Position Information: DescriptionThe cybersecurity officer plays a key role at UND to safeguard sensitive data and systems from malicious attackers, to expand the university’s security posture, to ensure adherence with regulatory compliance requirements and mandates, as well as develop policies and procedures related to data security and privacy. Post-COVID, as we accelerate digital transformation efforts and build a more automated, cloud-based, data-driven learning environment supported by on-site and remote students, faculty, and staff, it is now, more than ever, critical to have the right skills to keep our campus and community safe from malicious attacks.The Cybersecurity Officer position exists to provide strategies necessary to ensure confidentiality, integrity, and availability of University electronic information by communicating risk to senior administration, creating policies, procedures, and standards, and ensuring compliance with applicable laws and policies. The position will be required to coordinate activities with other departments and North Dakota University System to evaluate, procure, and deploy security related products. Additionally, the Cybersecurity Officer will coordinate information security awareness and education programs at UND.Duties & Responsibilities
Supervise IT Security Analyst
- Develop and maintain IT security policies, standards, procedures & guidelines.Gain consensus from campus community as part of policy development.Secure appropriate administrative approval of policies, standards and guidelines.Chair and participate in departmental, interdepartmental and campus committees.Develop, implement, test, and evaluate procedures to deal with IT incidents and emergencies, e.g., virus/malware infections, ransomware, system intrusions, and system failures, etc.
Develop and maintain UND IT security policies, standards, and guidelines in consultation with the CIO, UND legal counsel, UND records retention officer, NDUS/CTS information Security Office, and state professional colleagues and constituents.
- Serve as a member on the NDUS Information Security Council (ISC)
Supervise IT Security Analyst: manage, assign workload and perform tasks related to staff administration of assigned personnel.
Provide oversight of IT Security Analyst resolution of IT security incidents, complaints, and queries.Direct and verify the implementation and operations of IT security technologies, assessments, monitoring, and improvement activities.Task and oversee IT Security Analyst’s performance of campus awareness programs and initiatives related to IT security.Direct and supervise implementation of IT security policies, standards, procedures, and guidelines.Provide guidance, training, mentorship, and assistance to IT Security Analyst related to IT Security field and latest issues and trends.
- Develop and oversee campus education and awareness programs and initiatives related to IT security.
- Administer and coordinate publication, awareness, and education activities for IT security.
- Provide oversight and assist schools, departments, administrative offices and central IT services in applying best practices in securing data and information systems under their control.
- Build IT security coalitions that focus and foster communication throughout the campus.
- Maintain UND Information Security website.
- Conduct phishing assessment campaigns.
- Be the face of UND Information Security.
- Attend and coordinate tabletop exercises to educate UND leadership and community.
- Coordinate security activities with NDUS/CTS Information Security Office.
- Oversee Implementation of Safeguarding UND Initiatives.
- Serve as security liaison on UND committees.
- Coordinate the communications for, and resolution of, IT security incidents, complaints, and queries.Serve as UND focal point for IT security incident response planning and execution.Keep abreast of information security and privacy legislation (e.g. HIPAA, PCI, GLB, FERPA) and work closely with others responsible for compliance (e.g. health and medical offices, PCI Committee, CIO, Registrar).Maintain awareness of laws affecting IT security.Respond to and complete Open Records/FOIA search requests received from authorized UND entities.Develop direct working relationships with investigating authorities.Develop a working knowledge of evidence retrieval, documentation and evidence control, and assist in compliance and enforcement.Manage, configure, and review logging to identify and respond to security incidents. Manage a Security Information and Event Management (SIEM) system.
Maintain confidentiality regarding sensitive situations and information.
- Act as focal point for DMCA and electronic copyright infringement reporting.
- Oversee implementation, development, and management of IT security technologies, assessments, monitoring, and improvement activities.Create and implement UND security strategic plans.Review applications and/or technology environments during the development or acquisition process to assure compliance with IT security standardsParticipate in investigating, evaluating, recommending, and implementing new technologies and techniques with respect to security.Maintain and improve security systems and technologies.Conduct vulnerability assessment and penetration testing activities.Assist schools, departments, administrative offices and central IT services to use assessment and testing data to improve overall campus IT security and compliance.Produce reports and presents findings, results and recommendations from threat, vulnerability, penetration testing, and risk assessments of IT systems.
Develop an IT security risk assessment and vulnerability management program which will define, identify and classify critical information assets, and assess threats and vulnerabilities regarding those assets and implement safeguard recommendations.
- Serve as a member of the Data Governance Committee to provide guidance on data security.
- Maintain proficiency in trends & issues in IT Security.Participate in professional IT security organizations, especially those in higher education and government.Keep abreast of security vulnerabilities and threats and technologies and practices to mitigate.Maintain awareness of current trends and issues in IT.
Participate in continuing education in the IT security field.
- Strong communication skills
- Customer service oriented
- Proficiency in analytical reasoning.
- Ability to work under pressure by maintaining efficiency, confidentiality, and composure.
- Strong attention to detail with excellent oral and written communication skills.
- Strong interpersonal skills and demonstrated excellence in customer service.
- Ability to communicate with non-technical and technical users.
- 10 years of varied information technology experience in computer and network infrastructure, operating systems, application software development, risk management, project management, and providing training.
- 3 years of experience in information security-related duties.
- Valid Drivers Licence
- Successful completion of criminal history records check.
In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the US and to complete the required employment eligibility verification form upon hire.
- Master’s Degree in Cybersecurity or related field of study.
- Experience in a university setting.
- Security or technology industry certifications (e.g., CISSP, CISM, SANS GIAC, CompTIA, or similar)
Minimum Hiring Salary/Position Classification
Commensurate with experience, Exempt, Full-time, Benefited
Includes single or family health care coverage (premiums paid for by the university), basic life insurance, EAP, retirement plan, tuition waiver, annual and sick leave. Optional benefits available: supplemental life, dental, vision, flexible spending account, supplemental retirement plans.
For full consideration, all application materials must be fully submitted by 11:59PM on the closing date.
To find out why living and working in Greater Grand Forks is way cooler, check out Grand Forks is Cooler.
All information listed in this position announcement will be used by Human Resources, the Hiring Department, and EO/Title IX for screening, interviewing and selection purposes.
Confidentiality of Application Materials
Pursuant to NDCC 44-04-18.27, applications and any records related to the applications that identify an applicant are confidential, except records related to the finalists of the position, which are open to the public after the search committee has identified the top three finalists who will be invited to campus.
The University of North Dakota is an Affirmative Action/Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or other protected characteristic. Women, minorities, veterans, individuals with disabilities, and members of other underrepresented groups are especially encouraged to apply. Applicants are invited to provide information regarding their gender, race and/or ethnicity, veteran’s status and disability status as part of the application process. This information will remain confidential and separate from your application.
Veterans claiming preference must submit all proof of eligibility by the closing date. Proof of eligibility includes a DD-214 or NGB 22 and if claiming disabled status, a current letter of disability from the VA dated within the last 12 months.
In compliance with the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act, the University of North Dakota publishes an Annual Security and Fire Safety Report. The report includes the university’s policies, procedures, and programs concerning safety and security, as well as three years’ of crime statistics for our campus. As a prospective employee, you are entitled to a copy of this report. The report and statistical data can be found online at UND.edu. You may also request a paper copy of the report from the UND Police Department located at 3851 Campus Road, Grand Forks, ND, 58202.