Location: Bristol, RI Category: Staff positions Posted On: Mon Oct 15 2018 Job Description:
Under the general direction of the CIO, the Information Security Officer (ISO) is responsible for establishing and maintaining a University-wide information security management program to include the School of Law. The purposes of this program is to assure that information created, acquired or maintained by RWU, and its authorized users, is used in accordance with its intended purpose; to protect RWU information and its infrastructure from external or internal threats; and to assure that RWU complies with statutory and regulatory requirements regarding information access, security and privacy. The incumbent will oversee a variety of IT-related risk management activities. The ISO serves as the process owner of all assurance activities related to the security aspects of availability, integrity and confidentiality of student, faculty, staff, research subjects, business partner and business information in compliance with the University's information security policies. A key element of the ISO's role is working with management to determine acceptable levels of risk for the organization. The ISO position requires a visionary leader with sound knowledge of business management and a working knowledge of information security technologies.
Essential functions of this position include but are not limited to:
Security System Management and Strategy
Direct and approve the design of security systems.
Establish and implement industry best practices, policies, and procedures to safeguard any unauthorized access to PII or data within the University's information systems.
Implement information security best practices and projects to reduce risk and minimize the potential for intrusion or breach of RWU information.
Provide a written annual report on the annual risk assessment, the identification of any security risks, metrics on security issues and security protocols implemented during the year.
Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.
Ensure that disaster recovery and business continuity plans are in place and tested.
Review and approve security policies, controls and cyber incident response planning.
Approve identity and access policies.
Maintain a current understanding the IT threat landscape for the industry.
Must be highly knowledgeable about the University business environment and ensure that information systems are fully functional and secure.
Constantly update the cyber security strategy to leverage new technology and threat information.
Serve as the University compliance officer with respect to RWU, state and federal information security policies and regulations.
Work with the campus-designated FERPA, Records Access and HIPAA- privacy Officers on compliance issues as necessary.
Prepare and submit required reports to external agencies.
Ensure that University policies support compliance with external requirements.
Oversee the dissemination of policies, standards and procedures to the University community.
Ensure compliance with the changing laws and applicable regulations. Translate that knowledge to identification of risks and actionable plans to protect the University.
Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
Schedule periodic security audits.
Oversee identity and access management.
Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced.
Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the RWU and its mission.
Coordinate the development and delivery of an education and training program on information security and privacy matters for employees, other authorized users, and students.
Provide training and mentoring to security team members.
Provide continual IT security awareness and security training to faculty, staff and students.
This position is scheduled to be filled after January 1, 2019.
Prerequisite Qualifications Bachelor's degree in computer science or a related major.
Minimum of 5 to 8 years of experience in a combination of IT risk management and information security.
Experience with security auditing and diagnostic tools.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk- related concepts to technical and nontechnical audiences.
Poise and ability to act calmly and competently in high-pressure, high- stress situations.
Must be a critical thinker, with strong problem-solving skills.
Knowledge and understanding of relevant legal and regulatory requirements, such as Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.
Experience with contract and vendor negotiations.
High degree of initiative, dependability and ability to work with little supervision.
Preferred Qualifications Masters or higher degree in a technology related field.
Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and those from NIST.
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials..
* At the University's discretion, the education and experience prerequisites may be excepted where the candidate can demonstrate, to the satisfaction of the University, an equivalent combination of education and experience specifically preparing the candidate for success in the position.
As an institution committed to strengthening society through engaged teaching and learning as well as building the university that the world needs now, Roger Williams University values inclusion, seeks to reflect the diversity of the region and create access to higher education and career success.
The University seeks candidates who, through their work and life experiences, service to the community, and teaching or research, can contribute to our diversity, inclusivity, and equity goals.
Roger Williams University is an affirmative action/equal opportunity employer and committed to a diverse workforce. All applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, veteran status, or any other basis protected by applicable state and federal law.
For information on our Non-discrimination and Title IX policy, visit: rwu.edu/NDT9
Salaries for new hires at Roger Williams University usually fall between the minimum and midpoint of the salary range.
Roger Williams University is inextricably connected to Roger Williams, the 17th-century leader devoted to freedom of conscience and social justice who founded a community in Rhode Island based on those tenets. Roger Williams' philosophy, and what has been called his 'lively experiment,' nurtured the growth of vibrant and open societies. Our pursuit of excellence in education, academic accomplishment and community service is rooted in his focus on intellectual exchange, critical thinking, inclusiveness and innovation as a means of improving a free society. It is this legacy that inspires our core purpose.
BACK TO TOP
ISACA Career Centre is Just One of the Benefits.
Discover what else ISACA Membership has to offer!
The job you are trying to reach from was originally posted at ISACA Career Centre.