Director of Information Security, Risk, and Compliance

Posting Details Posting NumberS212Classification TitleManager 200Working Title Director of Information Security, Risk, and ComplianceDepartmentInformation SecurityHome Campus BloomsburgBargaining UnitNon-representedWork LocationHome CampusPosition TypeManagementTemporary/ PermanentPermanentFull-time/ Part-timeFull-TimeIf Part-time, specify percentage (Examples: 0.75; 0.50; 0.25)Benefits The Pennsylvania State System of Higher Education provides a comprehensive package of employer benefits to eligible employees and their enrolled dependent(s), which include*:Medical and prescription drug benefits.Generous retirement plans, two options:Alternative Retirement Plan (ARP)State Employees’ Retirement System (SERS)Tuition benefits for employees and dependents.Paid time off.Employer-paid dental and vision benefits.Employer-paid life insurance.Voluntary insurances and additional retirement programs.*Specific benefits may vary based upon university, employee group and/or collective bargaining unit. Visit: http://www.passhe.edu/inside/HR/syshr/healthcare/Pages/Summary-of-Benefits.aspx for additional information regarding benefits.To be eligible for most benefits, you must be a permanent, full-time employee (including temporary, full-time faculty with at least an academic year contract) or a permanent, part-time employee (including temporary, part-time faculty with at least an academic year contract) who is scheduled to work every pay period for at least 50% of full-time hours.Start Time8:00 amEnd Time4:30 pmHours Per Week37.5 hours per week Days Worked (Check all that apply)Mon, Tues, Wed, Thurs, FriSalaryCommensurate with ExperienceAnticipated Start DateASAPAnticipated End DateN/A Position Summary Information Position PurposeCommonwealth University of Pennsylvania seeks ambitious, qualified candidates for the position of Director of Information Security, Risk, and Compliance who are committed to providing proficient and knowledgeable Information Technology Security service to our students, faculty, staff, and university IT systems.Join a dynamic and rewarding work environment at a multi-campus institution committed to fostering academic excellence, enhancing student success, and driving innovation in higher education.Commonwealth University of Pennsylvania, a member of the Pennsylvania State System of Higher Education (PASSHE), was formed in July 2022 through the integration of Bloomsburg, Lock Haven, and Mansfield Universities to become one of the largest universities within the PASSHE system.The scope of this position is University-wide including Commonwealth University campus locations in Bloomsburg, Lock Haven, Mansfield, and Clearfield. Accountable to the Chief Information Officer (CIO) for the delivery of enterprise-wide IT security and risk-related services to the University and as the CIO’s senior advisor for IT security. Works with the CIO and executive and senior management to develop and implement security strategy across all campuses, including leading the creation and updating of IT security-related policies, procedures, guidelines, training, documentation and awareness campaigns. Responsible for oversight of security issues related to relevant IT infrastructure, architecture, data protection, audit preparation, audit responses and incident responses.Works in partnership with the CIO to determine IT security-related customer care functions (training, documentation, website, help desk escalations, etc.) as well as on overall IT system architecture matters. Issues directives as appropriate (both to IT entities and to end users) with regards to policy and procedure compliance.Supervises Information Security Analysts and the operation of the IT Security Office. Represents the CIO as directed on University, Pennsylvania State System of Higher Education, and other regional, state and national organizations with IT security focus and/or oversight. Determines the composition and mission of University IT security-focused committees, task forces, action teams, etc., and actively engages entities with a specific interest in IT security policies and procedures. Responsible for strategic planning and budgeting for IT Security.Description of DutiesUniversity and Program Leadership1. Responsible for the strategic leadership and direction of the University’s information security function.2. Provide guidance and counsel to the CIO and key members of the University leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security, while building relationships and goodwill.3. Design and lead management of University-wide information security governance processes to support information security program and project priorities.4. Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire University in support of academic and administrative information systems and technology. Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.5. Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level, participate in national policy and practice discussions, and communicate to campus on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.6. Stay informed on the latest trends in cybersecurity and proactively recommend new approaches, technologies, and partnerships to improve the University’s security posture.7. Provide leadership for the Information Security team to create a strong bridge between operating areas at the University and bring groups together to share information and resources and create better decisions, policies and practices for all campuses and the University generally.8. Foster a culture of continuous improvement, regularly reviewing and updating security practices to align with evolving cyber threats.9. Mentor Information Security team members and implement professional development plans for all members of the team.10. Represent the University on committees associated with PASSHE and in national and regional consortiums and collaborations.11. Perform special projects and other duties as assigned.Policy, Compliance and Audit1. Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant regulations, legislation, and legal interpretation.2. Lead efforts to internally assess, evaluate and make recommendations to administration regarding the adequacy of the information security controls for the University’s information and technology systems.3. Work with Internal Audit, PASSHE, Office of the State System CITO and outside consultants as appropriate on required security assessments and audits. Responsible for coordinating and tracking all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the University in its best light. Provide guidance, evaluation and advocacy on audit responses.4. Work with University leadership, Legal Counsel and relevant responsible compliance department leadership to build cohesive security and compliance programs for the University to effectively address state and federal statutory and regulatory requirements including FERPA, HIPAA, PCI-DSS, GDPR, and other federal or state data protection laws. Develop a strategy for cohesively dealing with audits, compliance checks and external assessment processes for internal / external auditors.Outreach, Education and Training1. Work closely with IT leaders, technical experts and college and other administrative leaders across campus on a wide variety of security issues that require an in-depth understanding of the IT environment in their units, as well as the research landscape and federal regulations that pertain to their unit’s research areas.2. Create education and awareness programs for students, faculty, and staff across all campuses to promote best practices in data protection and cybersecurity and advise operating units at all levels on known or potential security issues, best practices, and vulnerabilities.3. Work with campus groups such as Information Services & Technology, advisory committees, department liaisons and technical organizations in Fiscal Affairs, Academic Affairs, University Administration, and Enrollment Management and Student Affairs to build awareness and a sense of common purpose around security.4. Pursue student security initiatives to address unique needs in protecting identity information.Risk Management and Incident Response1. Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene an Incident Response Team (IRT) as needed, or requested, in addressing and investigating security incidents.2. Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.3. Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.4. Examine impacts of new technologies on CWU’s overall information security. Establish processes to review implementation of new technologies to ensure security compliance.The General Summary and Principal Duties and Responsibilities sections summarized above provide a representative listing only and should not be regarded as a complete statement of tasks performed by incumbents of this position. It should be recognized, therefore, that employees may be asked to perform job related duties in addition to those outlined above.Decision MakingResponsible for the University-wide information security program and all related day-to-day operational decisions required. This position requires the ability to organize and coordinate a large number of competing demands to provide quick response in time-critical situations. It requires a high level of communication and client service skills for interacting with students, faculty, and staff and the ability to initiate projects and see them through to successful conclusions.Fiscal ResponsibilityPrimary responsibility for the Information Security budget and makes recommendations on the overall IT budget.Supervisory ResponsibilitySupervises the staff of the Information Security team, including up to two Information Security Analysts.Minimum Requirements Profile1. B.S. Computer Science, Management Information Systems, related field or equivalent experience.2. Minimum of 10 years of experience in a variety of information technology roles, with a minimum of seven years of a demonstrated increase in levels of responsibility with IT security-related duties as well as broad leadership experience in a large-scale information technology organization.Preferred QualificationsISC2 Certified Information Systems Security Professional (CISSP) certification desirable, but not required.Applicant Rating CriteriaKnowledge, Skills & AbilitiesExcellent communication skills for dealing with faculty and colleagues.Excellent organizational, analytical, problem solving and decision-making skills.Ability to work proactively in supporting the educational and administrative missions of the department or University.Customer service orientation and skills.Ability to manage time wisely while supporting multiple concurrent projects.Supervisory skills to coordinate staff.Administrative skills to assist in hiring, managing, training and evaluating staff.Knowledge of developments and practices in information technology and methodologies in applications and systems analysis and development.Knowledge of developments and practices in information security and methodologies in applications and systems analysis and development.Knowledge of information technology and systems analysis principles and techniques.Knowledge of information security principles and techniques.Knowledge of administrative principles and practices applicable to information technology development and support.Knowledge of administrative principles and practices applicable to information security development and support.Knowledge of the concepts, characteristics, and capabilities of information technology and information security.Knowledge of the component parts of a servers & desktop PC’s and their associated functionality.Knowledge of the basic concepts of networking both Ethernet and Wireless.Knowledge of the process of configuring servers & desktop PC’s and peripheral hardware.Knowledge of the process of installing and configuring software on server & desktop PC’s and peripheral hardware.Knowledge of system fundamentals, memory management, anti-virus software, and troubleshooting techniques.Knowledge of desktop computer operating systems and information security systems.Knowledge of network operating systems including Microsoft Active Directory.Knowledge of industry standard software application programs such as word processing, spreadsheet, e mail, and database, and their use and functionality.Knowledge of computer programming techniques.Knowledge of the use and interpretation of diagnostic utility programs used in troubleshooting.Skill in the use of inductive and deductive reasoning.Ability to analyze and translate management and academic process objectives and procedures into information technology solutions to meet user and academic requirements.Ability to analyze and translate management and academic process objectives and procedures into information security solutions to meet user and academic requirements.Ability to conduct presentations and information technology/security