FACULTY ONLY Tenure Track or Term:
The University of Tampa has a position available for Chief Information Security Officer who will report to the President. This position will provide Information Security leadership and vision through the continued development and implementation of The University of Tampa's information security program designed to promote UT information systems reliability and accessibility while protecting and defending against unauthorized access to systems, networks, and data. Sponsor the University's aggregate view of information security Governance, Risk Management and Compliance in close coordination with the Vice President for Information Technology.
1. Information Security Program Leadership
--Lead the planning, development, implementation, governance oversight, assessment, monitoring and reporting of The University of Tampa's comprehensive information security program across all functions of the institution.
--Provide expert analysis and advice on information security issues and concerns to University leadership.
--Serve as the University information security liaison with federal, state, local, and professional organizations.
--Research and assess evolving information security capabilities for protecting University information and systems.
--Prepare and manage an annual information security budget.
--Coordinate information security vendors, contractors and contracts.
2. Information Security Policies, Practices and Compliance
--Champion the University's information security planning, architecture, policies, and standards.
--Monitor institutional information security procedures and institute best practices in accordance with the regulatory environment created by Sarbanes-Oxley, Gramm-Leach-Bliley, HIPAA, FEFPA, PCI and others, as appropriate for institutions of higher education.
--Establish and measure effectiveness of annual goals and objectives to enhance the information security practices of the University.
--Review and evaluate information security threats and institute safeguards.
--Orchestrate annual review/update of information security policies and practices.
--Participate in change management process governance.
3. Assessment and Remediation
--Conduct annual information security compliance reviews and vulnerability assessments.
--Perform risk management and assessment in compliance with nationally recognized standards.
--Report risk assessment posture, collaborate prioritization and coordinate remediation processes.
4. Information Security Training
--Mentor and provide expert advice to the campus community concerning issues and procedures for protecting confidential information, information technology resources, preventing the exploitation of security threats, and maintaining regulatory compliance.
--Collaborate with the campus community continued development and implementation of university information security policies and practices.
--Devise strategies to motivate and inspire the campus community to follow suggested information security recommendations.
--Organize regular, campus-wide information security awareness and training.
5. Incident Response Management
--Provide leadership in the development and operation of the University information security incident investigation and response.
--Coordinate incident forensics analysis, as required.
1. Baccalaureate degree.
2. Eight + years experience in developing information security plans, policies, guidelines and procedures, governing incident response programs, coordinating compliance with legislative requirements, performing risk definition, analyses and audits, and determining threats and vulnerabilities coupled with mitigation techniques and strategies.
3. Eight + years knowledge of information technology networking protocols and equipment such as switches and routers, Windows, and Unix operating systems, enterprise mail systems such as Exchange, wireless devices and standards, system administration practices and application of security configurations.
4. Five + years experience evaluating, deploying and maintaining centrally managed security solutions such as intrusion detection and prevention systems, antivirus, and firewalls protecting campus network edge, critical servers, applications, databases and desktops.
5. Five + years experience in conducting security reviews and risk assessments involving the use of scanning tools, information gathering techniques, ability to assess risks and vulnerabilities based on operating procedures, and state of utilized security hardware and software.
6. Five + years skills and ability conducting presentations on security topics to a variety of audiences, developing written reports, analyses of research conducted, drawing comparisons between various security solutions or strategies, and building consensus.
7. Three + years skills and ability evaluating external security solutions vendors/providers offerings, negotiating price, to effectively determine if services or solutions are a good fit.
8. Two + years knowledge in audit preparation, ISO 27001 compliance and certification, and any additional regulatory and policy compliance requirements such as PCI, HIPAA, GLBA, and FTC Red Flags.
9. Required to be "on call" 24 x 7 for critical information security events and incident handling.
1. Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification.
2. Degree in CIS/MIS, and/or business management.
3. Certified Information Systems Auditor (CISA) certification.
4. Information technology certification such as MCSE, CCNA, CCNP, etc.
5. Experience in a university environment securing information technology resources.
6. Experience in penetration testing and conducting vulnerability assessments.
7. Experience in forensics analyses and preservation of evidence.
This description is intended to be generic in nature. It is not to determine specific duties and responsibilities for any particular position. Essential functions and overtime eligibility may vary based on the specific task assigned to the position.
Special Instructions to Applicants:
Applicant should be prepared to attach a cover letter and resume.
Required Background Checks for Selected Candidate
Criminal & Pre-Employment Credit
Open Until Filled
Application Types Accepted
Quicklink for Posting
University of Tampa - 16 months ago