Information Security Officer
The Information Security Officer is responsible for the administration of the University's comprehensive information security program. This includes the review, evaluation and implementation of controls to reduce the overall risks associated with the University's electronic data, electronic data recovery and computer systems maintained by the University as well as investigating potential security breaches. The Information Security Officer also proposes, drafts, and maintains all documented security policies and procedures designed to mitigate such risks. The incumbent will assure compliance with all information security rules and regulations and will focus University attention to the prevention, detection, containment, and correction of security risks, threats and breaches. Assumes additional responsibilities as may be determined by the Chief Information Officer.
SUPERVISION RECEIVED: Chief Information Officer
SUPERVISION EXERCISED: Designated staff, contractors and student employees.
DUTIES & RESPONSIBILITIES:
The primary duties of this position fall under 3 general categories:
Policy and Planning
-
Manage the University's information security policies by assessing current policies, proposing modifications, and drafting changes or additional policies as necessary.
-
Identify information recovery and security issues, develop solutions, and implement plans University-wide.
-
Manage security issues related to transitions from current technology to new technology.
-
Conduct risk assessments and provide recommendations to help the University develop security standards and procedures that support strategic, tactical, and operational objectives on a cost-effective basis.
-
Monitor changes in legislation related to information security, and ensure that the University's Comprehensive Written Information Security Program is updated as needed.
Compliance
-
Monitor compliance with the university's security policies/procedures.
-
Increase awareness and train faculty, staff and students on compliance matters and best practices.
-
Monitor internal control systems to ensure appropriate processes are in place to assure access privileges are assigned and maintained appropriately.
-
Perform or facilitate internal information security assessments.
-
Serve as a project manager for information security compliance initiatives, and point of contact for providing third party auditors with information that they request.
-
Ensure the prevention, detection, containment, correction and documentation of security incidents and breaches.
-
Certify that technology systems meet predetermined security requirements.
Operations
-
Handle the administration, planning and coordination associated with remediation undertaken as follow-up to findings and recommendations from audits and assessments.
-
Manage the University antivirus and server backups systems and other security-related applications.
-
Periodically review and assess logs, access controls, vulnerability scans and patch management programs as required to ensure that documented standard operating procedures are consistent with best practice, up to date, and are being followed. Adjustments to standard operating procedures will be made as needed. Any/all findings will be noted, remediated, and reported.
Requirements:
REQUIRED QUALIFICATIONS:
-
Academic credential of a Bachelor's degree
-
Excellent technical, organizational, planning, documentation and communications skills
-
Project management experience
-
5+ years progressive experience in a computer related field
-
Some degree of experience in policy and planning, compliance and operations as described in the preceding section titled "Duties and Responsibilities"
PREFERRED QUALIFICATIONS:
-
Prior experience as an Information Security professional
-
Experience working for a College or University within Information Technology Services
-
Certifications and other credentials for Management of Information Security
-
Familiarity with the Information Technology Infrastructure Library (ITIL) framework and Information Technology Service Management (ITSM) principles
Additional Information:
This is a full-time, exempt, benefits-eligible position in the APA bargaining unit at the rank of Director. The salary range is $70,000-80,000.
Framingham State University conducts criminal history and sexual offender record checks on recommended finalists prior to final employment for all positions.
Framingham State University is an equal opportunity/affirmative action employer.
Members of underrepresented groups, minorities, women, veterans, persons with disabilities, and all persons committed to diversity and inclusive excellence are strongly encouraged to apply.
Application Instructions:
Candidates must apply online by submitting a cover letter, resume, and the names and contact information for three professional references.
For full consideration, application materials must be received by September 30, 2018.
Framingham State University only accepts application materials through our online application system. We are unable to accept application materials through mail, email, fax, or hand delivery. If you experience technical issues with the online application process, please submit a helpdesk ticket.
Framingham State University understands that persons with specific disabilities may need assistance with the job application process and/or with the interview process. For confidential assistance, please contact the Human Resources Office at 508-626-4530 or humanresources@framingham.edu.