The Information Security Officer (ISO) reports to the Chief Information Officer and the Deputy Chief Information Officer. The ISO will lead Bentley's efforts to ensure that it protects the information it collects, maintains, and distributes, electronically or otherwise. The ISO has the responsibility to ensure that appropriate policies, standards, procedures and protections are in place for IT infrastructure (including servers, databases, personal computers, 3rd party hosted services, and mobile devices), and Software as a Service (SaaS) and Cloud hosted applications. The ISO will be responsible for executing and updating as appropriate, the current information security strategy at Bentley. (S)he will work with senior management across the institution to ensure that budget, planning, infrastructure and implementation of information security-based initiatives will be managed efficiently. This role requires an individual with a sufficient technical background, a solid understanding of data security, and a demonstrated knowledge of compliance-related laws and regulations. The ISO should be well versed in evolving information security programs to attain a high level of maturity. This position carries the responsibility to ensure the timely identification, remediation and tracking of technical, procedural and policy-based items that may impact the security, use and stewardship of the University's data and information systems. Writing policies and documentation, communicating complex topics with faculty, staff, and students, and training on new policies and procedures are key responsibilities.
This role also requires a strong background in business process skills to effectively analyze business functions and make specific recommendations as they relate to the collection, protection and dissemination of data and IT operations. The ISO will contribute recommendations and provide leadership for all projects that have an information security component. The Information Security Officer will review any software/system agreements to ensure contracts meet or exceed security requirements based on the data that resides in the system. The ISO will work with various departments on campus in assessing, developing, implementing, and maintaining information security standards. In addition, the ISO will work with the various departments to develop programs to educate and inform the community about information security, within the traditional data center, SaaS and Cloud environments.
Finally, this position will implement control frameworks and ensure adherence with MA 201 CMR 17 and manage security across all IT departments to ensure auditable and documented end-to-end processes for the operation and handling of Bentley's data and systems.
Build on Bentley's current information security structure, policies, and procedures, and where necessary, provide institutional leadership with regard to information security, data stewardship and IT operations. Stay current by conducting research, keeping up to date on emerging threats, and networking with other security officers and participation in professional associations.
Identify new and emerging threats that can affect Bentley's information.
Along with the University's General Counsel, help guide the appropriate administrators in making recommendations and decisions about data security policy and implementation.
Serve as the main point of contact with an outside Managed Security Service provider to ensure services are delivered that meet Bentley's needs and continue to refine and configure the environment to detect and identify threats and solutions to mitigate.
Work with the Enterprise Risk Management to identify and quantify possible security risks.
Structure and convene the Security Operations Team comprised of technical and application staff responsible for developing, maintaining and upgrading the Bentley IT applications and infrastructure (including servers, databases, personal computers, 3rd party hosted services and mobile devices) to ensure that issues of security have been thoroughly reviewed, addressed and documented.
Monitor and review all requests for new IT applications (custom and 3rd party applications) to ensure compliance with Bentley's data security standards. Review new vendors and conduct annual reviews of our most critical Data Level one applications to measure current security practices against our security standards. This will include in the case of SaaS, reviewing vendors SOC 1,2 reports and highlight any areas of concern.
Advise and consult with various campus departments to assist them in monitoring policies, developing practices, and creating awareness and training programs surrounding federal and state data privacy laws. The ISO will be responsible ITs role in understanding the impact of Data Breach laws, FERPA (Federal Educational Rights and Privacy Act), GLBA (Gramm-Leach-Bliley Act) and the HERA (Higher Education Reauthorization Act), and HIPPA (Health Insurance Portability Accountability Act). The ISO should also participate and help frame Bentley's position and compliance with GDPR as appropriate.
Respond to internal and external audits related to information security and oversee incident response planning and execution as well as the investigation of security breaches; assist with disciplinary and legal matters associated with such breaches as necessary.
Bachelor's Degree. A BS in computer science/information technology, networking, engineering, or business process/management field preferred.
7+ years of experience working in information technology, security, or risk management. Proven experience working with IT operations, information security, or IT/regulatory risk management. CISSP (Certified Information System Security Professional) a plus.
Demonstrated understanding of business operations, information technology (applications, systems and networks) and associated data security as it relates to designing, monitoring, maintaining and implementing data security policies, standards, guidelines. The ISO must understand the higher education environment and the nuances needed when supporting students and faculty teaching and research. Excellent communication skills with demonstrated ability to implement and maintain enterprise-wide data security standards.
Strong project management skills, and the proven ability to build trust and work well with all levels of management and technical staff.
Ability to keep up to date with the latest security technologies and maintain a strong knowledge base of industry and technology trends. Excellent written and presentation skills in order to provide detailed reports to all constituencies including the Board of Trustees.
Strong analytical skills in order to identify security vulnerabilities and propose appropriate defensive and compensating controls.
Typical office setting with extensive sitting and computer work
Bentley University requires references checks and may conduct other pre-employment screening.
Bentley University strives to create a campus community that welcomes the exchange of ideas, and fosters a culture that values differences and views them as a strength in our community.
Bentley University is an Equal Opportunity Employer, building strength through diversity. The University is committed to building a community of talented students, faculty and staff who reflect the diversity of global business. We strongly encourage applications from persons from underrepresented groups, individuals with disabilities, covered veterans and those with diverse experiences and backgrounds.