Bachelor's degree in risk management, business management, computer science or related field and three years of experience in information security, risk management or compliance, including time in a project management or compliance planning leadership role, required. Experience in managing security across an enterprise preferred. Professional certification related to information security, such as CISM, CISSP, or GSLC, or similar certification preferred.
Knowledge, Skills and Abilities
Knowledge of education, healthcare, financial-related information security and privacy regulations, requirements and best practices. Must be highly analytical and able to diagnose, prioritize and solve complex technical problems. Ability to communicate technical issues to a broad range of technical and non-technical audiences. Ability to foster participation and work cooperatively with agencies, state executives and staff. Excellent written and verbal communication skills.
Reporting to the Director of Internal Audit and Compliance, the Information Security Manager reviews and evaluates the agency’s business processes to identify issues of governance and risk and compliance. Develops and reviews information security policies, plans, standards and procedures to ensure compliance with state policies and best practices. Develops and validates baseline security configurations for operating systems, applications, networking and telecommunications equipment. Assists in developing technical documentation and communications. Develops, implements and periodically tests Incident Response System to address security incidents and responds to alleged policy violations or complaints from external parties, such as ISAC and SCIOPS notices. Performs regular security assessments of the University's systems, including Banner, network shares, custom applications and web services. Acts as liaison to state authorities and assists the Department of IT and Computing with business continuity planning, disaster recovery planning, risk management, incident management and audit compliance. Prepares and submits required reports to external agencies regarding information security as required. Keeps abreast of the latest security practices, legislation, regulations, advisories, alerts and vulnerabilities. Works within the Office of Internal Audit and Compliance to coordinate the development and delivery of a training program on information security and privacy matters for faculty and staff.
Winthrop University is an Equal Opportunity / Affirmative Action employer and does not discriminate against any individual or group of individuals on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, or veteran status. Women, minorities, and persons with disabilities are encouraged to apply.
Additional Salary Information: Actual salary depends on qualifications. Relocation expenses are negotiable.
Winthrop is a public, comprehensive university that is committed to be among the very best institutions of its kind in the nation. Through an educational experience that blends liberal arts, professional programs, global awareness and civic engagement, Winthrop helps students develop the knowledge, skills, and values that enrich their lives and prepare them for all the future holds.
BACK TO TOP
ISACA Career Centre is Just One of the Benefits.
Discover what else ISACA Membership has to offer!
The job you are trying to reach from was originally posted at ISACA Career Centre.