Information Privacy and Compliance Analyst
Category:: Staff and Administrators
Department:: 2150 (IT-Information Technology Servic)
Locations:: Worcester, MA
Posted:: Oct 21, 2020
Closes:: Open Until Filled
Type:: Full-time - Exempt
Ref. No.:: 199258
About Clark University:
Founded in 1887, Clark was one of the first all-graduate institutions in the United States. Today the University is a highly-ranked, student-centered institution educating approximately 2,350 undergraduate and 1,150 graduate students to be imaginative and contributing citizens of the world and to advance the frontiers of knowledge and understanding through rigorous scholarship and creative effort. This commitment to scholarship and inquiry reflects the University's commitment to "challenge convention and change our world" and to address issues of critical importance to society. It is also reflected by Clark's many national and international distinctions, including recognition for its diversity and inclusion efforts, innovation, community engagement and impact, as a top green campus, and for having a distinguished geography and international development program. Clark has also been included in the groundbreaking Colleges that Change Lives guide since it was first published in 1996.
Clark is located in Worcester, Massachusetts, a dynamic, diverse city "on the rise." The second largest city in New England, Worcester is home to 11 institutions of higher learning and is increasingly recognized for its growing healthcare and biotechnology communities, its thriving cultural scene, and as a vibrant food hub
- Monitor and advise on information security/privacy issues related to information assets, data systems, information workflows and business processes to ensure administrative security/privacy controls for the University are appropriate and operating as intended; and to identify and mitigate security and privacy risks.
- Stay abreast of external regulations, data security/privacy standards, and relevant data/breach notification laws applicable to higher education; assess potential risks; translate appropriate information security and data privacy requirements into coherent University policy and data management processes.
- Develop and revise University policies and procedures related to data security, privacy and management.
- Work with data owners on revised process improvements; participate in incident response activities as required.
- Review all 3rd party vendor services/contracts (applications, hosting, systems, etc.) that involve the collection, processing, transmission, or storage of Confidential or Restricted data as defined by the University's Data Classification Policy; develop and implement an ongoing contract monitoring process / risk assessment; develop and keep current, core contract language that should be included as terms/definitions in relevant contracts.
- Monitor, assess, and document the data-related components of the University's business continuity and disaster recovery program; ensure external regulatory requirements, industry standards and functional business partners' operational needs are appropriately represented.
- Develop communications and information briefs that outline University impact of external regulations, data security/privacy standards, and relevant data/breach notification laws; develop and implement training and awareness programs to support University's understanding and compliance; partner with other IT staff on phishing simulation campaigns and other CBT data security/privacy training.
- Serve as staff support to the University's Information Security/Privacy Council.
- Participate in annual University audit and other data security/privacy reviews as needed.
- Manage end user information security and data privacy training programs to include, but not limited to, in-person sessions, computer-based modules, and phishing simulations.
- As appropriate, participate in external professional organizations that are relevant to the objectives of Clark's information security/privacy program such as EDUCAUSE, REN-ISAC, etc; provide reports and presentations on the status of security/privacy trends/technologies.
- Other duties as needed by the department and defined by the supervisor.
- Bachelor's degree plus 3 years of relevant experience working in information technology, security, or risk management. Comparable success and work experience may be considered in lieu of degree requirement. Experience in a higher education environment preferred.
- Demonstrated ability to ability to translate information security/privacy compliance requirements and University business needs into enterprise-wide data security/privacy standards and policy.
- Working knowledge of information security/privacy standards and best practices (e.g., NIST, SANS) as well as regulations related to information security and data confidentiality (e.g., MA 201 CMR 17, FERPA, HIPAA, PCI, GDPR, etc.).
- Experience reviewing and monitoring third-party vendor contracts for appropriate data security/privacy considerations preferred.
- Must possess a high degree of integrity relative to computer security and the confidentiality of information.
- The ability to see how various parts interact with the whole (big picture thinking) as well as engage with projects at the micro level when necessary.
- Exceptional verbal and written communications and consultative customer service skills. This includes, but is not limited to: the ability to communicate effectively with people at varying levels of technical fluency - including the ability to explain complex technical issues in a way that non-technical people may understand; the ability to establish collaborative working relationships at all contact levels of the University; and the ability to effectively communicate progress/challenges to appropriate personnel.
- Demonstrated passion for problem solving; excellent project and portfolio management experience with the ability to work autonomously in a fast-paced environment with multiple priorities and deadlines.
- Team player with excellent consulting skills and a fun, but professional presence required.
- Knowledge of IT governance and operations.
- Ability to work nights and weekends on an as-needed basis.
This is a Full-time position with excellent benefits, which include employee and family tuition benefits, 4 weeks' vacation, generous retirement plan, free use of campus fitness center and many more.
Clark University embraces equal opportunity and affirmative action as core values: we believe that cultivating an environment that embraces and promotes diversity is fundamental to the success of our students, our employees and our community. This commitment applies to every aspect of education, services, and employment policies and practices at Clark. Our commitment to diversity informs our efforts in recruitment, hiring and retention. All positions at Clark share in the responsibility for building a community that values diversity and the uniqueness of others by exhibiting integrity and respect in interacting with all members of the Clark community to create an atmosphere of fairness and belonging. We strongly encourage members from historically underrepresented communities, inclusive of all women, to apply.
To be considered for this position, you must submit your credentials online. Create a Clark University Careers Account by clicking on the APPLY NOW button below. You will be able to upload the following documents, which are required for consideration:
- Cover letter
See the FAQ for using our online system. Please contact us if you need assistance applying through this website.
Already have a Clark University Careers Account? Login to your account to add documents or update your account.
Review of applications will begin immediately and continue until the position is filled. Salary will be commensurate with skills and experience.