Information Technology Security Officer

Job Level
Senior position
Job Category
C Level
Sector
  • Technology
  • Information Technology
Job Status
Full-Time
Areas of Responsibility
  • Information Technology
  • Security

This position reports to the Asst. Vice President/Deputy CIO for the Office of Technology Administration. The incumbent sets security policies, standards, and processes, utilizes a risk-based methodology to inform work, anticipates threats and identifies potential impact. The ITSO designs and implements roles, responsibilities, and operational efforts supporting a clear vision and strategy for information security throughout the University. Provide security leadership in support of the enterprise as it relates to IT network security, IT security governance, security monitoring, and security awareness. This individual shall manage the planning, development, installation, and operations of IT security solutions by evaluating current and future business requirements.

The ITSO shall develop, maintain, communicate and execute security project plans and schedules, prioritizes requirements, and organize teams where applicable. Work across organizational boundaries and with functional users. Ensure products and solutions are compatible with existing and future environmental integration. Identify, evaluate and resolve security-related business issues. Work on abstract problems across all functional areas within ITC.

Primary Responsibilities:

  • Develops and sets information security policy for the University

  • Responsible for planning and reviewing periodic risk assessments to drive security program prioritization

  • Responsible for developing, documenting, and directing implementation of a comprehensive information security program and prioritized roadmap to protect communications, systems, information, and assets from anticipated threats, both internal and external

  • Work proactively to define and prioritize the implementation of physical, administrative, and technical controls appropriate for the University's security program and in compliance with policies, applicable laws, and regulations

  • Leads the implementation of security controls, practices, and policies through collaboration with technical staff inside and outside ITC

  • Directs the use of external, third-party resources to scan for vulnerabilities and conduct penetration tests

  • Continuously ensures compliance with laws and regulations applicable to academic, research, and business data and systems

  • Determines and oversees periodic security audits

  • Manages projects associated with IT security audits

  • At the direction of human Resources and/or the Office of the President, leads ITC activities related to data access reporting, data collection, and securing evidence in disciplinary and legal matters and security breaches

  • Provides strategic and tactical security guidance for programs, projects, and data management and use agreements that may involve security controls, including evaluation of the architecture, hardware, software and technical controls

  • Leads enterprise information security incident response services and activities

  • Directs the development and delivery of a security awareness training program for employees, contractors, and other parties

  • Establishes a metrics-driven dashboard to evaluate the effectiveness of the information security program

  • Maintains a current understanding of the IT threat landscape for the industry

  • Manages institution-wide information security governance processes

  • Must be available to provide support and consultation outside normal business hours, including occasional evenings, holidays, or weekends, within reasonable professional obligation and expectation

  • This has been designated as an essential position based on the duties of the job and the functions performed. Positions that are designated as such are required to report to work/remain at work even if classes are cancelled and the campus is working on limited operations in an emergency.

Problem Solving

  • Anticipate operational issues and develops preventive measures.

  • Solve problems impacting the area in a systematic and clear manner that can be understood by management and colleagues.

  • Analyze existing operations and make recommendations for the improvement and strengthening of IT security throughout all IT systems, business processes, and service deliverables.

Minimum Qualifications

  • A strong understanding of information security regulatory requirements and compliance issues.

  • Knowledge of general security concepts and methods such as vulnerability assessments, privacy assessments, intrusion detection, incident response, security policy creation, enterprise security strategies, architectures and governance.

  • Understanding of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS, etc.), databases (Oracle, mysql, MS-SQL), and application programming/scripting languages (C, Java, Perl, Shell).

  • Demonstrated ability to develop new engagement opportunities in the information security advisory space within the higher education industry.

  • Bachelor's degree from a college or university accredited by a U.S. Department of Education (DOE) or internationally recognized accrediting organization

  • At least 7 years full-time experience in information security/cybersecurity

  • Experience developing or contributing to the development of security policies

  • Ability to plan, manage, and maintain a complex, long-term, organization-wide program

  • Demonstrated experience working, collaborating, and establishing credibility and relationships with senior leadership, colleagues, and customers

  • Excellent oral, written, and interpersonal communication skills as evidenced in the cover letter, resume, and interview process

  • Familiarity with cyber security frameworks, including NIST

  • Excellent leadership and teaming skills.

Preferred Qualifications

  • Knowledge of Banner or other ERP system used in higher education

  • Encryption Technologies

  • CAS, LDAP, RSA, and other authentication technologies

  • Experience developing IAM strategies, architectures and integration a plus

  • Experience with common security and privacy legislation and regulations (e.g. PCIDSS, FERPA, HIPPA, etc.)

  • Experience coordinating with key stakeholder groups, such as internal audits

  • Professional certification (e.g. CISSP, CISO, CERT, CSIH)

  • Project management of information security projects including development of project charters and plans; management of project execution and successful implementation of the planned solution.

  • Demonstrate ability to learn new systems and technologies quickly.

Applicants must submit:

  • Complete Job Application

  • Letter of Application

  • Resume'

  • Two - three letters of reference

  • Three references with contacts' information on application

  • Reference letters and application letters should be work related

How to Apply

Contact:

Melva D. Williams

Office of Technology Administration

Xavier University of Louisiana

Phone:

504.520.7453

Fax:

504.520.7911

Online App. Form:

https://jobs.xula.edu

Email Address:

mewillia@xula.edu