Chief Information Security Officer

Apply now Job no: 506601
Classification:Information Systems Professional 6A
Grade:Grade 83
Work type:Staff Full-time
Administrative Unit:University of Alaska Statewide
School/Business unit:OIT Technology Oversight Services
Location: Fairbanks
Categories: Information Systems/Technology

Position Summary:

The University of Alaska's Office of Information Technology (OIT) seeks a dynamic, engaging and knowledgeable security professional to lead its information security program.

Duties:

10Overall direction: This position provides leadership regarding implementation and enforcement of information technology security for UA; ensures the UA-wide policies, programs and principles are implemented, measured, and improved for organizational effectiveness. Consult with UA''s legal counsel, audit, student records, campus police, procurement, faculty and other high-level administrators regarding the design, development, implementation and operation of an integrated secure environment for networked computing to support instruction, research and administrative functions of the university. Operates under the direction and strategic oversight from the office of the system wide Chief Information Technology Officer. Works closely with operational security staff, exercising leadership regarding the implementation and enforcement of IT security standards, including the review of relevant policies and procedures in the context of campus-wide standards; assist personnel with implementing IT security standards; ensure enforcement of security of UA online systems and services in accordance with all applicable legal, UA policy and regulations including coordination with campus security constituents. Responsible for educating, advising and training designated staff on the policies and procedures that should be in place to ensure the overall security, policy implementation and technical oversight of the University of Alaska IT Security Program.Essential
25Supervise staff and functions for Security as well as Identity and Access Management to support and implement university wide applications and systems. Recommend strategies and architectures for new solutions for these areas to senior executives. Professional development - Interact with counterparts at other large universities and read professional journals and magazines. Present papers at national conventions. Maintain close interaction with IT and security staff at other institutions and in other industry sectors.Essential
65Provide strategic direction of IT Security at University of Alaska: Develop, implement and manage the overall processes, policies, standards and guidelines for informational resource risk management and associated architecture. Ensure that UA security is addressed in future IT implementations (architectures). Develop and implement information security rules, in coordination with Technology Oversight Services Director, pertaining to procedures, and practices complying with state/federal laws pertaining to information privacy and security; and complying with University of Alaska Board of Regents policies and regulations pertaining to information resources. Assist internal audit department in the development of appropriate criteria needed to assess the compliance of security standards by new and existing personnel, applications, IT infrastructure and physical facilities. Recommend improvements to security incident reports and remediation follow through. Assist procurement to insure new purchases integrate into UA security infrastructure. Research and Development of Security Technologies - Lead research and fiscal analysis on the best methods for meeting information technology security needs. Recommend improved methods and technologies to manage the security infrastructure and to become more efficient and effective. Participate on committees and councils establishing positions and policies on information technology at UA, campus, system, state and national levels. Implement IT security policy throughout the system''s life-cycle by developing and maintaining the UA-wide information assurance program, its information security policies, procedures and control techniques through an understanding and evaluation of system architecture IT management, operations and technical practices. Lead periodic evaluations of the program to ensure that the program adequately addresses operational or environmental changes. Provide oversight and enforcement of security directives, orders, standards, plans and procedures. Ensure that a system for issuing, protecting, changing, and revoking passwords is implemented and maintained as described in the Security Requirements document. Provide appropriate labeling guidance to personnel for documents/files that identify or describe critical security functions or parameters. Provide training on security practices and procedures.Essential
The University of Alaska seeks a dynamic, engaging and knowledgeable security professional to lead its information security program. Reporting to the Chief Information Technology Officer, the Chief Information Security Officer (CISO) will be responsible for institution-wide information security and compliance in support of the University's teaching, research and administrative missions. CISO also acts as the University’s HIPAA Security Officer. The CISO works collaboratively with University leadership, legal and compliance teams, information technology partners, health affairs, clinical practices, and faculty to understand information uses and guide balanced security measures that respect the diverse needs of faculty, staff, students, and patients.

This position leads development of the University’s information security strategy, policies, and practices. The successful candidate will demonstrate a distinguished track record of understanding and attention to the application of information security in a world-class institution of teaching, learning, clinical care, and research.

