The University Information Security Officer leads the development and implementation of a security program that leverages collaborations and campus-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risk. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities at the campus level.
The University's information technology environment is highly distributed and diverse, with strong leadership and coordination from Chief Information Officer (CIO) and direct report units. The Information Security Officer is a strong, knowledgeable leader to provide vision, strategy, broad-based planning, and hands-on responsibility to devise strategies and implement IT solutions to minimize the risk of a cyber-attack to the university, working within Federal, State, and industry regulatory guidelines.
Responsibilities: 15% University and Program Leadership Responsible for the strategic leadership of the University's information security program. Provide guidance and counsel to the CIO and key members of the university leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security, while building relationships and goodwill. Work with campus leadership to oversee the formation and operations of a university-wide information security organization that is organized toward a common goal in information security. Promote collaborative, empowered working environments across campus, removing barriers and realizing possibilities. Manage university-wide information security governance processes. Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire university. Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements. Stay abreast of information security issues and regulatory changes affecting higher education. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position. Provide leadership philosophy for the Information Security Office to create a strong bridge between organizations, build respect for the contributions of all and bring groups together to share information and resources and create better decisions, policies and practices for the campus. Manage the Information Security Office team members and implement professional development plans for all members of the team. Create and maintain the information security budget for the University. Represent the university on committees and boards associated with the Universityâ™s System. Perform special projects and other duties as assigned.
40% Policy, Compliance and Audit Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation. Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the University's information and technology systems. Work with the Systemâ™s Internal Audit and outside consultants as appropriate on required security assessments and audits. Coordinate and track all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the university in its best light. Provide guidance, evaluation and advocacy on audit responses. Work with university leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements. Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI, HIPAA, GDPR, CUI, and FISMA.
10% Outreach/Awareness, Security Education and Training Work with IT leaders, technical experts, deans and administrative leaders across campus on a wide variety of security issues that require an in-depth understanding of the IT environment in their units. Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities. Work with campus groups such as Network Managers, Information Security Liaisons and technical organizations such as University Information Technology Services to build awareness and a sense of common purpose around security. Pursue student security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program.
25% Risk Management and Incident Response Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise. Convene Ad Hoc Security Committee as appropriate and provide leadership for breach response and notification actions for the University. Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk. Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies. Examine impacts of new technologies on the University's overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
10% Accessibility of Information Resources Develops, implements and maintains the process for how a product or service conforms to the Section 508 Accessibilities Standards for Electronic and Information Technology.
Required Education and Experience:
Bachelorsâ™ degree from an accredited college or university or an equivalent combination of education and experience. 8 years of related experience in information technology including a minimum of 3 years in the information security field. Experience in project planning and management. Experience with evolving information security technologies and approaches.
Required Skills, Knowledge and Abilities:
Excellent interpersonal and communication skills presenting complex security concepts to a variety of audiences or groups (e.g. end-users, security peers, executive-level briefings) to ensure understanding. Excellent written communications skills (demonstrated). Proven team leadership and management skills. Ability to multitask and work cooperatively with others. Ability to research, interpret and analyze regulations and their impact to information technology. Willingness and ability to provide off-hours support.
Master's degree from an accredited college or university. Minimum 2 years of supervisory experience including, but not limited to, supervising the professional security staff, evaluating performance and providing appropriate feedback and training for staff development, creating and maintaining the budget for security. More than 3 years of experience in information security. Previous role as an Information Security Officer. Experience working in Higher Education. Experience with SaaS, IaaS, and/or PaaS; identity and access management solutions; IDS/IPS and firewalls; SAML, SSO, or authentication protocols.
Information security policy/compliance experience such as but not limited to PCI, HIPAA or FISMA. Preferred certifications: GIAC/GSEC, CISM, CISSP.
Other Requirements: This is security-sensitive position- The individual in this position will be required to access the Criminal Justice Information System; As a condition of employment the individual will be required to pass a Criminal Justice Information System Fingerprint Background Check.
Internal Number: R-008848
About Tarleton State University
With its main campus in Stephenville, an hour southwest of Fort Worth, Tarleton State University offers the value of a Texas A&M University System degree with its own brand of personal attention, individual opportunities, history, tradition and community. Tarleton is a vibrant learning community with nearly 100 undergraduate and graduate degrees, as well as a doctorate in education, within five colleges—Agricultural and Environmental Sciences, Business Administration, Education, Liberal and Fine Arts, and Science and Technology. Tarleton’s research centers include the renowned Texas Institute for Applied Environmental Research and the Southwest Regional Dairy Center. Recent additions to the Stephenville campus consist of a state of the art Nursing Building, and a new $25 million living and learning residence hall for 500 students. Tarleton has extended the reach of state-supported, affordable education by expanding online undergraduate and graduate programs with classes in Waco, Midlothian and the Southwest Metroplex Center in Fort Worth. Tarleton offers a traditional, residential college experience with a lively campus atmosphere, intercollegiate athletics, dozens of student or...ganizations and cultural attractions. Students benefit from the personal attention, warmth and faculty interaction found at smaller, liberal arts institutions.
* Please note job openings are updated on a weekly basis *