Job Listing

POSTED: August 26, 2018

Director of Information Security

LISTING CONTACT
Cindy Mitchell | cjmitche@colby.edu | 207859-4192
COMPANY
Colby College
LOCATION
Waterville, ME
JOB TYPE
Full time
CATEGORY
Other
SALARY

DIRECTOR OF INFORMATION SECURITY
Office of Information Technology Services (ITS)
Full-Time, Exempt, Salaried, Administrative Staff Appointment

Reporting to the chief information officer (CIO), the director of information security is responsible for the strategic and operational direction of Colby’s information security program. The director works collaboratively with campus leadership and stakeholder groups to build shared ownership of information security across the institution. The position develops and maintains programs including information security policy and standards; information security awareness and training; information security incident response and management; risk assessment and management; and information security-related information technology (IT) architecture. The director of information security demonstrates a commitment to ensure that data in all forms, as well as the systems and networks used to transmit, store, and provide access to it are designed, configured, and operated in a manner that ensures security, integrity, privacy, and compliance with statutory and regulatory requirements. We encourage inquiries from candidates who will contribute to the cultural and ethnic diversity of our college.

ESSENTIAL FUNCTIONS AND RESPONSIBILITIES:
-Coordinate the College’s information security program
– Establish and maintain information security programs in collaboration with the campus community including policy and standards
– Provide information security awareness and training; incident response and management; risk assessment and management; and relevant IT architecture to ensure the security of all sensitive data collected, processed, stored, and transmitted
– Develop and maintain the campus information security roadmap for ensuring the security of technology services, computer systems, data networks, and data
– Conduct and review ongoing vulnerability assessments of IT systems and coordinate periodic information security assessments at an organizational level
– Develop, maintain, and review security configuration data on firewalls and related security software and/or services
Inspect system, network log, and event data for integrity and anomalies
– As a member of the ITS management team, participate in strategic planning and development of goals and objectives
– Collaborate with ITS staff to track and implement information security initiatives
– Facilitate the communication of policies, practices, and awareness to the College community
– Manage and coordinate incident response procedures to track and address information, system and network security incidents, alleged policy violations, and external requests or complaints
– Assist in vendor and/or product assessments to evaluate information security risks
– Serve as liaison to federal, state, local and professional organizations in collaboration with risk management and the College’s Department of Security
– Coordinate with the Office of General Counsel to ensure that information technology practices and policies are compliant with applicable standards and laws
– Perform additional duties as assigned; duties, responsibilities, and activities may change at any time with or without notice

QUALIFICATIONS:
– Bachelor’s degree or the equivalent in education and experience; degree in a technology related field preferred
– Minimum five years of relevant experience in information security or related field
– Experience working in higher education preferred
– Experience presenting complex security concepts to a variety of audiences or groups (e.g. end-user training, security conference presentations, executive-level briefings)
– Familiarity with information security and data breach law, standards; and federal, state, and local regulations including PCI, FERPA, HIPAA, and NIST 800 series
– Knowledge of network and authentication protocols, encryption types, and information security technologies
– Experience with data networking, VPN, next-generation firewalls, network access controls, security information and event management (SIEM), authentication protocols, data encryption, and other relevant technologies
– CISSP, GIAC or similar certification(s) preferred
– Ability to work independently and as a member of a team, establish priorities, and work collaboratively as a member of a diverse community
– Collaborative, constructive, and positive approach to work
– Excellent oral, written, and interpersonal communication skills, including strong relationship skills
– Attention to detail in both completion of work and documenting work products
– Effective time management practices, applied in a fast-paced environment

KEY RELATIONSHIPS:
This position has frequent and direct contact with ITS peers and colleagues, administrative and academic personnel, and third parties such as vendor and consulting contacts.

WORKING CONDITIONS/PHYSICAL REQUIREMENTS:
General open office and campus environment. Position involves sitting, although frequent movement is necessary. Computer usage involving repetitive hand/wrist motion is also necessary.

ESSENTIAL FUNCTIONS AND RESPONSIBILITIES: -Coordinate the College’s information security program - Establish and maintain information security programs in collaboration with the campus community including policy and standards - Provide information security awareness and training; incident response and management; risk assessment and management; and relevant IT architecture to ensure the security of all sensitive data collected, processed, stored, and transmitted - Develop and maintain the campus information security roadmap for ensuring the security of technology services, computer systems, data networks, and data - Conduct and review ongoing vulnerability assessments of IT systems and coordinate periodic information security assessments at an organizational level - Develop, maintain, and review security configuration data on firewalls and related security software and/or services Inspect system, network log, and event data for integrity and anomalies - As a member of the ITS management team, participate in strategic planning and development of goals and objectives - Collaborate with ITS staff to track and implement information security initiatives - Facilitate the communication of policies, practices, and awareness to the College community - Manage and coordinate incident response procedures to track and address information, system and network security incidents, alleged policy violations, and external requests or complaints - Assist in vendor and/or product assessments to evaluate information security risks - Serve as liaison to federal, state, local and professional organizations in collaboration with risk management and the College’s Department of Security - Coordinate with the Office of General Counsel to ensure that information technology practices and policies are compliant with applicable standards and laws - Perform additional duties as assigned; duties, responsibilities, and activities may change at any time with or without notice
QUALIFICATIONS: - Bachelor’s degree or the equivalent in education and experience; degree in a technology related field preferred - Minimum five years of relevant experience in information security or related field - Experience working in higher education preferred - Experience presenting complex security concepts to a variety of audiences or groups (e.g. end-user training, security conference presentations, executive-level briefings) - Familiarity with information security and data breach law, standards; and federal, state, and local regulations including PCI, FERPA, HIPAA, and NIST 800 series - Knowledge of network and authentication protocols, encryption types, and information security technologies - Experience with data networking, VPN, next-generation firewalls, network access controls, security information and event management (SIEM), authentication protocols, data encryption, and other relevant technologies - CISSP, GIAC or similar certification(s) preferred - Ability to work independently and as a member of a team, establish priorities, and work collaboratively as a member of a diverse community - Collaborative, constructive, and positive approach to work - Excellent oral, written, and interpersonal communication skills, including strong relationship skills - Attention to detail in both completion of work and documenting work products - Effective time management practices, applied in a fast-paced environment
Founded in 1813, Colby is one of America’s most selective colleges. Serving only undergraduates, Colby’s rigorous academic program is rooted in deep exploration of ideas and close interaction with world-class faculty scholars. Students pursue intellectual passions, choosing among 58 majors or developing their own. Independent and collaborative research, study abroad, and internships offer robust opportunities to prepare students for postgraduate success. Colby is home to a community of 2,000 dedicated and diverse students from around the globe. Its Maine location provides easy access to world-class research institutions and civic engagement experiences. In a period of fast-paced progress, Colby is building on its strong foundation while remaining committed to excellence, to supporting students and faculty at the highest levels, and to the College’s deep liberal arts traditions. This new chapter includes the creation of innovative academic initiatives and partnerships, strengthening the connections between the liberal arts and the professional world, revitalizing downtown Waterville, and pursuing significant capital projects for performing arts and athletics.