Information Security Director (Officer)
ESSENTIAL FUNCTIONS AND RESPONSIBILITIES
Coordinate the College’s overall information security program, develop and maintain the campus information security roadmap to ensure the security of technology services, computer systems, networks, and data
Establish and maintain information security policies, processes, and standards in collaboration with the campus community
Enhance information security awareness and coordinate related training for security, privacy, and confidentiality.
Conduct, review, and report on ongoing vulnerability assessments of IT systems and coordinate periodic information security assessments at an organizational level
Review and assess information security risks, recommend controls, oversee their implementation and management in collaboration with IT and other staff
As a member of the IT leadership team, participate in strategic planning and development of goals and objectives, specifically for information security and also infusing it into all other goals
Facilitate the communication of policies, practices, and awareness to the College community
Manage and coordinate incident response procedures to track and address information, system and network security incidents, alleged policy violations, and external requests or complaints. Test disaster recovery and continuity annually.
Assist in vendor and/or product assessments to evaluate information security risks
Serve as liaison to federal, state, local and professional organizations in collaboration with counsel, risk management, and campus security, assist in legal discovery and data gathering
Maintain a working knowledge of laws, regulations, and industry standards, where compliance requires specific data or information security policies, practices, reporting, or audits. These include and are not limited to – HIPAA, FERPA, PCI, GDPR, etc.
Coordinate with the General Counsel to ensure that information technology practices and policies are compliant with applicable standards and laws
Participate in the higher education information security community for awareness of best practices and emerging threats
Perform additional duties as assigned; duties, responsibilities, and activities may change at any time with or without notice