| Job Summary: Responsible for leading in the design, implementation and management of the governance risk and compliance program for the Information Security Office. Plan and develop information security risk assessments and assist Information Resource owners in completing required risk assessments. Manage the information security risk register, assist stakeholders in managing risk and document risk decisions. Lead in the development, monitoring, and enforcement of security policy and standards and collaborate with business leaders to ensure information security compliance. Lead the information security administrator work group and participate with the Information Security and Architecture Advisory Committee. Assist with the execution of the incident response plan. Essential Duties: Governance, Risk and Compliance (GRC) – Lead in the management of the information security GRC program, including the development and implementation of risk assessments, risk mitigation tracking and reporting of residual risk. Manage risk assessments on new software, software renewals and 3rd party software. Lead in developing and implementing policies and standards that ensure compliance with applicable state and federal requirements. Manage the policy exception and risk acceptance process. Provide risk consulting and/or training to stakeholders on remediation of risks and assist business owners with information security risk assessments and risk response. Lead the information security administrator work group and assist with the Information Security Advisory & Architecture Committee. Assist with metrics for the Information Security Program. Assist with reports due to the state and UT System. Projects and Research Support: Lead with the development of requirements for, and take part in, information security and institutional technology projects. Provide security consulting and support to institutional departments on security related issues and inquiries. Lead support for research in the development and review of data management plans and technology control plans. Assist research with security compliance requirements. Security Controls & Testing: Manage security controls requirements for UTA in accordance with applicable laws. Perform security control gap assessments and audits of security controls as needed. Perform periodic testing of institutional information resources and supporting security infrastructure to ensure security controls are in place and effective. Incident Response: Manage the Incident Response Plan and oversee annual updates. Participate as a member of the incident response team. Assist with security incidents and investigations as needed. Assist in planning cybersecurity incident tabletop exercises. Security Awareness: Support the development and implementation of security awareness training programs. Performs other duties as assigned. Required Qualifications: Bachelor's degree with demonstrated information security knowledge and experience. Five (5) years of progressively responsible and demonstrated information security work experience, including experience in designing, implementing, auditing and/or managing information security or risk management programs including qualitative and quantitative risk assessments. Demonstrated experience with developing and maintaining information security policies. Extensive knowledge of and experience in information security risk management. History of communication with and presenting to stakeholders regarding risks and remediation. In depth knowledge and practical experience with implementing or auditing risk frameworks, e.g. NIST 800 series, ISO 20001, CIS Top 20, and CMMC. Certifications: CISSP or CRISC Preferred Qualifications: Master's degree preferred. Certifications related to the duties and responsibilities specified, including but not limited to: CISM, and/or CISA. Experience in the protection of research data and intellectual property, implementing NIST 171 controls and/or familiarity with CMMC a plus. Technical knowledge of operating systems, defense-in-depth concepts, networks, security related technologies, security configurations. , and application security best practices. Knowledge of common GRC tools such as LogicManager, RSA Archer, ISORA, or ServiceNow Governance Risk and Compliance. Knowledge and implementation of CIS benchmarks. Experience in the implementation of GRC strategies. Solid knowledge regarding risk management practices and GRC concepts and automation tools. Knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks. Experience in higher education and/or Experience in Texas State government. Must have CISSP certification or ability to obtain the certification within 1 year from hire. Special Instructions: Applicants must include in their online resume the following information: 1) Employment history: name of company, period employed (from month/year to month/year), job title, summary of job duties and 2) Education: school name, degree type, and major. EEO Statement: UTA is an Equal Opportunity/Affirmative Action institution. Minorities, women, veterans and persons with disabilities are encouraged to apply. Additionally, the University prohibits discrimination in employment on the basis of sexual orientation. A criminal background check will be conducted on finalists. The UTA is a tobacco free campus. Open Until Filled: No Location: Arlington |
