Information Security Officer

Location
Boston
Posted
Sep 07, 2017
Institution Type
Four-Year Institution


Emerson College

Information Security Officer

Description:
This director level position is responsible for all aspects of information security on a campus with 4,500 students, 700 full time employees, and a total average network device count of approximately 10,000 devices. This position will develop a comprehensive information security program, create administrative policies for all campus personnel, and partner with the campus community on risk management, incident response, and other security initiatives.
This position reports to the AVP for Information Technology and is a member of the IT leadership team, along with three other directors and three managers. Working with all employees the institution, the director will provide strategic direction, oversee and maintain the implementation of improved security.

Campus Location:

Required Knowledge:
Exceptional writing and presentation skills
Extensive knowledge of ISO 2700X, ITIL, COBIT/Risk IT & NIST frameworks.
High level of initiative and self-direction
Strong analytical skills
Strong consensus building skills
Continuous improvement and growth

Preferred/Desirable Knowledge:
Example of a written policy document, approved by an institution, that you authored. Example of a presentation on security that you’ve made. CISSP certification Professional experience with EDUCAUSE Security group, REN-ISAC, ISACA, and/or Infraguard.

Required Prior Work Experience:
5 years experience in an IT position with significant information security responsibilities.

Diversity Statement:
Emerson College believes diversity enriches the educational experience by providing students with the opportunity to learn from individuals who may have different backgrounds, experiences, and perspectives. Engagement with diversity in the curriculum, in our co-curricular offerings, and all other aspects of the College enhances the personal and intellectual growth of all members of our campus community. Emerson is committed to strengthening communities, including our workplace, by fostering the development of the intercultural competencies necessary for meaningful citizenship in an increasingly complex, pluralistic society.

Open Date:

Classification Title: Director 1

Salary Grade: 19

Job Family: Executive

Job Duties:
  • Develop, implement and monitor a strategic, comprehensive enterprise-wide information security and IT risk management program to ensure appropriate integrity, confidentiality and availability of data.
  • Provide leadership for security governance through the creation of a new committee or integration into an existing campus committee.
  • Work directly with business units to facilitate IT risk management processes, and work with stakeholders on identifying acceptable levels of residual risk.
  • Develop, maintain, and amend security policies to improve campus security posture based on thorough analysis and continuous work with campus stakeholders.
  • Audit compliance and assess risk with respect to federal and industry requirements.
  • Provide regular reporting on current status of information security program to institutional risk team, senior leaders & the board of trustees.
  • Oversee training in, dissemination of, and compliance with security policies and practices.
  • Create and manage security awareness training programs for all employees, students and approved system users.
  • Provide strategic risk guidance for IT and institutional projects, including evaluation & recommendation of technical controls.
  • Work with the IT infrastructure and enterprise applications teams to ensure alignment between security & enterprise systems.
  • Lead security incident response, create and chair the Computer Incident Response Team, and lead campus-wide coordination during security incidents.
  • Maintain regular coordination and be the primary point of contact in work with general counsel, campus police, external auditors, the risk management team, and communications department.
  • Serve as a liaison to federal, state, local, and professional organizations for information security/cybersecurity matters.
  • Develop extensive security metrics on the regular operating environment and incident data, correlate data sets and identify trends to inform risk assessments.
  • Provide recommendations for security budgetary needs.
  • Provide guidance on the technical security infrastructure, working closely with the systems security administrator, to include initiation of new security technologies such as SIEM and DLP.
  • Monitor external threats for emerging threats, and advise stakeholders on appropriate courses of action.

    To apply, please visit: www.emerson.edu




    jeid-41910e79f0200540811c527d76bf438e