Director Information Security
Apply now Job no: 516375
Classification:Information Systems Manager 4
Work type: Staff Full-time
Administrative Unit:University of Alaska Statewide
School/Business unit:SW Office of Chief Security Officer
Categories: Executive/Director/Management, Information Systems/Technology
The University of Alaska seeks a dynamic, engaging and knowledgeable information security professional to lead its information security program.
Reporting to the University of Alaska Chief Information Technology Officer (CITO), the Director of Information Security will be responsible for institution-wide information security and compliance in support of the University's teaching, research and administrative missions. This involves collaborating with the Chief Information Officers (CIOs) at the University of Alaska Anchorage (UAA), University of Alaska Fairbanks (UAF) and University of Alaska Southeast (UAS) on system wide security initiatives that support the University’s highly distributed IT environment.
The Director of Information Security works closely with University leadership, legal and compliance teams, information technology partners, health care entities, and faculty to understand information uses and guide balanced security measures that respect the diverse needs of faculty, staff, students, and patients. Responsibilities include serving as the University’s HIPAA Security Officer.
This position leads development of the University’s information security strategy, policies, and practices. The successful candidate will demonstrate a distinguished track record of understanding and attention to the application of information security in a world-class institution of teaching, learning, clinical care, and research.
The position requires a combination of strategic leadership, relationship building skills, broad technical knowledge and subject-matter expertise in areas such as security threats, risk management, and identity and access management. This position leads outreach, communication and education efforts to raise system-wide awareness of information security risks and mitigations.
10 Overall direction:
This position provides leadership regarding implementation and enforcement of information technology security for UA; ensures the UA-wide policies, programs and principles are implemented, measured, and improved for organizational effectiveness. Consult with UA's legal counsel, audit, student records, campus police, procurement, faculty and other high-level administrators regarding the design, development, implementation and operation of an integrated secure environment for networked computing to support instruction, research and administrative functions of the university.
Operates under the direction and strategic oversight from the office of the system wide Chief Information Technology Officer. Works closely with operational security staff, exercising leadership regarding the implementation and enforcement of IT security standards, including the review of relevant policies and procedures in the context of campus-wide standards; assist personnel with implementing IT security standards; ensure enforcement of security of UA online systems and services in accordance with all applicable legal, UA policy and regulations including coordination with campus security constituents. Responsible for educating, advising and training designated staff on the policies and procedures that should be in place to ensure the overall security, policy implementation and technical oversight of the University of Alaska IT Security Program.
Coordinates with IT leadership and provides direction as necessary in response to security incidents and implementation of policy to support the security objectives of the enterprise. Essential
25 Manage staff and functions of the Security and IAM Teams who support and implement essential University wide applications and systems that augment the security of enterprise and non enterprise applications. The Director of Information Security is also responsible for overseeing the University's Records and Information Management Program and the University’s Data Privacy and Compliance Office.
Professional development - Interact with counterparts at other large universities and read professional journals and magazines. Present papers at national conventions. Maintain close interaction with IT and security staff at other institutions and in other industry sectors. Essential
65 Provide strategic direction of IT Security at University of Alaska:
Develop, implement and manage the overall processes, policies, standards and guidelines for informational resource risk management and associated architecture. Ensure that UA security is addressed in future IT implementations (architectures).
Develop and implement information security rules, in coordination with UA CITO, pertaining to procedures, and practices complying with state/federal laws pertaining to information privacy and security; and complying with University of Alaska Board of Regents policies and regulations pertaining to information resources.
Assist internal audit department in the development of appropriate criteria needed to assess the compliance of security standards by new and existing personnel, applications, IT infrastructure and physical facilities. Recommend improvements to security incident reports and remediation follow through.
Assist procurement to insure new purchases integrate into UA security infrastructure.
Research and Development of Security Technologies - Lead research and fiscal analysis on the best methods for meeting information technology security needs. Recommend improved methods and technologies to manage the security infrastructure and to become more efficient and effective.
Participate on committees and councils establishing positions and policies on information technology at UA, campus, system, state and national levels.
Implement IT security policy throughout the system's life-cycle by developing and maintaining the UA-wide information assurance program, its information security policies, procedures and control techniques through an understanding and evaluation of system architecture IT management, operations and technical practices. Lead periodic evaluations of the program to ensure that the program adequately addresses operational or environmental changes.
Provide oversight and enforcement of security directives, orders, standards, plans and procedures.
Ensure that a system for issuing, protecting, changing, and revoking passwords is implemented and maintained as described in the Security Requirements document.
Provide appropriate labeling guidance to personnel for documents/files that identify or describe critical security functions or parameters.
Provide training on security practices and procedures. Essential
Knowledge of management practices and principles relating to computer and telecommunications security and threats.
Experience in developing system security plans, performing risk analyses, conducting security test and evaluations, and developing and testing contingency plans. Expertise in the strengths, weaknesses, and use of a wide range of security technologies and operating systems is required. Expert knowledge in a higher education setting about network protocols, information technology security and firewalls, encryption, authorization and authentication technologies. A practiced understanding of the Security Domains of Certified Information Systems Security Professional (CISSP) or other comparable certifications. Also federal, state and regulatory laws and standards for securing systems. For example, NIST Special Publications, ISO 27000, or the Payment Card Industry-Data Security Standard. A professional demeanor with excellent interpersonal, communication, leadership, and presentation skills are required with a high degree of energy, initiative, and organizational ability. Excellent communication skills orally and in writing to persuade, motivate, mentor and express conclusions in a clear, technically sound manner. Influence and drive decisions and directions based on technical expertise. Demonstrated outstanding leadership and project management skills including facilitating diverse groups of individuals to collaboratively achieve consensus. Demonstrated experience in information privacy standards and practices and requirements including HIPAA, FERPA, PCI, SOX, GLBA, etc.
Five years of experience demonstrating expertise in IT security.
Seven years of relevant experience in a focused range of computer oriented disciplines: technical analysis, technical documentation, system administration of various operating systems. Five years supervisory experience. Information resource security skills combined with familiarity with IT language and issues; IT security background, experience in business management and professional expertise in information resource security and law. Broad expertise in using public key infrastructure, firewalls, encryption techniques, virus detection and intrusion detection systems. Experience that demonstrates incumbent proficient in system design, installation, testing the life cycle of a computer system in a broad scale environment. Experience in developing system security plans, performing risk analyses, conducting security test and evaluations, and developing and testing contingency plans. Travel required. Strong technical background.
REQUIRED EDUCATION OR TRAINING:
Certified Information Systems Security Professional Certification is required. If the successful applicant does not have a current CISSP they will be required to obtain CISSP certification within one year of hire.
Bachelor’s degree is required, degree in a computer discipline is preferred. Advanced degree is desired.
To ensure consideration, please apply prior to February 28th by 11:55pm Alaska Standard Time with all required application materials.
Reasonable Accommodation Statement:
The University of Alaska (UA) is responsible for providing reasonable accommodations to individuals with disabilities throughout the applicant screening process. If you need assistance in completing this application or during any phase of the interview process, please contact UA Human Resources by phone at 907-450-8200.
Affirmative Action Statement:
UA is an AA/EO employer and educational institution and prohibits illegal discrimination against any individual:
The successful applicant is required to complete a background check. Any offer of employment is contingent on the background check.
Pursuant to University Regulation 04.07.020, new employees of the University are employed in an at-will probationary status for the first six months of employment. During the probationary period, employment may be terminated for no reason or any reason. Promoted employees also serve a probationary period with limited rights of retreat.
Public Disclosure Statement:
Your application for employment with the University of Alaska is subject to public disclosure under the Alaska Public Records Act.
University of Alaska is a Drug-Free Workplace.
University of Alaska campuses are Tobacco-Free.
It is the policy of the University of Alaska (UA) that all employees are required to complete training to meet the requirements of the positions they hold, and to complete the required training within a specified period to remain employed at the UA.
If you have any questions regarding this position, please contact University of Alaska HR at 907-450-8200.
Advertised: Alaskan Standard Time 12 Feb 2021
Back to search results Apply now Refer a friend