The Information Security Manager perform duties with a high degree of independence and autonomy in decision making, under top management direction and in sync with organizational goals and objectives Responsibilities include, but not limited to:
- Provide leadership in establishing goals and objectives to achieve each year in order to enhance the information security
- Analyze the need for, and then design appropriate policies and procedures, for conducting security reviews--to include risk analyses, compliance reviews, and vulnerability assessments
- Advise the campus community about issues and procedures for protecting confidential information and information technology resources and preventing the exploitation of security threats
- Provide leadership in the development and operation of a campus information security incident investigation and forensics analysis capability. Coordinate the meetings and activities of the organization's Computer Security Incident Response Team (CSIRT)
- Actively research and assess evolving information security capabilities for suitability and applicability to the threat. Coordinate the requirements for security-specific, multi-domain vendor contracts
- Responsible for managing the daily operations and improvements to the organization’s Security Plan.
- Mentor and provide expert advice to campus departments charged with implementing, maintaining and monitoring information security solutions.
- Bachelor's degree and eight years of related experience; or a combination of education and related experience.
Preferred Hiring Qualifications:
- CISSP or CISM certification
- Eight + years of a combination of knowledge and experience in developing information security plans, policies, guidelines and procedures
- Five + years of hands-on experience evaluating, deploying and maintaining centrally managed security solutions
- Five + years of a combination of knowledge and experience in conducting security reviews and risk assessments
- Eight + years of a combination of knowledge and working experience in a broad range of information technology areas
- Five + years of a combination of knowledge and experience conducting targeted presentations on security topics to a variety of audiences, developing written reports, analyses of research conducted, presentations, and point papers drawing comparisons between various security solutions or strategies
- Three + years of experience working with external security solutions vendors and providers
- Two+ years of experience assisting departments in audit preparation, ISO 27001 compliance and certification, and any additional regulatory and policy compliance requirements such as PCI, HIPAA, GLBA, and FTC Red Flags
- Five + years of experience supervising the work of and assigning tasks to subordinate employees, training and mentoring subordinates, developing performance appraisals and job descriptions