AVP, Information Security and Policy Officer
The AVP for Information Security and Policy Officer performs all job responsibilities with a high degree of independence to provide specialized consulting, materials, programs, and analysis related to the areas of computer, information, and network security. Coordinates the development, implementation, and administration of high-level security policies, practices, standard, and programs for all units of the University. Participates in project development to ensure security best practices are maintained. Coordinates the development and execution of effective security awareness programs. Participates as a member of Technology Services (TS) Leaderships. Provides pertinent security information and input to the strategic and tactical planning; budget preparation; initiatives and projects planning. Facilitates and directs the timely dissemination of security information. Coordinates the assessment of computer systems and network security risks. Investigates and develops contingency plans by undertaking risk analysis, security investigations; surveys; and threat assessments. Coordinates policy development and security investigations with the offices of the Vice President of Information Technology, the General Counsel, and Internal Audit. Attends conferences and training as required to maintain proficiency.
REQUIRED KNOWLEDGE, SKILLS, ABILITIES/COMPETENCIES TYPICALLY NEEDED TO PERFORM THIS JOB SUCCESSFULLY:
- Bachelors Degree in Computer Science, Information Technology or related field
- Ten (10) years of varied information technology experience, including extensive supervisory experience and at least seven (7) years of directly related computer and network security experience
- Certified Information Systems Security Professional (CISSP)
- Excellent working knowledge of Healthcare Information Security and HIPAA compliance
- Familiarity with data administration concepts, systems development life cycles (SDLC), data dictionaries, and database management software is desirable
- Strong understanding of corporate application systems and security requirement
- Strong leadership and supervisory skills and the ability to be effective in a decentralized environment
- Highly proficient team building skills
- Demonstrated skills in budget development, financial management and resource management
- Excellent oral and written communication skills
- Excellent organizational and time management skills; demonstrated ability to prioritize and effectively manage multiple projects simultaneously and meet established deadline.
Preferred Qualifications
- Master's Degree in Computer Science, Information Systems or related fields
- Multiple security specific certifications
- HIPAA knowledge with respect to clinic and hospital operation
- Computer Forensics experience
- Law enforcement technology experience
- Knowledge of Data Privacy legislations
- Knowledge of Data Governance
- Experience in the specific technical areas such as system programming and administration, applications development, database administration, network operations, user support, and data center operations are desirable