Director, Information & Digital Compliance
Job No: 519205
Work Type: Management (MPP)
Categories: MPP, At-Will, Full Time, Information Systems & Technology
Type of Appointment: Full-time, Management Personnel Plan (MPP II)
Anticipated Salary Range: $100,000 to $120,000 annually (Commensurate with Qualifications and Experience)
Recruitment Closing Date: Open Until Filled
REQUIRED- All candidates must submit the following:
- Cover letter
- Resume or CV
- Three References
The Division for Information Technology & Institutional Planning (IT&IP) provides innovative, strategic and cost appropriate technology services in collaboration with the campus community to advance the mission of the University. The Division's services are recognized as an essential resource in furthering the University's mission. The Division of IT&IP will provide technology solutions, expert consultation, and leadership resulting in numerous enhancements to the advancement of learning and knowledge and to the effectiveness of campus support services and business processes for the entire University. The department of IT Security & Compliance is responsible for:
- Information Security - Works in collaboration with the campus community to protect the integrity of campus information technology infrastructure to mitigate risks and losses associated with security threats, while supporting access to technology.
- Information & Digital Compliance - An information & digital compliance program to improve efficiency and effectiveness of the internal controls and assessment processes, monitor regulations for new or changed requirements, and coordinate with internal and external auditors to ensure compliance.
- Business continuity (BC) and disaster recovery (DR) - Work with the University community to establish IT Disaster Recovery and Business Continuity criteria and plans
- Accessible Technology - Leadership, oversight and coordination for the campus implementation of the CSU's Accessible Technology Initiative (ATI) to comply with Section 508, WCAG 2.0AA, and WAI-ARIA. It includes each of the three priority areas of ATI: web accessibility, instructional materials accessibility, and procurement.
DUTIES AND RESPONSIBILITIES:
Compliance & Assessment
- Perform risk and compliance assessments of campus 3rd party products/service and new projects
- Engage in contract review and negotiations for compliance with legal and policy obligations
- Provide subject matter expertise related to information compliance, standards and regulatory compliance including accessibility and privacy
- Provide recommendations for compliance and remediation of compliance deficiencies with CSU, campus policy and regulatory requirements, including accessible technology. Includes plans for equally effective alternative access (EEAAP), remediation and mitigation plans.
- Coordinate and align operational practices and compliance requirements through department and campus partnerships, training, and documentation.
- Collaborate with campus IT and functional departments to assess, design, develop and implement controls for compliance of campus systems, applications, devices, workstations, networks, for faculty staff, student, and community environments.
- Participate as a member of the IT change control process to assess changes for compliance.
- Contribute to campus & CSU security, compliance & risk assessments, audits & reports.
Reporting & Communications
- Build and maintains an effective evidence and metrics-based culture to measure program and process effectiveness.
- Provide status reporting to all levels of management
- Maintains a broad knowledge base on the latest information security issues related to job duties.
- Raises security risks to other members of the IT&IP leadership through effective communication about impact, cause and remediation.
- Contributes to the development and maintenance of a security awareness program for the campus community
- Shares knowledge with other IT&IP team members and the campus community through cross-training, presentations, etc.
- Promotes awareness of IT&IP security and compliance working with IT and campus management. Awareness and training program that focuses on the elements of the compliance program, and seeks to ensure that all appropriate employees and management are knowledgeable of, and comply with, pertinent federal and state, and CPP standards
- Demonstrates ongoing and self-motivated pursuit to enhance knowledge and skills (both technical and non-technical) through formal and informal trainings, conferences/events, informal learning plans, professional memberships, etc.
- Serve as a member of the IT&IP Leadership Team and contributes to regularly scheduled management meetings.
- Works in collaboration with other IT&IP leaders on the division's strategic planning initiatives, projects and related assignments.
- Supports and coordinates the campus compliance and review assessments, including campus audits.
- Represents IT&IP in various campus committees and venues, leveraging them as additional input sources for planning and feedback.
- Works with faculty and students on cyber security initiatives and partnerships (grants, faculty initiatives, cyber fair, etc.)
- Bachelor's degree from an accredited college or university in a field of study reasonably related to the position.
- 5+ years of demonstrated experience in information technology, information audit/assurance, or project management
- 3+ years of experience with increasing responsibilities for leading or managing information technology professionals to accomplish department and/or organizational objectives.
- Demonstrated leadership experience working in a position that requires a high-degree of technical operational and service skills with a proven commitment to promoting and maintaining a service-oriented culture.
- 3+ years of experience with information technology risk, compliance (includes accessible technology), security and/or privacy within a large-scale IT organization .
- Ability to quickly and accurately aggregate, analyze, and review large volumes of technical and non-technical information to support simultaneous assessments for audits, compliance, risk analysis, incidents, investigations, etc.
- Ability to analyze complex situations such as personnel, operational, technical or security issues and to develop and work with and through others to implement corrective actions and/or mitigation strategies for university-wide success.
- Ability to interpret and evaluate data and results to develop sound conclusions and make recommendations including new or revised guidelines, procedures, practices, and/or policy.
- Ability to understand problems from a broad, interactive perspective and discern applicable underlying principles to conceive of and develop strategic solutions
- Familiarity with IT audit, compliance or security risk assessment, policy management, or compliance programs
- Familiarity with regulatory requirements, standards, guidelines such as PCI DSS, CLETS/JDIC, HIPAA, GLBA, Red Flag Rule, GDPR, FERPA, OWASP, Section 508 of the Rehabilitation Act, WCAG, WAI-ARIA, etc.