The position requires a combination of strategic leadership, relationship building skills to develop and implement security programs, broad technical knowledge and subject-matter expertise (threat landscape, security, legal, policy, compliance, and identity and access management). This position leads outreach, communication and education efforts to raise system-wide awareness of information security risk, requirements and solutions; provides strategic and technical guidance and assistance in the design and implementation of appropriate security processes for campus-wide information systems.

 

Special Instructions to Applicants:

An initial Review Date of applications will be August 20, 2017.  To ensure consideration, please apply prior to the review date.

Please submit a cover letter, resume and three (3) professional references.

 

Required Experience:

Five years of experience demonstrating expertise in IT security.

Seven years of relevant experience in a focused range of computer oriented disciplines: technical analysis, technical documentation, system administration of various operating systems.

Five years supervisory experience.

Information resource security skills combined with familiarity with IT language and issues; IT security background, experience in business management and professional expertise in information resource security and law. Broad expertise in using public key infrastructure, firewalls, encryption techniques, virus detection and intrusion detection systems. Experience that demonstrates incumbent proficient in system design, installation, testing the life cycle of a computer system in a broad scale environment.

Experience in developing system security plans, performing risk analyses, conducting security test and evaluations, and developing and testing contingency plans.

Travel required.

Strong technical background.

 

Typical Education or Training:

Certified Information Systems Security Professional (CISSP) certification

Bachelor's degree in a computer discipline is required.

Advanced degree is preferred.

 

Knowledge/Skills/Abilities:

Knowledge of management practices and principles relating to computer and telecommunications security and threats.

Experience in developing system security plans, performing risk analyses, conducting security test and evaluations, and developing and testing contingency plans.

Expertise in the strengths, weaknesses, and use of a wide range of security technologies and operating systems is required. Expert knowledge in a higher education setting about network protocols, information technology security and firewalls, encryption, authorization and authentication technologies.

A practiced understanding of the 10 Domains of Information Systems Security Professional (CISSP) or other comparable certifications. Also federal, state and regulatory laws and standards for securing systems. For example, NIST Special Publications, ISO 27000, or the Payment Card Industry-Data Security Standard.

A professional demeanor with excellent interpersonal, communication, leadership, and presentation skills are required with a high degree of energy, initiative, and organizational ability.

Excellent communication skills orally and in writing to persuade, motivate, mentor and express conclusions in a clear, technically sound manner. Influence and drive decisions and directions based on technical expertise.

Demonstrated outstanding leadership and project management skills including facilitating diverse groups of individuals to collaboratively achieve consensus.

Demonstrated experience in information privacy standards and practices and requirements including HIPAA, FERPA, PCI, SOX, GLBA, etc.

 

Background Check:

The successful applicant is required to complete a background check.  Any offer of employment is contingent on the background check.

Probationary Period:

Pursuant to University Regulation 04.07.020, new employees of the University are employed in an at-will probationary status for the first six months of employment.   During the probationary period, employment may be terminated for no reason or any reason.  Promoted employees also serve a probationary period with limited rights of retreat.

Training Policy:

It is the policy of the University of Alaska Fairbanks that all employees are required to attend training to meet the requirements of the positions they hold, and to complete the required training within a specified period of time to remain employed at UAF.  The policy can be located at:  http://www.uaf.edu/chancellor/policy/04.07.010/

Tobacco-Free Campus:

UAF Campus is a tobacco free campus.  For more information, please go to: http://www.uaf.edu/tobaccofreecampus/

Advertised: Alaskan Daylight Time
Applications close:

Back to search results Apply now Refer a friend

Share this: | More

Join a job pool or contact Human Resources

Hiring units such as departments, may wish to establish a pool of individuals who are qualified for positions. These pools are ongoing, meaning they do not have closing dates and accept applications on an ongoing basis.



University of Alaska Anchorage

Join Our Job Pool

University of Alaska Fairbanks

Join Our Job Pool

University of Alaska Southeast

Join Our Job Pool

University of Alaska System

Join Our Job Pool