Director of Information Security
Serve as primary advisor to the Chief Information Officer (CIO) and ITS Senior Directors on security-related practices and policies that will mitigate information security-related risks to the University's information systems, applications, databases, and networks.Serve as the University Data Protection Officer in order to address European Union GDPR (General Data Protection Regulation) requirements.Report to the CIO and work directly with both ITS and non-ITS departments to coordinate security efforts and resources in order to maximize information security and data protection. This position supervises professional, technical and support staff as assigned.
Essential Duties & Responsibilities:
- Revise and re-develop, implement and maintain a University-wideinformation security and data protection plan based on EDUCAUSE Higher Education Information Security Council (HEISC) standards for best practices for data privacy protection, such as EU GDPR requirements.
- Prepare, document, maintain and disseminateinformation security policies and procedures.
- Revise the University Information Security Incident Response Policy to reflect the new response requirements dictated by EU GDPR requirements.
- Prepare and coordinate implementation ofuniversity-wide information security training.
- Implement procedures and processes to improve USD's response to EU GDPR's seven fundamental requirements of (1) consent, (2) breach notification, (3) right to access, (4) right to be forgotten, (5) data portability, (6) privacy by design, and (7) data protection.
- Lead and collaborate on periodic Information Security Audits with the CIO and ITS Sr. Directors.
- In coordination with the Information TechnologyServices leadership team, prepare plans to protect University informationtechnology assets against data breaches.
- Oversee, manage, and prepare information on IT Security and IT compliance matters specific to GLBA (Gramm-Leach-Bliley) act, FERPA, HIPPA, European Union GDPR, PCI-DSS, etc.
- Serve in the role of University Data Protection Officer specific to data standards and compliance requirements.
- Create plans and IT security processes to align with emerging data privacy requirements (such as GDPR) as applied to US Universities.
- Participate in EDUCAUSE Higher Education Information Security Council (HEISC) and Internet 2 security group conferences and webinars.
- Oversee forensics and prepare responses to breaches in theconfidentiality, integrity or availability of institutional data.
- Use and improve existing ITS monitoring and alert/SIEM systems (e.g. Oracle Advanced Security, Solar Winds, Checkpoint SmartEvent, etc.)
- Work with IT security vendors/providers to oversee annual penetration and vulnerability testing.
- Improve or re-develop an internal scanning process using USD's NESSUS vulnerability scanner.
- Identify vulnerabilities, threats and incidents within the university'sinformation technology infrastructure, and work with the responsible team in theInformation Technology Department to resolve these issues with cost-effective solutions.
- Ensure through policies and procedures theappropriate use of the university's information technology resources.
- ProvideCIO and University committees with updates/presentations on the state of USD information security.
Qualifications:
- Bachelor's Degree required, preferably in MIS, computer science, electrical engineering, Cyber-security or a related field.
- Minimum of 5 years of IT systems, networking, or security experience in progressively responsible roles.
- Experience designing technical solutions that improved IT security posture.
- Experience architecting security solutions for organizations with large networks; with special preference for University/Research networks of 10,000 or more users.
- Experience with security technology including, but not limited to: Enterprise ERP systems, Oracle database technology, Identity Management systems, VPN, firewall, endpoint and antivirus security, and wireless and wired network security.
- Enterprise system-level or applications security experience and knowledge, including understanding of threats and countermeasures.
- A strong understanding of enterprise systems and network administration, including best practices for perimeter and infrastructure security and messaging security.
- Excellent communication skills, with the ability to communicate technical information to non-technical people.
Performance Expectations: Knowledge, Skills & Abilities:
- Proven ability to writepolicies and procedures relating to information technology.
- Ability to presentinformation to large and small groups.
- Excellent collaborationand teamwork skills.
- Demonstrated effectivewritten and oral communication skills.
- Familiarity with security industry trends andbest practices.
- Proven ability to exercise independent thinkingand judgment.
- Ability to work effectively with a wide rangeof customers in a diverse campus environment.
- Excellent problem solving skills, with provenorganizational skills.
- Knowledge of systems risk and risk assessmentconcepts.
- Knowledge of information technology securitymonitoring and alert systems.
- Excellent understanding and knowledge of the fieldof information technology security.
Desired Certifications, Licenses & Registrations:
- Prior experience providing IT support and service in a highereducation environment is highly desired.
- Familiarity with EU GDPR requirements, FERPA, state and federalguidelines on privacy, transactions and security.
- Professional Certifications in field ofinformation security, e.g. CISSP, GIAC.
- Master'sdegree in a technical discipline.
Background check: Successful completion of a pre-employment background check.
Degree Verification Requirement: Persons offered employment in this position will be required to provide official education transcripts for degree verification purposes.
Salary: Commensurate with experience; Excellent Benefits.
The University of San Diego offers a very competitive benefits package, to include medical, dental, vision, a 12% retirement contribution given to you by the University (with three year vesting period), and access to on-campus Fitness Centers. Please visit the benefits section of our website to view all of the perks and benefits that USD has to offer. USD: Human Resources: Benefits
Hours: 37.5 per week, usual work hours 8:30 am to 5:00 pm
Closing date: Open Until Filled
Note: External job postings will be up for at least five days. After that time, applications will be reviewed by the hiring manager/committee throughout the posting period. A candidate may be selected at any time which could then close this posting on a date earlier than listed.
The University of San Diego is an equal opportunity employer committed to diversity and inclusion and is especially interested in candidates who can contribute to the diversity and excellence of the campus community.
The University of San Diego is a smoking and tobacco-free campus. For more information, visitwww.sandiego.edu/smokefree.