training.Ability to install and configure servers & PC’s and peripheral hardware.Ability to install and configure software on servers & PC’s and peripheral hardware.Ability to utilize diagnostic utility programs in troubleshooting hardware and software problems.Ability to read, comprehend and interpret technical manuals and procedures.Ability to grasp and learn new concepts in the information technology and information security fields.Ability to conduct research in order to discover answers to problems that have not been previously documented.Ability to establish and maintain effective working relationships with the user community.Essential Functions1. Ability to communicate technical solutions in an easily understood manner.2. Ability to develop and present solutions to complex technology problems.3. Frequent lifting of objects weighing less than 5 pounds.4. Reaching for objects at, above and below shoulder.5. Occasionally twisting at waist and stretching to reach objects.6. Motor skills necessary to use hand tools and related instruments.7. Ability to read and interpret technical instructions, diagrams and blueprints.8. Sensory skills, i.e. visual, hearing, and speaking.9. Keyboard skills.10. Ability to research and interpret technical product data and make sound recommendations regarding purchase and utilization. Posting Detail Information Open Date mm-dd-yyyy10/18/2024Close Date mm-dd-yyyyOpen Until FilledYesSpecial Instructions to ApplicantsFor full consideration, applications must be received by November 18, 2024.Finalists for this position must communicate well and successfully complete an interview process.Completing this search is contingent upon available funding.Background ClearancesOffers of employment are conditional, pending successful completion of the background clearances mandated by Act 153 of 2014 and Board of Governors Policy 2014-01-A: Protection of Minors. In order to qualify for a provisional appointment, the Applicant Acknowledgement Consent Form, Provisional Hire Form, Pennsylvania State Police and Justifacts portion of the clearance process must be successfully completed prior to your start date. The remaining PA Child Abuse History Clearance and FBI Clearance must be successfully completed and returned as soon as possible within the first 90 days of employment.Diversity StatementAt Commonwealth University we recognize our responsibility to continuously support a living, learning, and working environment that values the diverse contributions from all members of our campus community. Our commitment to diversity, equity and inclusion enriches our campus community and is instrumental to our institutional success. Commonwealth University strives to cultivate a campus climate that allows all members to embrace diversity, equity and inclusion as we achieve success both in and out of the classroom, in our work responsibilities, and in our professional lives beyond Commonwealth University. We uphold our commitment to DEI by:• Actively supporting and promoting the intellectual and personal growth of our students, inside and outside of the classroom.• Providing workshops, trainings, programs designed to broaden the knowledge and understanding of diversity, equity and inclusion within our campus community.• Ensuring that all learning and living environments throughout our campus are welcoming and capable of serving all individuals.Title IX/CleryThe University prohibits any form of discrimination or harassment on the basis of sex, race, color, age, religion, national or ethnic origin, sexual orientation, gender identity or expression, pregnancy, marital or family status, medical condition, genetic information, veteran status, or disability in any decision regarding admissions, employment, or participation in a University program or activity in accordance with the letter and spirit of federal, state, and local non-discrimination and equal opportunity laws, such as Titles VI and VII of the Civil Rights Act of 1964, Title IX of the Education Amendments of 1972, the Age Discrimination in Employment Act, the Americans with Disabilities Act and ADA Amendments Act, the Equal Pay Act, and the Pennsylvania Human Relations Act.The University also complies with the Jeanne Clery Disclosure of Campus Security Policy and Campus Crimes Statistics Act, as amended by the Violence Against Women Act (VAWA). Title IX prohibits retaliation for asserting or otherwise participating in claims of sex discrimination. VAWA imposes additional duties on universities and colleges to investigate and respond to reports of sexual assault, stalking, and dating or domestic violence, and to publish policies and procedures related to the way these reports are handled. The University has designated the Title IX Coordinator (Jennifer Raup, Elwell Hall, ORL, 570-389-4808, jraup@commonwealthu.edu or titleixcoord@commonwealthu.edu), to coordinate the University’s compliance with Title IX and VAWA and to respond to reports of violations. The University has directed the Police Department to coordinate the University’s compliance with the VAWA-related Clery reporting requirements. Additionally, inquiries concerning Title IX and its implementing regulation can be made to the U.S. Department of Education, Office of Civil Rights, Region III, The Wanamaker Building, 100 Penn Square East – Suite 505, Philadelphia, PA 19107; Phone: (215) 656-6010; Fax: (215) 656-6020.About Commonwealth University of PAThe Power of Three Bloomsburg, Lock Haven and Mansfield universities have joined forces to boldly transform higher education in our region and beyond. While we are uniting as Commonwealth University of Pennsylvania, you can expect a college experience that is anything but common.We’re Honoring our History by preserving the founding principles of each campus and continuing our vibrant on-campus student experience, serving as pillars of our communities, supporting students and our neighbors alike.We’re Investing in Today by answering the greatest challenges facing higher education: accessibility, cost, quality, and relevance through the combined strength of our storied institutions.We’re Building a Powerful Tomorrow by boldly changing the trajectory of public education to position ourselves for growth, increased access, and to meet economic and workforce development needs in our region, across Pennsylvania and beyond.Quick Linkhttps://commonwealthu.peopleadmin.com/postings/2837
Salary: . Date posted: 11/11/2024

Location: Bloomsburg, PA, US

Posted Date: 11/15/2024