Information Security Officer

Description

The Information Security Officer (ISO) is responsible for overall planning, development, implementation, and oversight of the University's information security program. The ISO works collaboratively with the campus community to establish information security programs to include Information security policies, practices and standards. Management of information security team and resources. Developing and managing information security incident response and management, risk assessment, security-related architecture, security awareness and training. Serves as the primary information security liaison to federal, state, local and professional organizations

Examples of Duties

25%

• Information security policy, practices, and standards
• Plan, develop, implement, and oversee the University’s information security program in support of academic and administrative information systems and technology
• Lead the development and work with University leadership to implement effective and reasonable policies and practices
• Collaborate with Office of Technology leadership, Deans, and administrative leaders to maintain and update an IT security risk management program, while building relationships and goodwill

• Information security team and resources
  
• Provide management, leadership, supervision, and accountability of the Information Security team
  
• Mentor Information Security team members and implement professional development plans for all members of the team
  
• Prepare financial forecasts for security operations and maintenance of security assets
  
• Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position

• Information security awareness and training
  
• Communicate information security-related issues to campus on a regular basis
  
• Design and implement education programs focused on user awareness and security compliance

• Information security incident response and management
  
• Develop security incident response plans
  
• Lead the Security Incident Response Team (SIRT) in investigation and resolution of major security incidents

• Information risk assessment and management
  
• Provide leadership, direction and guidance in assessing and evaluating information security risks
  
• Work with internal/external auditors for required security assessments and audits

• Information security-related architecture
  
• Develop, implement and administer technical security standards, security services and tools

• Primary information security liaison to federal, state, local and professional organizations
  
• Lead efforts to internally assess and evaluate the adequacy of the security controls for the University’s information and technology systems to protect against threats and verify compliance with state and federal statutory and regulatory requirements

Typical Qualifications

Education:

• Bachelor’s degree in Computer Information Systems, Management Information Systems, Computer Science, Cybersecurity, or related field. A master’s degree is preferred.
• Education may be substituted for experience or if experience may be substituted for education. Note that equivalencies are based on the following: AA = 2 years experience; BA/BS = 4 years experience; MA/MS = 6 years experience.

• Eight years of progressive management experience in a technology environment with increasing levels of responsibility in a combination of information security and systems/network administration. Experience in a higher education technology environment is preferred.

• Knowledge of risk assessment tools, technologies, and methods
• Experience planning, researching, and developing information security policies, standards, and procedures.
• Experience defining, planning, executing, and managing technology-based projects.
• Knowledge and understanding of relevant legal and regulatory requirements, such as the Gramm-Leach-Bliley Act (GLBA), and the Family Educational Rights and Privacy Act (FERPA).
• Experience with Anti-Malware, Next-Generation Firewalls (NGFW), Web Application Firewalls (WAF), Security Incident Event Management(SIEM), Data Loss Prevention(DLP), intrusion detection (IDS), intrusion prevention(IPS), Domain-based Message Authentication, Reporting, and Conformance (DMARC) penetration testing, and vulnerability assessment tools.
• Advanced knowledge of information security principles, techniques and protocols.
• Experience with PKI and SSL industry best practices.
• Knowledge of cloud security best practices.
• Knowledge of web and application security development best practices.

Supplemental Information

Physical Requirements: Lifting (weight) - 50-75 lbs

Special Instructions:

Full-time benefits-eligible position: Benefits include competitive salary; health, dental, vision, life insurance, AD & D, long-term disability; 3 weeks paid vacation per year; 3 weeks of accrued sick leave per year; 13 paid holidays; retirement; and generous education assistance for an employee, spouse and dependent children taking classes at UCM.

Part-time benefits-eligible positions: Benefits include generous education assistance for the employee.

Temporary, adjunct, student employment, or graduate assistant positions: Benefits are not included.

Completed UCM online application for employment required. Incomplete applications will not be considered.

A review will begin immediately and continue until filled unless indicated otherwise.

NOTE: A background check is required for the selected candidate of all staff, faculty, adjunct, and temporary positions and any job offer is contingent on the results of this check. Student employees and graduate assistants do not require a background check to be conducted prior to employment.

The University of Central Missouri is an Equal Opportunity Employer and specifically invites applications from women, minorities, veteran status, and people with disabilities.

Our faculty and staff are the university’s most valuable asset, and our goal is to provide a robust Total Rewards Program designed to help them maintain a happy, healthy, and productive lifestyle.

Highlights from UCM's total rewards package for full-time employees include:

• 28.75% (staff) and 6% (faculty) defined retirement contribution, paid by the university;

• Voluntary Tax-Sheltered Annuity (TSA) programs (403(b) and 457(b)) that allow eligible employees to make additional pre-tax contributions to a retirement plan;

• Employees can earn up to full tuition (15 credit hours) for themselves per academic year. Full-time employees are also eligible for up to $175 towards non-credit courses each fiscal year. Employees can earn up to full tuition for their dependents;

• Comprehensive medical, dental, and vision plans that begin on the first of the month following your date of hire. Basic dental and vision insurance paid at 100% by the university;

• Available Health and Dependent Flexible Spending Accounts;

• University-paid basic life insurance (including accidental death and dismemberment) and short-term and long-term disability insurance coverage;

• Generous leave accruals that begin accruing on your start date, plus 14 paid holidays per year.

• The UCM Childcare Center on the Warrensburg campus can provide faculty, staff, and students quality care for their children ages six weeks to 10 years.

• The Student Recreation and Wellness Center (SRWC) is free for all employees and is located on the Warrensburg campus.

• An Employee Assistance Program is available to all employees and their immediate family members to help assist with personal challenges you may face in your daily life;

• UCM offers an Employee Discount Program through Working Advantage.