Chief Information Security Officer
The Chief Information Security Officer is part of the Vice Provost for Library and Technology Services’ leadership team. This position manages and directs the operations of the Information Security and the Identity Management Office. The successful candidate will develop and manage an information security program that protects and ensures the confidentiality, integrity, and availability of critical information and systems for the University. The Chief Information Security Officer is responsible for contributing to the University's risk management initiatives and maintaining its compliance with relevant information technology laws and policies. The successful candidate will serve as the contact for Digital Millennium Copyright Act notices, leads both technical and administrative initiatives for: risk, vulnerability, and penetration assessment and remediation, IT incident response handling, Cloud and Systems integration, contract review, and security assessment, PCI-DSS systems deployment and compliance and campus security awareness campaigns. The Chief Information Security Officer will also maintain an understanding of legal issues pertaining to computing, networking, telecommunications and work with various University departments and committees to develop policies and procedures to ensure compliance with these issues and to educate the University community on these issues.
Accountabilities:
-
Deals with legal and policy issues pertaining to computing, networking and telecommunications
-
Serves as the copyright agent for the University to receive, resolve and dispatch all claims of copyright infringement as per the Digital Millennium Copyright Act
-
Serves as the primary coordinator of the Information Security Program to ensure compliance with the Gramm Leach Bliley Act pertaining to financial records and confidential information
-
Serves as the primary coordinator pertaining to the development and implementation of policies and procedures to ensure compliance with the security standards within the Health Insurance Portability and Accountability Act pertaining to individually identifiable protected health information
-
Maintains the Lehigh University Information Security Plan which documents compliance with various state and federal statutes pertaining to electronic security and privacy
-
Actively monitors security, policy and legal websites for proceedings and legislative initiatives which could have a legal bearing upon computing, networking and telecommunications activities at the University
-
Deals with all levels of law enforcement and handles all subpoenas, warrants, or orders requiring the examination of computer logs or user files in conjunction with appropriate University committees; develops policies pertaining to computing, networking and telecommunications
-
-
Deals with security issues pertaining to computing, networking and telecommunications
-
Monitors various system logs and reports looking for evidence of unauthorized access, possible copyright infringement, and computer worms, virus or malware infestation
-
Scans computing systems and networks looking for evidence of unsecured computers and computer worms, virus or malware infestation
-
Utilizes and cross references computer logs to identify individuals responsible for various activities ranging from copyright infringement and generating excessive network traffic through violations of legal statutes
-
Blocks and restores access to network connectivity from computers involved in policy or legal violations
-
Handles personnel issues regarding both administrative and academic systems
-
Identifies and recommends methods to make computing systems at Lehigh more secure
-
Coordinates response to computing, networking and telecommunications security incidents; including the coordination with the Campus Judicial System, the General Counsel Office, the Internal Audit Office and Law Enforcement Agencies
-
Participates in the evaluation and implementation of security related technologies such as authentication and authorization mechanisms, encryption, certificate services, anti-virus and malware software, network filtering, firewalls and proxy servers
-
Works closely with the programming staff on the identification and implementation of appropriate security software and appliances
-
Develops and implements security related audit reports; reports violations to the information systems auditor and to the Dean of Students Office
-
Develops and implements security related audit reports; reports violations to internal auditor office and to the Dean of Students Office
-
Develops and coordinates testing procedures to ensure campus-wide accessibility to data and software
-
Develops and leads a core security response team which may be augmented by staff from other areas of the University
-
-
Provides leadership, direction and supervision for team members to ensure compliance with government regulations and University Policies related to Information Security; implements best practices to protect Lehigh's digital information environment; responds to Information security threats; ensures secure and appropriate access to University computing systems
-
Working with the IDM manager, provides guidelines, tools and training for best practices, accuracy and efficiency in account provisioning and maintenance
-
Provides guidelines and training to ensure the protection of privacy and confidential information
-
Assigns duties to team members
-
Selects, orients, supervises and evaluates job performance of team members
-
Communicates with Library and Technology Services leadership and staff regarding planning efforts, new directions, recommendations and significant events in Identity Management, Security, and Information Policies
-
Coordinates outreach activities to clients with a view to service design and improvement
-
Leads planning committees and project committees related to Lehigh's Information Security Environment
-
Monitors team activities and coordinates team communication
-
Encourages team building and good working relationships
-
Determines and recommends training needs for staff
-
-
Provides managerial oversight for Library and Technology Services Security and Identity Management Teams
-
Develops and manages Lehigh’s Computer Emergency Response Team
-
Provides leadership and direction to a Library and Technology Services cross functional security support team
-
Provides oversight of Lehigh’s Identity Management Team working in conjunction with the IDM team manager
-
Advises data stewards, data managers, programmers and administrative staff regarding security issues
-
-
Deals with communications and support issues pertaining to computing, networking and telecommunications
-
Develops campus-wide announcements in response to security and support issues regarding computing, networking, and telecommunications
-
Develops training and provides technical support for confidential and protected systems
-
Develops methods to authorize user access based on Lehigh's computing and telecommunications policies and procedures
-
Trains users about specifics of access to particular systems and promotes ethical use of protected information
-
Educates the user community on the ethical use of computing, networking and telecommunications resources
-
Provides technical support to the Lehigh Community on all issues pertaining to computing security, viruses and worms, copyright and other laws and general computing issues
-
Oversees the development of a security awareness program for the University community
-
-
Will maintain and advance professional development by maintaining relevant Security Industry certifications and compliance training, relevant to the position and the needs of the Information Security group and the University
-
Will continue to abide by all ethical standards put forth by Security industry certification bodies such as ISC2, SANS, ISACA, PCI-DSS and others as appropriate
-
Will continue to maintain Continuing Professional Education and other re-certification qualifications as required to maintain appropriate information security related credentials
-
Will continue to advance and protect the information security professional and provide awareness, training and education to others within the University community
-
Qualifications:
-
Bachelor's Degree in Computer Science or related degree, or equivalent combination of education and experience
-
Five to eight years related work experience
-
Project management training and/or certification preferred
-
CISSP, CISM, or SANS Certifications preferred
-
Five to eight years related work experience
-
Excellent communication and interpersonal skills
-
Excellent writing ability and organizational skills
-
Solid analytical, decision making and problem solving skills
-
Solid computer skills with experience using word processing and spreadsheet software
-
Successful completion of standard background checks including but not limited to: social security verification, education verification, county and national criminal background checks, PATCH, FBI fingerprinting, Child Abuse Clearance. Based upon the requirements of the position Lehigh may also request credit history reports, motor vehicle checks and professional license/certification verification