Chief Information Security Officer / Director of Information Security

Job description

Posting Details

Job CategoryProfessional/AdministrativePosition TitleChief Information Security Officer / Director of Information SecurityFull Time/Part TimeFull TimeDivisionDean of the FacultyDepartmentInformation Technology Services Department Statement

Colgate University’s Information Technology Services (ITS) is a dynamic organization that serves the diverse technology needs of the university community. Comprised of several functional areas – Classrooms, Digital Media & Events; Data Analytics & Decision Support; Engagement & Support; Information Security; Learning & Applied Innovation; Services & Shared Infrastructure – ITS prides itself on exceptional customer service and building collaborative relationships to meet the unique needs of our liberal arts campus.

ITS endeavors to foster an inclusive environment that values diversity, professional development, creativity, and innovation to support the growth of individuals and the organization. Under the leadership of the CIO, ITS is embarking on a strategic planning process to align services and resources with several exciting new initiatives identified in Colgate’s Third Century Plan.

Colgate University’s Chief Information Security Officer/Director of Information Security is responsible for thought leadership, policy and practice development, and operational leadership around issues of data privacy and information security such as data compliance, business continuity, user awareness, incident response, operational security, etc. This position will reside in the office of the CIO and will report to the Chief Information Officer. Job title commensurate with experience.

Accountabilities

The Chief Information Security Officer / Director of Information Security participates in ITS strategic planning efforts to align with Colgate University’s mission, Third Century Plan, and the DEI commitment to grow and strengthen the Information Security at Colgate University.
Specific Accountabilities include but are not limited to:
Maintaining an expert level of understanding of higher ed trends and the work of faculty, students, and staff that ensures a secure technology environment that enables creativity and success.;

Maintaining a comprehensive working knowledge of federal, state, local laws and regulations, and industry standards (together in this document referred to as Laws and Regulations), where compliance requires specific data or information security policies, practices, reporting, or audits. These Laws and Regulations include, but are not limited to, HIPAA, FERPA, Higher Education Opportunity Act (HEOA), CCPA, GDPR, PCI DSS.

Maintaining and continuing growth of the University’s identity and access management initiatives.

Developing detailed procedures for system access and permissions to support auditing and detection of compliance issues;
Developing effective procedures for regular system and server patches and vulnerability management, based on university best practices.

Advising on the effective use of network security equipment, including firewalls and intrusion protection systems.

Maintaining expert-level knowledge of Cloud infrastructures, including IAAS, PAAS, and SAAS, and help the University maintain a secure cloud presence.

Developing and delivering user-friendly training for end-users, data stewards, system administrators, and others as required in support of the above.

Establishing benchmarks and tracking metrics that reflect the effectiveness of University data and information security policy and practice and provide feedback for future development opportunities.

Conducting periodic security audits of the IT environment, develop reports, document results, recommend changes, supervision of implementation plans.

Lead the development, maintenance, and annual evaluation of incident response, including forensics and investigations in the event of a data breach or incident, as well as business continuity and disaster recovery plans.

Participate in University-wide working groups and committees representing and advocating for the interests of a secure and private data environment.

Represent the University as a participant of institutional security collaborations (REN-ISAC, Higher Education Information Security Council, NY 6, etc.).

Maintaining a working knowledge and technical understanding of the interrelationships and interdependencies between and among the systems, services, and products provided and supported by ITS.

Technical Competencies

NameInformation Security PrinciplesDescription

Demonstrated ability to determine how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. Campus-wide expert on information security. Demonstrated ability to adapt to changing environment, evaluate risk and develop priorities.

NamePlatform ExpertiseDescription

Demonstrated deep knowledge of information security combined with broad understanding of network and system administration, desktop, mobile and and enterprise environments

NameProject ManagementDescription

Demonstrated ability to provide deep functional and technical expertise within a project environment. Contributes to multiple projects simultaneously.

NameCustomer ServiceDescription

Displays empathy and patience with users of all levels of sophistication. Can successfully support highest profile users on campus. Demonstrated ability to consistently follow through with solutions and information for all types of users. Demonstrated ability to diffuse the most challenging situations and remain calm and focused. Demonstrated ability to assess user sophistication and communicate (oral and written) with customers in an appropriate level of detail. Always conveys confidence to the user in ITS ability to solve issues.

NameIncident ResponseDescription

Demonstrated ability to correlate events, recognize and categorize different types of vulnerabilities and associated attacks, and perform incident handling steps.

NameSecurity AssessmentDescription

Demonstrated ability to evaluate the adequacy of security designs and efficacy of security controls based on cybersecurity principles and tenets.

Behavioral Competencies

NamePersonal Accountability for ResultsDescription

Takes responsibility for decisions, performance, and outcomes; behaves in a responsible manner with a positive attitude; shows self-awareness and openness to feedback.

NameEffective CommunicationDescription

Demonstrates effective written and oral communication skills; shares information and seeks input from others; adapts communication to diverse audiences; protects private and confidential information.

NameProblem Solving and Decision MakingDescription

Analyzes and prioritizes situations to identify and solve problems; generates solutions to improve efficiency and quality; involves others in solving problems and making decisions; factors organizational goals into decisions; makes clear, transparent, and timely decisions.

NameChange ManagementDescription

Responds positively to changing university initiatives and readily adapts behavior to maintain effective performance; understands the long-term direction of the university and can relate this to the departmental area; adapts to new methodologies; identifies and acts on areas where change is appropriate.

