Hiring Range: Salary is commensurate with Education and Experience
JOB SUMMARY/ESSENTIAL JOB FUNCTIONS: Under the direction of the Vice Chancellor/CIO, this position provides leadership and oversight for the strategic planning, execution, and assessment of all UTHSC information security. Summarily, responsible for directing the establishment of information security programs, such as information security practices and standards, security operations, information security awareness and training, information security response, management of risk assessment, and vulnerability remediation.
DUTIES AND RESPONSIBILITIES:
Provides strategic leadership and oversight of the UTHSC information security program with the goal of effectively managing the UTHSC information security risk.
Oversees strategic planning, execution, and assessment of all UTHSC information security strategies, architecture, policies, procedures, guiding governance, and practices.
Provides guidance and counsel to the CIO and key members of UTHSC leadership team. Works closely with administration, academic leaders, and the UTHSC community. Defines objectives for information security while building relationships and goodwill.
Directs the establishment of information security practices and standards; information security awareness and training; information security response; management risk assessment; and management of information security.
Keeps abreast of developing threats. Presents, communicates, and updates leadership on the formal findings of developing threats and risk assessments. Proposes strategic plans and roadmaps to address the risks, commensurate with the UTHSC risk tolerance.
Plans, guides, hires, defines competencies, and judges performance objectives for the IT security team.
Identifies the training needs of the IT Security personnel and coordinates professional development opportunities for the team. Establishes processes to ensure that all users receive appropriate information security training to perform duties along with periodic information security awareness training. Serves as the University champion to promote information security disciplines.
Collaborates with peers on IT leadership team to influence IT strategic direction and to shape solutions developed to protect University assets, people, data, systems, and intellectual property.
Maintains an awareness of existing and proposed federal and state law, UTHSC security policies and regulations, industry practices, and standards pertaining to information security.
Identifies regulatory change(s) that will affect information security policies, standards, and procedures. Manages and mediates information security incidents. Establishes appropriate scorecards to measure and deliver on the effectiveness of the security function.
Develops procedures to handle routine and crisis situations, including operational, day-to-day incident response activities, as well as unique critical emergencies.
Organizes a task force when necessary and acts as technical lead in investigations. Works with campus security, safety personnel, and law enforcement agencies to investigate security breaches.
EXPERIENCE: Eight (8) years of experience in an IT security leadership capacity to equal fifteen (15) years. Experience implementing IT security standards and working with other senior leadership colleagues is required. (Master's Degree preferred). (Certified Information Systems Security Professional (CISSP) or Chief Information Security Officer (CISO) preferred).
KNOWLEDGE, SKILLS, AND ABILITIES:
Knowledge of IT security standards and frameworks such as National Institute of Standards and Technology Cyber Security Framework (NIST), ISO, NZISM, COBIT, etc.
Ability to work effectively with faculty, staff, and students from a variety of diverse backgrounds.
Demonstrated problem-solving skills.
Ability to adapt within a rapidly changing technical environment.
Excellent verbal and written communication skills, including the ability to explain technical concepts to audiences with a wide range of technical skills.
Ability to work independently, as well as in a team-oriented, collaborative environment.
Skills with developing and providing an information security awareness and training program.
Ability to develop and maintain information security policies.
Knowledge of information security related issues involving identity and access management, intrusion detection, forensics, incident management, risk management and/or auditing.
Ability to maintain trust and to secure sensitive and confidential information.
Ability to exercise a high level of judgment, prudence, discretion, and integrity.
Knowledge of privacy and security methods and tools, plus a high level of thoroughness and good judgment.
WORK SCHEDULE: This position may occasionally be required to work evenings and weekends. May require occasional overnight travel.
An official transcript or documentation to verify education must be submitted in a sealed envelope to the Human Resources Department prior to first day of employment if selected for a position.
Primary Location: US-Tennessee-Memphis
Organization: Information Technology Services
Additional Salary Information: Hiring Range: Salary is commensurate with Education and Experience
Internal Number: 19000001M5
About University of Tennessee Health Science Center
All qualified applicants will receive equal consideration for employment and admissions without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity, age, physical or mental disability, or covered veteran status.
Eligibility and other terms and conditions of employment benefits at The University of Tennessee are governed by laws and regulations of the State of Tennessee, and this non-discrimination statement is intended to be consistent with those laws and regulations.
In accordance with the requirements of Title VI of the Civil Rights Act of 1964, Title IX of the Education Amendments of 1972, Section 504 of the Rehabilitation Act of 1973, and the Americans with Disabilities Act of 1990, The University of Tennessee affirmatively states that it does not discriminate on the basis of race, sex, or disability in its education programs and activities, and this policy extends to employment by the University.
Inquiries and charges of violation of Title VI (race, color, national origin), Title IX (sex), Section 504 (disability), ADA (disability), Age Discrimination in Employment Act (age), sexual orientation, or v...eteran status should be directed to the Office of Equity and Diversity (OED), 910 Madison Avenue, Suite 826, Memphis, Tennessee 38163, telephone at 901-448-2133 or 901-448-7382 (V/TTY available). Requests for accommodation of a disability should be directed to the ADA Coordinator at the Office of Equity and Diversity.