Managing Director & Chief Information Security Officer

Plans and directs the overall operation of a major department (with institutional oversight) and provides leadership for staff members. Meets ORP eligibility requirements. Under executive direction, performs highly varied administrative duties involving the use of independent judgment and professional skills. Responsible for all employees assigned to area.

• Researching and staying abreast of the latest trends in cyber security which may impact the security and safety of information resources and data developed by Texas Tech University Systems institutions.
• In cooperation with leadership at Texas Tech University System and its affiliated institutions, develop applicable system-wide regulations and policies to reflect best practices in cyber security and compliance requirements with applicable federal and state laws. 
• Coordinate with appropriate peer groups, government sponsored entities, and executive management to review, propose, and implement technology-based solutions to improve cyber security.
• Develop standards for designing, testing, and implementing secure operating systems, networks, and databases.
• Perform password auditing, network based and Web application-based vulnerability scanning, virus management, and intrusion detection.
• Conducting risk audits and assessments, providing recommendations for application design and acceptable levels of cyber security.
• Ensure monitoring and analyzing of system access logs and related security event monitoring tool sets for cyber security purposes. 
• Provide security related insight in planning for security backup and system disaster recovery.
• Ensure that required cyber security awareness programs are developed and in place and that applicable users are in compliance with state and federal compliance requirements. 
• Developing and producing regular reporting and advice to executive leadership regarding the current state of cyber security and risk posture of information resources operating within the Texas Tech University System as well as appropriate required related regulatory reporting to various agencies regarding cyber security. 
• Maintaining the security/integrity of the infrastructure, which is a requirement to be hired for, and to continue to the employed in, the position. 
• Establishes and implements strategies that have short to mid-term (1-3 years) impact on business results in alignment with parent/corporate organization objectives. 
• May lead multiple teams of directors/senior managers, and managers either through projects or assigned teams. 
• Develops short to mid-term (1-3 years) plans for optimizing the organization, function, or sub-function and the talent required to executive strategies in job area.

REQUIRED KNOWLEDGE, SKILLS, AND ABILITIES: 

• Knowledge and understanding of relevant legal and regulatory requirements, such as: Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), and Payment Card Industry/Data Security Standard. 
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
• Sound knowledge of business management and a working knowledge of cybersecurity risk management and cybersecurity technologies.
• Up-to-date knowledge of methodologies and trends in both business and IT.

Bachelor's degree required; master's preferred. Seven years progressively responsible management experience required. Education beyond bachelor's level may substitute for required experience on a year-for-year basis.