- Familiarity with control frameworks such as MITRE ATT&CK, NIST, COBIT, ISO27001, ITIL
- Ability to manage, maintain and motivate technical and non-technical staff members
- Excellent oral and written communications skills required to communicate to technical and nontechnical audiences including experience preparing and presenting information clearly and concisely to a wide-range of internal, external and customer constituencies, including executives
- Exceptional interpersonal skills coupled with the ability to develops and promotes high-performing teams, partnership, inclusivity, and transparency with others
- High ethical standards and business acumen.
- Master's degree in Instructional Technology, Information Technology, Computer Science, Business Administration, or related discipline.
- 5 years of Management experience in an Information Technology organization in an University environment.
- Experience in a large, complex and diverse public sector information technology organization.
- Demonstrated experience with the full implementation of large-scale projects.
- Relevant IT professional certification such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Program Management Professional (PMP), ITIL Foundations,
- Providing technical support to technical and non-technical users, including involvement in significant projects involving core enterprise-level infrastructure and/or services.
- Experience working in an IT web development, compliance or quality assurance function.
APPOINTMENT AND SALARY
The salary is competitive and includes a comprehensive benefits package. Salary is competitive and commensurate with qualifications and experience. This is a Management Personnel Plan Level II position with an attractive benefits package, which includes a vacation accrual rate of 16 hours per month, an excellent choice of medical, dental, and vision insurance, long term disability coverage, life insurance and retirement benefits.
CSU requires faculty, staff, and students who physically access campus facilities or programs to be fully vaccinated against COVID-19, which includes obtaining a COVID-19 booster dose, or declare a medical or religious exemption from doing so. Any candidates advanced in a currently open search process should be prepared to comply with this requirement. See policy at https://calstate.policystat.com/policy/11030468/latest.
Out of State Work
The California State University (CSU) system is a network of twenty-three public universities providing access to a quality education through the support of California taxpayers. Part of CSU's mission is to prepare educated, responsible individuals to contribute to California's schools, economy, culture, and future. As an agency of the State of California, the CSU's business operations almost exclusively reside within California. The CSU Out-of-State Employment Policy prohibits hiring employees to perform CSU-related work outside California. See policy at https://calstate.policystat.com/v2/policy/10899725/latest/.
Cal Poly Pomona will make a conditional offer of employment, pending the satisfactory completion of a background check (including a criminal records check). The conditional offer of employment may be rescinded if the background check reveals disqualifying information, and/or it is discovered that the candidate knowingly withheld or falsified information. In determining the suitability of the candidate for the position, Cal Poly Pomona will give an individualized assessment to any criminal conviction history, considering such factors as the nature, gravity and recency of the conviction, the candidate's conduct, performance or rehabilitation efforts since the conviction and the nature of the job applied for. See policy at https://www.cpp.edu/eoda/employee-labor//documents/employment-policies/hr2017-17.pdf.
Cal Poly Pomona hires only individuals lawfully authorized to work in the United States. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire. See Form I-9 Acceptable Documents at https://www.uscis.gov/i-9-central/form-i-9-acceptable-documents.
Outside Employment Disclosure
Prospective Executive and Management Plan Personnel employees must disclose all current outside employment at the time of hire as a precondition of hire and at the following times after hire: annually in July, within 30 days of accepting outside employment, and upon their manager's request. See policy at https://www.cpp.edu/eoda/employee-labor//documents/employment-policies/hr2016-06.pdf.
Child Abuse/Neglect Reporting Act (CANRA)
The person holding this position is considered a 'mandated reporter' under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 as a condition of employment. See policy at https://calstate.policystat.com/v2/policy/10927154/latest/.
Cal Poly Pomona is a smoke and tobacco-free campus. See policy at https://calstate.policystat.com/policy/6591951/latest/.
In compliance with state and federal crime awareness and campus security legislation, including The Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act, California Education Code section 67380, and the Higher Education Opportunity Act (HEOA), the Cal Poly Pomona Annual Security and Fire Safety Report is available at: https://www.cpp.edu/campus-safety-plan.shtml.
We provide reasonable accommodations to applicants and employees with disabilities. Applicants with questions about access or requiring a reasonable accommodation for any part of the application or hiring process should contact the ADA Coordinator by email at ADACoordinator@cpp.edu. More information is available at: https://www.cpp.edu/eoda/employee-labor//access-accommodations/index.shtml.
Cal Poly Pomona is an Equal Opportunity, Affirmative Action Employer. The university subscribes to the pay transparency nondiscrimination provision and all state and federal regulations that prohibit discrimination based on race, color, religion, national origin, sex, gender identity/gender expression, sexual orientation, marital status, pregnancy, age, disability, genetic information, medical condition, and covered veteran status. More information is available at: https://www.dol.gov/sites/dolgov/files/OFCCP/pdf/pay-transp_%20English_formattedESQA508c.pdf and at https://www.cpp.edu/eoda/employee-labor/documents/aa-eeo-doc/policy-statement_2022-aap-for-california-state-polytechnic-university-pomona_confidential_20220127.pdf.
Advertised: September 20, 2022 (9:00 AM) Pacific Daylight Time
Applications close: Open Until Filled
To apply, visit https://careers.pageuppeople.com/873/po/en-us/job/519205/director-information-digital-compliance
Copyright 2022 Jobelephant.com Inc. All rights reserved.
Posted by the FREE value-added recruitment advertising agency