NameLeadership and TeamworkDescription

Applies skills and knowledge to provide a climate to achieve departmental and organizational success; balances individual and department goals; helps others perform at their best; builds productive relationships to enhance individual and organizational effectiveness; treats others with respect; resolves conflicts among team members.

NameCreativity and InnovationDescription

Generates, explores, encourages, and implements innovative ways of creating strategic value for the university, division, department, and individual level; critically assesses the effectiveness of new initiatives.

NameDiversity and InclusionDescription

Demonstrates respect for people and their differences; understands the benefits of a diverse workforce; earns the trust and respect of others; includes and welcomes others; works to understand the perspective of others; promotes opportunities to experience diversity within our community.

Professional Experience/ Qualifications

Professional experience and a record of success in the accountabilities of the position.

Technical proficiency in enterprise systems and infrastructure sufficient to credibly work with technical staff to implement security policies and practices.

Excellent communication skills.

Ability to work both independently and within a team. Willing to collaborate, share ideas openly, and learn.

Must be capable of working tactfully and collegially with a diverse group of faculty, staff, and students on a regular basis.

Preferred Qualifications

Experience in a higher education setting.

One or more applicable Information Security certifications such as Certified Information Systems Security Professional (CISSP).

Education

A minimum of a Bachelor’s Degree in Information Technology, or a related degree preferred, or a combination of education and experience from which comparable skills are attained.

CertificationsPhysical Requirements

Ability to be on-call nights and weekends.

Other Information

Colgate is committed to attracting and retaining a diverse faculty, staff, and student population.

We strive to be an inclusive community — one that embraces and values diversity (in the broadest sense possible) in an environment of mutual respect, communication, and engagement. A variety of cultures and perspectives enriches the quality of campus life, and the opportunity to share different views and experiences is at the core of Colgate’s educational enterprise.

These differences can include but are not limited to: race; ethnicity; gender and gender expression; sexual orientation; socioeconomic status; geographic background; national origin; culture; age; mental, cognitive, and physical abilities; religious beliefs; and political beliefs.

As a result, we ask all candidates seeking consideration for the Chief Information Security Officer / Director of Information Security position to submit a diversity statement with their application materials.

To learn more about Colgate’s DEI plan visit https://www.colgate.edu/about/third-century-plan/plan-diversity-equity-and-inclusion

Requisition Number2020S049PostingTemporaryNoWork ScheduleJob Open Date10/13/2020Job Close DateOpen Until FilledYesSpecial Instructions SummaryEEO Statement

It is the policy of Colgate University not to discriminate against any employee or applicant for employment on the basis of their race, color, creed, religion, age, sex, pregnancy, national origin, marital status, disability, protected Veterans status, sexual orientation, gender identity or expression, genetic information, being or having been victims of domestic violence or stalking, familial status, or any other categories covered by law. Colgate is an Equal Opportunity/Affirmative Action employer. Candidates from historically underrepresented groups, women, persons with disabilities, and protected veterans are encouraged to apply.

Clery Act

CAMPUS CRIME REPORTING AND STATISTICS
The Campus Safety Department will provide upon request a copy of Colgate’s Annual Security and Fire Safety Report. This report includes statistics as reported to the United States Department of Education for the previous three years concerning reported: 1. crimes that occurred on-campus; in certain off-campus buildings or property owned or controlled by Colgate University; and on public property within, or immediately adjacent to and accessible from, the campus and 2. fires that occurred in student housing facilities. The report also includes institutional policies concerning campus security and fire safety, such as policies concerning sexual assault, life safety systems, and other related matters. To obtain a copy, contact the Campus Safety Compliance Manager via e-mail at [email protected]. You may also access the report from the Campus Safety web page at: www.colgate.edu/offices/support/campussafety.

Supplemental Questions

Required fields are indicated with an asterisk (*).

  1. * Are you currently a Colgate employee?
    • Yes
    • No
  2. * Have you ever been a Colgate employee?
    • Yes
    • No
  3. * Are you at least 18 years of age?
    • Yes
    • No
  4. * Please let us know how you heard about this position.
    • Albany Times Union
    • Binghamton Press & Sun
    • BlackCoachesinSports
    • Careerbuilders.com
    • Cazenovia Republican
    • Centralnewyorkhelpwanted.com
    • Chronicle of Higher Education
    • Chronicle of Philanthropy
    • Colgate Employee
    • Colgate Website
    • CoSIDA
    • Diverse Issues of Higher Education
    • HERC (Upstate New York HERC)
    • HigherEdJobs.com
    • Indeed.com
    • InsideHigherEd.com
    • LinkedIn
    • Mid-York Weekly
    • NACWA
    • naviGATE
    • NCAA News
    • Norwich Evening Sun
    • Oneida Daily Dispatch
    • Sherburne News
    • Studentaffairs.com
    • Syracuse Post Standard
    • Utica Observer Dispatch
    • Waterville Times
    • WomenLeadersinCollegeSports.com
    • Other
  5. If you selected "Colgate Employee" or "Other" for how you heard about this position, please provide the employee's name or where you heard about/saw the position.

    (Open Ended Question)

Applicant DocumentsRequired Documents
  1. Resume
  2. Cover Letter
  3. Diversity Statement
Optional Documents

     

     

     

    Diversity Profile: University

     

    AAUP COMPENSATION SURVEY DATA

    View more

    Learn more on Inside Higher Ed's College Page for University

    Arrow pointing right
    Job No:
    Posted: 10/15/2020
    Application Due: 1/13/2021
    Work Type:
    Salary: