Director of Information Security and Data Privacy
PRINCIPLE RESPONSIBILITIES:
-
Work with the Information Technology Division (ITD) to develop and establish a security program and security projects that address identified risks and business security requirements.
-
Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the CIO with a realistic overview of risks and threats in the enterprise environment.
-
Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department.
-
Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
-
Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.
-
Provide security communication, awareness and training for campus constituents, which may range from senior leaders to field staff.
-
Work as a liaison with vendors to establish mutually acceptable service-level agreements.
-
Manage production issues and incidents, and participate in problem and change management forums.
-
Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
-
Serve as an active and consistent participant in the information security governance process.
-
Provide support and guidance for legal and regulatory compliance efforts, including audit support.
-
Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
-
Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
-
Manage security projects and provide expert guidance on security matters for other IT projects.
-
Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.
-
Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.
-
Design, coordinate and oversee security-testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.
EDUCATION:
- Master's degree in computer science, information systems or a related field is required.
EXPERIENCE:
-
Four (4) years of IT experience with two (2) years in an information security role and two (2) years in a supervisory role.
-
Experience in higher education is desired.
-
Experience working with audit and compliance staff.
-
Experience developing and maintaining policies, standards and guidelines.
KNOWLEDGE, SKILLS, AND ABILITIES:
-
Ability to work effectively with business managers, IT engineering and IT operations staff.
-
Must have the ability to interact with Coppin personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
-
Strong understanding of the business impact of security tools, technologies and policies.
-
Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.
-
Excellent understanding of information security concepts, protocols, industry best practices and strategies.
-
Familiarity with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), the Family Education Rights and Privacy Act (FERPA), and the European Union Privacy Directive.
-
Proficiency in performing vulnerability assessments, and in defining treatment strategies.