Supports Security Operations for the Ohio Technology Consortium (OH-TECH), in collaboration with the Chancellor of the Ohio Department of Higher Education (ODHE), in accordance with university policies, goals, and objectives; reporting to the Chief Information Security Officer. OH-TECH is looking for an Information Security Compliance Lead to coordinate policy and governance activities, primarily through assessing the effectiveness of internal controls, risk management and governance for information systems in accordance with organizational objectives and regulatory requirements.
The Information Security Compliance Lead will: Review processes that support the information systems control framework; work with the OH-TECH Security Team to develop best practices for the use of vulnerability management systems, automated security scanning tools, data loss prevention and risk assessment methodologies; perform independent audits and multi-disciplinary review of complex and sensitive issues related to information systems across the organization; develop, document, and implement organizational policies related to Security and Information Technology; perform information system audits, data classification, special investigations and consultations to management; and report findings and recommendations to leadership.
The Compliance Lead will provide consulting and expert guidance in organization wide efforts regarding security engineering, risk management, design, access and identity control, operational support and consultation; security operational services; set-up, verification, and audit of user access and authorizations; risk analysis and response; and input into the development of business continuity and disaster recovery procedures. The Compliance Lead partners with stakeholders at the university or unit level to ensure systems and data are secured against a range of physical, electronic, cyber, and other threats. The Compliance Lead will work with appropriate leaders, business partners and staff to plan and develop risk management solutions that satisfy the organization's strategic and business needs.
The Compliance Lead has an understanding of the DevOps lifecycle, modern operating systems, as well as general networking knowledge. Works with the Security Team to develop best practices for the use of vulnerability management systems, automated security scanning tools, and risk assessment methodologies to identify the threats to the organization and mitigate them.
The Compliance Lead provides security planning, assessment, risk analysis, and risk management support. Will also recommend solutions to develop security requirements, assess security gaps, and guide the organization in meeting the security posture requirements. Must apply existing knowledge of Information Assurance policy, procedures, and workforce structure to provide expert guidance to engineering in the design, development, and implementation of secure networking, computing, and data center environments.
Ideally, the Compliance Lead has experience leading and mentoring junior analysts and consultants. Candidate should have an analytical mindset, inquisitive nature, responsiveness, and excellent assessment skills. Must also possess strong troubleshooting skills and the ability to work under pressure with multiple deadlines. Patience in working with non-technical end users is essential. Will work in a fast paced, small business environment with our talented team.
The Compliance Lead is able to grasp new concepts, facilitate information exchanges for data gathering, and collaborate with diverse audiences. Must follow established processes where applicable and establish and execute defensible processes where none are prescribed.
Bachelor’s degree or an equivalent combination of education and experience. Experience in implementing system accreditation processes and Risk Management Frameworks (e.g. NIST-800 series, RMF, CSF, CIS-RAM, COBIT); Experience with DISA STIGs and SRGs, MITREATT&CK, vulnerability management systems, mitigation and compliance processes, and reviewing results from automated security scanning tools. One or more of the following certifications: CISSP, CISM, CISA, CRM, CRMP, PRM, FRM, CERA, CEH, GSEC.
Have a solid understanding of windows, Mac, and/or Linux operating systems; hosts, networks, security, secure application development concepts. Hands-on experience with Vulnerability Scanning Tools (e.g. Rapid7, Qualys, Nessus). Experience with Code Scanning Tools: DAST and/or SAST. Experience with firewalls, NAT, HTTP, DNS, IP and OSI Networks. Experience with core LAN/WAN network technologies. Experience leading and mentoring junior analysts and consultants.
Target Salary: $73,100.00 - $85,000.00 Annually
Job Category: Information Technology (IT)
Job Appointment (FTE%):
The Ohio State University is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation or identity, national origin, disability status, and protected veteran status.
The Ohio State University is a dynamic community of diverse resources, where opportunity thrives and where individuals transform themselves and the world. Founded in 1870, Ohio State is a world-class public research university and the leading comprehensive teaching and research institution in the state of Ohio. With more than 63,000 students (including 57,000 in Columbus), the Wexner Medical Center, 14 colleges, 80 centers and 175 majors, the university offers its students tremendous breadth and depth of opportunity in the liberal arts, the sciences and the professions.