distributed technology environment
- Experience developing and promoting awareness and training programs related to IT issues
Special Instructions to Applicants:
Applicants must submit:
- A cover letter reflecting how skills meet the requirements of the position
- The names, phone numbers, and email addresses of at least three professional references
Applicants must be currently authorized to work in the United States at the time of employment.
Screening of Applications Begins:
Screening of applicants will begin immediately.
Salary Range / Pay Rate:
$100,000 - $150,000
Equal Employment Opportunity:
Kansas State University is an Equal Opportunity Employer of individuals with disabilities and protected veterans and actively seeks diversity among its employees. Equal Employment Opportunity is the Law.
Background Screening Statement:
In connection with your application for employment, Kansas State University may procure a Background Screen on you as part of the process of considering your candidacy as an employee.