Position Title: Information Security Officer
Pay Status and Classification: Exempt, Regular Full-Time
Supervisor: Chief Information Officer
Position Purpose: Reporting to the chief information officer (CIO), the Information Security Officer (ISO) is responsible for the strategic and operational direction of Union's information security program. The ISO works collaboratively with campus leadership and stakeholder groups to build shared ownership of information security across the institution. The position develops and maintains programs including information security policy and standards; information security awareness and training; information security incident response and management; risk assessment and management; and information security-related information technology (IT) architecture. The ISO demonstrates a commitment to ensure that data in all forms, as well as the systems and networks used to transmit, store, and provide access to it are designed, configured, and operated in a manner that ensures security, integrity, privacy, and compliance with statutory and regulatory requirements.
Essential Responsibilities and Duties:
• Coordinate the College's information security program. Coordinate the College's information security program.
• Establish and maintain information security programs in collaboration with the campus community including policy and standards. Establish and maintain information security programs in collaboration with the campus community including policy and standards.
• Provide information security awareness and training; incident response and management; risk assessment and management; and relevant IT architecture to ensure the security of all sensitive data collected, processed, stored, and transmitted. Provide information security awareness and training; incident response and management; risk assessment and management; and relevant IT architecture to ensure the security of all sensitive data collected, processed, stored, and transmitted.
• Develop and maintain the campus information security roadmap for ensuring the security of technology services, computer systems, data networks, and data. Develop and maintain the campus information security roadmap for ensuring the security of technology services, computer systems, data networks, and data.
• Conduct and review ongoing vulnerability assessments of IT systems and coordinate periodic information security assessments at an organizational level. Conduct and review ongoing vulnerability assessments of IT systems and coordinate periodic information security assessments at an organizational level.
• Develop, maintain, and review security configuration data in security software and/or services. Develop, maintain, and review security configuration data in security software and/or services.
• Approve, review and audit firewall rules maintained by the network managed service vendor. Approve, review and audit firewall rules maintained by the network managed service vendor.
• In collaboration with network managed service vendor, inspect system, network log, and event data for integrity and anomalies when necessary. In collaboration with network managed service vendor, inspect system, network log, and event data for integrity and anomalies when necessary.
• As a member of the ITS management team, participate in strategic planning and development of goals and objectives. As a member of the ITS management team, participate in strategic planning and development of goals and objectives.
• Collaborate with ITS staff to track and implement information security initiatives. Collaborate with ITS staff to track and implement information security initiatives.
• Facilitate the communication of policies, practices, and awareness to the College community. Facilitate the communication of policies, practices, and awareness to the College community.
• Manage and coordinate incident response procedures to track and address information, system and network security incidents, alleged policy violations, and external requests or complaints. Manage and coordinate incident response procedures to track and address information, system and network security incidents, alleged policy violations, and external requests or complaints.
• Assist in vendor and/or product assessments to evaluate information security risks. Assist in vendor and/or product assessments to evaluate information security risks.
• Perform additional duties as assigned; duties, responsibilities, and activities may change at any time with or without notice. Perform additional duties as assigned; duties, responsibilities, and activities may change at any time with or without notice.
Qualifications:
• Bachelor's degree or the equivalent in education and experience or a combination of relevant education, training, certifications, and work experience . Bachelor's degree or the equivalent in education and experience or a combination of relevant education, training, certifications, and work experience .
• Minimum five years of relevant experience in information security or related field. Minimum five years of relevant experience in information security or related field.
• Experience working in higher education preferred. Experience working in higher education preferred.
• Experience presenting complex security concepts to a variety of audiences or groups (e.g. end-user training, security conference presentations, executive-level briefings). Experience presenting complex security concepts to a variety of audiences or groups (e.g. end-user training, security conference presentations, executive-level briefings).
• Familiarity with information security and data breach law, standards; and federal, state, and local regulations including PCI, FERPA, HIPAA, and NIST 800 series. Familiarity with information security and data breach law, standards; and federal, state, and local regulations including PCI, FERPA, HIPAA, and NIST 800 series.
• Knowledge of network and authentication protocols, encryption types, and information security technologies. Knowledge of network and authentication protocols, encryption types, and information security technologies.
• Experience with data networking, VPN, next-generation firewalls, network access controls, security information and event management (SIEM), authentication protocols, data encryption, and other relevant technologies CISSP, GIAC or similar certification(s) preferred. Experience with data networking, VPN, next-generation firewalls, network access controls, security information and event management (SIEM), authentication protocols, data encryption, and other relevant technologies CISSP, GIAC or similar certification(s) preferred.
• Ability to work independently and as a member of a team, establish priorities, and work collaboratively as a member of a diverse community. Ability to work independently and as a member of a team, establish priorities, and work collaboratively as a member of a diverse community.
• Collaborative, constructive, and positive approach to work. Collaborative, constructive, and positive approach to work.
• Excellent oral, written, and interpersonal communication skills, including strong relationship skills. Excellent oral, written, and interpersonal communication skills, including strong relationship skills.
• Attention to detail in both completion of work and documenting work products. Attention to detail in both completion of work and documenting work products.
• Effective time management practices, applied in a fast-paced environment Effective time management practices, applied in a fast-paced environment
Compensation:
The annual salary range for this position is $95,000 to $100,000. Except for roles with a set rate of pay, the wage/salary of the finalist selected for this role will be set based on a variety of factors, including but not limited to departmental budgets, qualifications, experience, education, licenses, specialty, and training. The stated hiring rate/range represents the College's good faith and reasonable estimate of the rate/range of possible compensation at the time of posting.
Location: Schenectady, NY
We know some job seekers may not apply for career opportunities unless they meet every qualification in the position description including the preferred qualifications. We are most interested in hiring the best staff and faculty colleagues, and recognize that a successful candidate may come from a less traditional career path. We encourage you to apply, even if you don't believe you meet every one of our preferred qualifications.
We offer exceptional benefits including:
• Generous Vacation, Sick, and Personal Time Generous Vacation, Sick, and Personal Time
• Winter Recess Break in Addition to Paid Holidays (in accordance with policy) Winter Recess Break in Addition to Paid Holidays (in accordance with policy)
• Healthcare, Dental, and Vision Insurance (Flexible Spending and Dependent Care Accounts) Healthcare, Dental, and Vision Insurance (Flexible Spending and Dependent Care Accounts)
• Free On-Campus Fitness Facility Access and Discounts for On-Campus Wellness Programs Free On-Campus Fitness Facility Access and Discounts for On-Campus Wellness Programs
• Employee Scholarships toward Certifications, Seminars, Training and Professional Development Employee Scholarships toward Certifications, Seminars, Training and Professional Development
• Pre and Post Tax participation in a 403(b) Retirement Plan Pre and Post Tax participation in a 403(b) Retirement Plan
• Salary Continuation Program in the event of Disability Salary Continuation Program in the event of Disability
• Tuition programs Tuition programs
Background Checks: In accordance with our background check policy , finalists for hire will undergo a background check that includes education, employment, and criminal convictions.
E-Verify Participation: Union College participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the United States. Learn more about E-Verify and your Right to Work (Derecho a Trabajar) .