Information Security – Works in collaboration with the campus community to protect the integrity of campus information technology infrastructure to mitigate risks and losses associated with security threats, while supporting access to technology.
DUTIES AND RESPONSIBILITIES:
Risk & Compliance
Perform risk and control assessments of campus 3rd party products/service and new projects
Engage in contract review and negotiations for compliance with legal and policy obligations
Provide subject matter expertise related to information security, standards and regulatory compliance
Provide recommendations for security controls and ensures remediation of any deficiencies to ensure compliance with CSU, campus policy and regulatory requirements
Provide subject matter expertise for initiatives related to information security and regulatory compliance
Coordinate and align security operation practices and compliance requirements through department and campus partnerships, training, and documentation.
Collaborate with campus IT and functional departments to assess, design, develop and implement security controls for campus systems, applications, devices, workstations, networks, for faculty staff and student environments.
Participate as a member of the IT change control process to assess changes for IT security impact.
Oversight for vulnerability analysis and management process, which includes managing vulnerability scanning/reporting process. Includes use of campus vulnerability, SIEM systems and log management systems. Work with CISO, security staff and IT staff to perform technical analysis of high impact vulnerabilities and coordinate/verify response with appropriate technical teams.
Participate w/IT Security & Compliance Leadership team to provide oversight for incident response.
Provide Leadership for alert monitoring security tools and services, investigate, respond, and escalate as appropriate.
Participate as a member of security incident response team. Follow incident response process, coordinating with appropriate campus security and technical teams, and law enforcement as needed.
Participate as needed in approved campus investigations as a representative of IT Security & Compliance providing expertise, integrity, industry, CSU and CPP accepted practices/principles and ethics. Coordinate the investigation with internal compliance departments, forensic
vendors, and IT system/security administrators.
Reporting & Communications
Build and maintains an effective evidence and metrics-based culture to measure program and process effectiveness.
Provide status reporting to all levels of management
Maintains a broad knowledge base on the latest information security issues related to job duties.
Raises security risks to other members of the IT&IP leadership through effective communication about impact, cause and remediation.
Contributes to the development and maintenance of a security awareness program for the campus community
Shares knowledge with other IT&IP team members and the campus community through cross-training, presentations, etc.
Promotes awareness of IT&IP security and compliance working with IT and campus management. Awareness and training program that focuses on the elements of the compliance program, and seeks to ensure that all appropriate employees and management are knowledgeable of, and comply with, pertinent federal and state, and CPP standards
Demonstrates ongoing and self-motivated pursuit to enhance knowledge and skills (both technical and non-technical) through formal and informal trainings, conferences/events, informal learning plans, professional memberships, etc.
Serve as a member of the IT&IP Leadership Team and contributes to regularly scheduled management meetings.
Works in collaboration with other IT&IP leaders on the division's strategic planning initiatives, projects, and related assignments.
Supports and coordinates the campus risk and security assessments.
Represents IT&IP in various campus committees and venues, leveraging them as additional input sources for planning and feedback.
Works with faculty and students on cyber security initiatives and partnerships (grants, cyber fair, etc.)
Bachelor's degree from an accredited college or university in a field of study reasonably related to the position.
5+ years of demonstrated experience in an information technology, information security, or network management
3+ years of experience with increasing responsibilities for leading or managing information technology professionals to accomplish department and/or organizational objectives.
Demonstrated leadership experience working in a position that requires a high-degree of technical operational and service skills with a proven commitment to promoting and maintaining a service-oriented culture.
3+ years of experience with information technology risk, security and/or privacy within a large-scale IT organization
Ability to quickly and accurately aggregate, analyze, and review large volumes of technical and non-technical information to support simultaneous assessments for audits, compliance, vulnerabilities, risk analysis, incidents, investigations, etc. Ability to analyze complex situations such as personnel, operational, technical or security issues and to develop and work with and through others to implement corrective actions and/or mitigation strategies for university-wide success. Ability to interpret and evaluate data and results to develop sound conclusions and make recommendations including new or revised guidelines, procedures, practices, and/or policy. Ability to understand problems from a broad, interactive perspective and discern applicable underlying principles to conceive of and develop strategic solutions; Familiarity with IT audit, compliance or security risk assessment, policy management, or compliance programs. Familiarity with regulatory requirements, standards, guidelines such as PCI DSS, CLETS/JDIC, HIPAA, GLBA, Red Flag Rule, GDPR, FERPA, OWASP, Section 508 of the Rehabilitation Act, WCAG, WAI-ARIA, etc. Familiarity with control frameworks such as MITRE ATT&CK, NIST, COBIT, ISO27001, ITIL. Ability to manage, maintain and motivate technical and non-technical staff members. Excellent oral and written communications skills required to communicate to technical and non-technical audiences including experience preparing and presenting information clearly and concisely to a wide range of internal, external and customer constituencies, including executives. Exceptional interpersonal skills coupled with the ability to develops and promotes high-performing teams, partnership, inclusivity, and transparency with others. High ethical standards and business acumen.
Master's degree in Instructional Technology, Information Technology, Computer Science, Business Administration, or related discipline.
5 years of Management experience in an Information Technology organization in an University environment.
Experience in a large, complex and diverse public sector information technology organization.
Demonstrated experience with the full implementation of large-scale projects.
Relevant IT professional certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or other Information Security / IT audit certification (e.g. CISA); Program Management Professional (PMP), ITIL Foundations, AWS/Azure certifications
Providing technical support to technical and non-technical users, including involvement in significant projects involving core enterprise-level infrastructure and/or services; Experience in supporting computing platforms running Windows-based and Linux-based operating systems; Experience in managing and/or securing systems and infrastructure in an IaaS cloud platform such as Amazon AWS; Knowledge of modern programming languages, including PowerShell, ASPX, VBScript, SQL, Shell Scripts, Perl, Knowledge of networking technologies, including TCP/IP, DNS, DHCP, routing and firewall configuration and operation. Ability to debug complex technical problems with modern computer operating systems, applications and networks.
Telecommuting is allowed.
Internal Number: 511617
About Cal Poly Pomona
Cal Poly Pomona consistently ranks among the best universities in the country when it comes to quality education, affordability and career prospects for graduates. As an inclusive polytechnic university, we cultivate success through experiential learning, discovery and innovation. U.S News noted Cal Poly Pomona was eighth most diverse among regional universities in the West and tenth most diverse in the nation. Nowhere else can students ride an Arabian horse, practice on a Steinway piano, bring a new product to market, and build a liquid-fueled rocket.