Associate Vice President for Information Security/CISO
Department: OIT - Security Campus: Stockton Posting Number: 201301643P Full or Part Time: Full Time Number of Months: 12 Work Schedule: Work performed during standard business hours, additional work hours may be required to meet business needs and deadlines. Travel expected for purpose of meeting with clients, stakeholders or training. Open Date: 04/24/2019 Open Until Filled: Yes Special Instructions to Applicants: For first consideration please apply before May 29, 2019.
Primary Purpose Reporting to the Vice President of Technology and Chief Information Officer, the Associate Vice President for Information Security provides strategic and policy leadership in the implementation and management of the university Information Technology (IT) Security program. Provides ongoing direction for developing, deploying, maintaining, operating, educating on, and evolving the University's IT security architecture, controls, standards, processes and procedures.
Serves as the Pacific Technology Chief Information Security Officer (CISO) supporting the Vice President/CIO and executive leadership team on matters of information security.
Provides technical leadership and non-technical leadership, including education, to ensure and increase university information security awareness.
Provides leadership in establishing University information security architecture, controls, standards, policies, processes and procedures.
Develop an information security vision and strategy that is aligned to the university's priorities and enables and facilitates the institution's business objectives, and ensure senior stakeholder buy-in and mandate.
Create a risk-based process for the assessment and mitigation of any information security risk in the university's ecosystem.
Provides academic and business units with information security risk assessments and provides or assists with the development and deployment of protective measures.
Work with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
Collaborate and liaise with the compliance officer(s) to ensure that data privacy and compliance requirements are enforced where applicable.
Oversees the monitoring of University-wide security tools and investigates breaches of security controls, taking action according to University established process and procedure.
Ensures that disaster recovery and business resumption plans exist in alignment with the business (i.e. Business Impact Analysis, Business Continuity, etc.) regulatory requirements (i.e. Health Insurance Insurance Portability and Accountability Act, Family Educational Rights and Privacy Act, etc.).
Works with the CIO, appropriate IT committees, regents, university executives, Deans and top administrators in administrative departments and divisions to ascertain University information security priorities. Works with the Pacific Technology budget office on funding for identified priorities.
Directs multiple complex information security development projects, information identity and access management processes, and manages information security systems so that the day-to-day IT functions of the University supporting teaching, learning, scholarship and administration can work securely.
Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
Create and manage a targeted information security awareness training program for all students, faculty and staff and establish metrics to measure the effectiveness of this security training program for the different audiences.
Understand and interact with university regents, administrative and academic units through committees to ensure the development of and consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
Certifications such as CISSP (Certified Information System Security Professional), CISM (ISACA Certified Information Security Manager) or CISA (ISACA Certified Information Security Auditor) are preferred.
Experience working in an IT department at higher education institutions preferred.
Skills/Knowledge and Expertise:
Proven and extensive experience in planning, organizing, developing and implementing IT security strategies and related initiatives.
Should have strong leadership, management and team building skills.
Proficiency in IT security management, industry best practices and standards.
Proven ability to identify, prioritize and communicate impact of IT security initiatives.
Substantial knowledge and exposure in developing and testing business continuity and disaster recovery plans.
Considerable experience in and knowledge of IT security auditing.
Proven ability to measure, monitor and report on the success of IT security related initiatives.
Understanding of effective IT security system and network architectures, concepts, techniques and tools.
Understanding and experience managing network and system security components such as firewalls and intrusion detection/prevention systems.
In depth knowledge of applicable IT security related laws and regulations.
Substantial exposure to the operation of institution wide networks, systems and applications.
Proven ability to work effectively in a coordinating role across multiple constituencies to achieve tactical and strategic goals.
Proven ability to direct the development and implementation of short-and-long-term cohesive IT security strategies.
Ability to work effectively with administrators, faculty and staff.
Excellent oral and written communication skills.
Self-motivated and self-directed/driven.
Excellent analytical, evaluative and problem solving capabilities.
Positive attitude, proven ability to work successfully with diverse populations and demonstrated commitment to promote and enhance diversity and inclusion.
Physical Requirements The physical demands described here are representative but not definitive of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Requires extended periods of sitting and repetitive hand/wrist motion while using computer keyboard and phone. Occasional standing, walking, climbing stairs, bending, stooping and reaching. Occasional lifting up to 40 pounds.
Work Environment/Work Week/Travel: Work is primarily performed in a standard office environment with use of computer and phone. Exposure to noise, warmer and cooler temperatures when working in closets, data centers or construction environments. Work performed during standard business hours, additional work hours may be required to meet business needs and deadlines. Travel expected for purpose of meeting with clients, stakeholders or training.
Valid driver's license required. Incumbent must also be able to meet the University's fleet rules and be eligible to drive for University business. The University and its insurance carrier reserve the right to exclude applicants based on their driving record.
Hiring Range Commensurate with experience, exempt
Background Check Statement Applicants who are selected as final possible candidates must pass a criminal background check.
A/EEO Policy Statement University of the Pacific is an affirmative action and equal opportunity employer dedicated to workforce diversity. In compliance with applicable law and its own policy, Pacific is committed to recruiting and retaining a diverse faculty and staff and does not discriminate in its hiring of faculty and staff, or in the provision of its employment benefits to its faculty and staff on the basis of race, color, religion, national origin, ancestry, age, genetic information, sex/gender, marital status, military and veteran status, sexual orientation, medical condition, pregnancy, gender identity, gender expression, or mental or physical disability.