Director, Information Security and Compliance
Department: Information Technology Services
Position Summary: This key management position will plan, develop, implement, monitor, and assist in remediation of security for Governors State University (GSU) systems, networks, data, and infrastructure. This position will work closely with Information Technology Services (ITS) and University constituents to define and implement security architecture, policies, procedures, and guidelines. This individual will work closely with University and State auditors to ensure compliance to federal and state requirements. The Director, Information Security and Compliance will advise and work closely with various ITS teams and individuals to test, and validate security and maintain compliance. Coordination of network penetration testing, change control, and disaster recovery is included. Evaluate and recommend reduction of information and data risks against unauthorized access. Lead efforts to ensure University systems, data, networks, and infrastructure is sufficiently secured against unauthorized access and actions to disrupt technology service delivery. Through the use of approved policies, procedures, and guidelines, recommend technology solutions to achieve acceptable security. Work closely with constituents and leadership across ITS and the University in the implementation and testing of security solutions. Coordinate security testing with ITS, University, and external testing resources to ensure systems, data, networks, and infrastructure are acceptably secured. Provide recommendations of policies and procedures necessary to comply with federal, state, local, and University requirements. Monitor and assist the University in the implementation of policies and procedures once approved. Participate as a key member of the Disaster Recovery team. Monitor and analyze changes to regulations whereupon recommend changes necessary to ensure compliance. Serves as a member of the ITS management team, contributing to planning, program development and assessment, budget formulation and tracking, and allocation of resources in support of the universityas mission. Submits and follows up on Purchase Order requisitions. Submits work orders or appropriate requests to University departments. Tracks employee days off, approving staff days off requests (if required). Provide assistance in maintaining office environment including office supplies replenishment. Manages and oversees projects as assigned. Remains up-to-date on current trends and issues in the IT industry related to information security and compliance, including prevailing technologies and prices. Advise, counsel, and educate ITS and university management of data breach risks, compliance, remediation solutions, and recommendations. Other duties as assigned
Minimum Qualifications: a¢ Bachelor degree in Computer Science, Information Technology or related field. a¢ Minimum 10 yearsa experience in IT. a¢ Minimum 5 yearsa experience in IT in a technical or security role. a¢ Strong understanding of information technology security industry trends. a¢ Demonstrated ability with compliance assessment, policy creation, and interaction with internal/external auditors. a¢ Experience working with firewalls and switches, especially Cisco technologies. a¢ Understanding of application security methodologies. a¢ Knowledge, skills related to effective project management techniques and methods.
Preferred Qualifications: a¢ Work experience in Education environment, preferred Higher Education. a¢ Advanced degree in Information Security, Information Technology, or related field. a¢ Certification related to IT security such as CISSP, CISM, CISA, CCNA. a¢ Knowledgeable with PCI, FERPA, and HIPAA. a¢ Experience with intrusion protection and detections systems. a¢ Experience with securing Active Directory and DNS. a¢ Experience with security related to cloud services and cloud data. a¢ Hands on working knowledge of malware and antivirus. a¢ Demonstrated record of leadership in the development of innovation and change. a¢ A record of effective collaborative efforts involving diverse faculty, staff, students and other campus stakeholders. a¢ Capacity to thrive in an environment of change and to foster that capacity in others. a¢ Demonstrated experience leading and managing projects utilizing standard project management tools and techniques.
Work Schedule: This is a full-time position. Days and hours of work are Monday through Friday, 8:30 a.m. to 5:00 p.m. with a 30 minute (unpaid) lunch.
Type of Position Being Requested: Administrative Appointment
Full Time/Part Time: Full Time
Collective Bargaining Status of Position: Non-Unionized
FLSA Status: Exempt
Posting Number: AP0160P