HUMAN RESOURCES >
CAREER OPPORTUNITIES >
DIRECTOR, INFORMATION SECURITY
Director, Information Security
The Human Resources Department announces the
position of Director, Information Security, reporting
to the Vice President, Information Technology.
Responsibilities include: leading the development, implementation, testing, and
maintenance of the Information Security Program (ISP) for the University,
identifying and recommending best practices to mitigate information security
risks, developing metrics to indicate RMU’s information risk position, and
communicating those metrics; keep current on information security threats and
risks, monitor security warning services, participate in the development of
other information-related RMU policies, and serve as the contact point for
internal and external security audits and investigations; Security awareness program; Incident management and forensics. Supportive functions
of an ISO include: Network security, Access control, Authentication and
authorization, and Identity management. Develop,
implement, and maintain a comprehensive risk-based Information Security Program
(ISP) that addresses information security, privacy, integrity, and availability
and provides input into the university’s Enterprise Risk Management program;
lead RMU’s Information Security Program (ISP) Committee; lead the development
and enforcement of university-wide security policies; drive the development of
plans, procedures, and metrics that support the ISP; communicate progress
against plans and metrics; develop test plans for assessing the ISP and lead
periodic testing and remediation; ensure an effective Business Continuity plan
exists and is tested periodically; provide leadership and guidance in regard to
security best practices for application development, access control, incident
response, security awareness, governance, administration, and other related
areas; provide or coordinate the information technology response to internal
and external audits, including commercial partner security assessments; perform
evaluations and provide guidance on commercial security products and services
applicable to security plans, policies, and metrics; drive the
implementation of the IT Infrastructure Library framework for IT services; lead support activities for internal and external security
investigations; and perform any and all relevant duties of the position.
Bachelor’s Degree or equivalent experience required. Master’s Degree, CISSP (Certified Information Security Systems Professional), GIAC (Global Information Assurance Certification), or other industry certification preferred.
Minimum of 10 years of experience in security or security-related positions.
Proven ability to develop and maintain a risk-based information security program that addresses information security, privacy, integrity, and availability.
Practical experience in a technical security area such as security architecture, security operations, incident management, networking, etc.
Ability to develop plans and execute a complex effort involving the application of technical security solutions and security management best practices.
Strong interpersonal skills, including teamwork, facilitation, and negotiation.
Excellent analytical and technical skills.
Excellent planning and organizational skills.
Internal Application Deadline: August 27, 2014
External Application Deadline: Until Position Is Filled
Starting Date: As Soon As Possible