Serves as the process owner for ongoing activities that serve to provide appropriate access to and protect the confidentiality, integrity and availability of electronic information in compliance with law, regulations, policies and standards at the University of Florida. Responsible for coordinating the execution of the University of Florida information security program working with the members of the University of Florida Information Security Leadership, and appropriate offices and committees, to foster the developmental and operational elements needed to assure appropriate information security throughout the University of Florida.
Execution of the University of Florida Information Security Governance framework with includes, but is not limited to:
-Establishing and maintaining an accurate inventory of data and systems
-Execution of the risk management process concluding with risk assessments for all systems
-Establishing and maintaining a non-technical monitoring program including measures of compliance and effectiveness for administrative processes as well as technical controls related to information security
-Establishing and maintaining information security training and awareness programs
-Serve as the internal information security consultant
-Work closely with the Privacy Office to ensure the information security environment supports the privacy policies
-Work closely with the University of Florida Information Security Leadership to ensure the information security environment is well coordinated throughout the University of Florida
-Establish and maintain a set of Information Security Managers (ISMs) and Information Security Administrators (ISAs) and work through them to effect appropriate security measures.
-Report periodically to the University of Florida Information Security Officer ( ISO ) about status with regard to information security.
-Report periodically to the appropriate senior leadership and committees with oversight of compliance.
-Report periodically to senior leadership on the performance of the Information Security Managers (ISMs) and Information Security Administrators (ISAs) in their security role, in a manner that is suitable for usage in an employee performance evaluation
-Define the metrics goals and objectives for the engagement area
-Decide with metrics to generate and develop the strategies for generating the metrics
-Establish benchmark and targets and determine how metrics will be reported
Other duties or tasks may be assigned on an as-needed basis.
A bachelor’s degree in an appropriate area of specialization and four years of appropriate experience. Appropriate college coursework may substitute at an equivalent rate for the required experience.
Minimum of 10 years of combined IT and security experience with a broad range of exposure to data, networks, systems and web applications preferred. Advanced level knowledge of security issues, techniques and implications across all existing computer platforms preferred. Advanced level knowledge of client/server, network topology, network/infrastructure security, network operating systems, web technologies, and e-commerce operations preferred. Advanced level knowledge of IT auditing and risk management preferred. Advanced level problem solving skills as well as teamwork and communication skills including speaking and writing skills preferred.
Possesses and applies a broad knowledge of principles of a particular field of specialization. Also possesses knowledge of related fields and areas of operation which affect, or are affected by, own area. Requires advanced level knowledge of security standards, applicable laws, and regulations ( NIST , HIPAA , HITECH , PCI , FERPA , Florida Statutes). Requires advanced level oral and written communication skills. Requires advanced level analytical, problem-solving, interpersonal, verbal and written communication skills. Requires advanced level leadership, team building, conflict resolution, strategic planning and management, and IT project management skills.
Health Assessment Required:
Special instructions to applicants: