Skip to Main Content
Community/Job Board/Job Board/Senior/Mid Level Management/Information Security Officer

Information Security Officer

Posted: August 29, 2022
Description
Skills
Education
Company Description

GENERAL STATEMENT OF DUTIES:
The Information Security Officer is a member of the leadership team within the Information Technology Services (ITS) organization with responsibility for the comprehensive information security program. This includes (but is not limited to); the review, evaluation, and implementation of controls to reduce the overall risks associated with information that is under the stewardship of the University, related technological infrastructure, and third-party product or service providers. This position also administers information security training and awareness programs. Responsibilities include the monitoring, investigation, response, and remediation of vulnerabilities, threats, and breaches of Framingham State's cybersecurity as may be necessary. The Information Security Officer also proposes, drafts, and maintains all documented security policies and procedures designed to mitigate such risks.

The Information Security Officer plays an important role in formulating and executing strategies that contribute toward the University being a productive and enjoyable place to teach, learn and work. This includes (but is not limited to); ensuring generally accepted best practices for securing information and technological infrastructure are adopted by partnering with colleagues within ITS, users of Framingham State's information systems, other internal stakeholders, and vendors as part of the organization's objectives and improvement of IT services in support of Framingham State University's overall operations and strategic priorities.

SUPERVISION EXERCISED:
N/A

SUPERVISION RECEIVED:
Associate Vice President and Chief Information Officer

EXAMPLES OF SPECIFIC DUTIES AND RESPONSIBILITIES:
Leads the implementation of the controls, best practices, policies, and procedures as described or referred to in the University's Comprehensive Written Information Security Program (WISP)
Monitors changes in legislation related to cybersecurity and information security, and updates the University's Comprehensive WISP as needed.
Leads the development of annual and long-range security strategies, compliance goals, capability maturity models, performance metrics, reporting mechanisms, and program services that demonstrate measurable improvements to cybersecurity at the University over time.
Assumes responsibility for designated portions of the University's IT service offerings as the Service Owner and/or Process Manager and provides program and project management for assigned initiatives requiring a structured approach to defining a scope of work, resource planning and coordination, controlling costs, and mitigating risks.
Works with university leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements.
Coordinates and tracks all information technology and security-related assessments/audits including the scope of audits, colleges/units involved, timelines, auditing/assessing agencies, and outcomes. Works with auditors/assessors as appropriate to keep audit/assessment focus in scope, maintain excellent relationships with audit/assessment entities and provide a consistent perspective that continually puts the institution in its best light. Provides guidance, evaluation, and advocacy on audit responses. Handles the administration, planning, and coordination associated with follow-up to findings and recommendations from audits and assessments.
Develops a strategy for dealing with an increasing number of internal and external assessments, audits, and compliance checks.
Develops and administers designated budget allocations and serves as the assigned contract manager for agreements with third-party product and service providers.
Reviews contracts for departmental third-party product and service providers for appropriate and required information security and privacy protections.
Initiates and leads ongoing efforts to identify, inform and involve key stakeholders in the process of making joint decisions and engaging in productive collaborations with colleagues and constituents as part of managing the administration of policies, programs, and services.
Monitors areas of potential risk to information security, and cybersecurity more generally identify vulnerabilities and threats and takes appropriate action to help prevent, mitigate or remediate situations that might inflict financial, operational, or reputational damage to the University.
Periodically reviews and assesses logs, access controls, vulnerability scans, and patch management programs as required to ensure that documented standard operating procedures are consistent with best practice, up to date, and are being followed. Adjustments to standard operating procedures will be made as needed. Any/all findings will be noted, remediated, and reported.
Convenes a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise or situations that warrant attention in order to prevent or mitigate the risk of an incident occurring.
Convenes Ad Hoc Security Committee as appropriate and provides leadership for breach response and notification actions for the University.
Provides consultative guidance to members of academic and administrative departments as well as students on how to secure information, protect information technology, and employ generally accepted best practices for cybersecurity.
Works closely with the other colleagues within the University and third-party product and service providers to ensure supported information systems and technological infrastructure are compliant with federal, state, and industry regulations to protect institutional data, systems, personal information, and privacy.
Works closely with the other colleagues within the University and third-party product and service providers to maintain documentation of Framingham State's contingency and business continuity plans to ensure a defined scope of information technology services can be restored within agreed-upon timeframes in the event of a disaster or major cybersecurity incident.
Participate in local, regional, and national peer organizations to stay abreast of information security issues and regulatory changes affecting higher education at the state and national level.
Participate in national policy and practice discussions on information security and communicate to campus regularly about those topics.
Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Provides insights, consultative advice, and expertise as a contributing member of committees, task forces, and advisory groups charged with formulating University-wide strategies, setting operational objectives, instituting policies, and achieving goals associated with compliance, audits, and risk management.
Performs other duties as may be assigned by the Associate Vice President and Chief Information Officer.
Accountable for ensuring that affirmative action, equal opportunity, and diversity are integrally tied to all actions and decisions in areas of responsibility.

WORKING CONDITIONS:
All of the work associated with the duties and responsibilities for this position is ordinarily performed at Framingham State's main campus, and may be done periodically from a remote location consistent with the conditional provisions specified within University's Telework Guidelines and in accordance with an approved Telework Agreement.

MINIMUM QUALIFICATIONS:
Academic credential of a Bachelor's degree
Excellent technical, organizational, planning, documentation, and communications skills
Project management experience
5+ years progressive experience in a computer-related field
Some degree of experience in policy and planning, compliance, and operations as described in the preceding section titled "Duties and Responsibilities"

PREFERRED QUALIFICATIONS:
Prior experience as an Information Security professional
Experience working for a College or University within Information Technology Services
Certifications and other credentials for Management of Information Security

Bachelor's degree

Framingham State University is a vibrant comprehensive liberal arts institution located in the MetroWest suburbs of Boston, which integrates an academically challenging liberal arts education with workforce preparation programs. Founded in 1839, FSU enrolls about 4,000 undergraduates and 1,200 graduate and professional students. FSU offers 35 bachelor's degrees with 55 specialized concentrations, 63 minors, and 26 master's degree programs, in a highly personalized teaching environment. Our community takes pride in empowering student success by providing a superior education, leading research and innovation opportunities, and a strong first-year experience.

At FSU, we are deeply committed to inclusive excellence, encouraging a supportive, diverse and collaborative learning environment, and providing culturally relevant education. We are honored that our commitment earned FSU six Higher Education Excellence in Diversity (HEED) Awards from INSIGHT Into Diversity and that we are the only public institution in Massachusetts recognized in 2018, 2019, and 2020. FSU is designated as an emerging Hispanic-Serving Institution by the Hispanic Association of Colleges and Universities and also belongs to the Howard Hughes Medical Institute (HHMI) Inclusive Excellence community, providing national leadership in science education and exploring strategies that will lead to more inclusive science education. We encourage applications from those who share our commitment to promoting a diverse, welcoming, and inclusive community.

Our founding motto, LIVE TO THE TRUTH, was said at the end of each class by beloved first principal, Cyrus Peirce, who sought to discover and teach "truth in theory and principle...truth in spirit and motive...truth in manner and form...truth intellectual and truth moral." Principal Bagnall found this motto "speaks of sincerity of spirit...of intensity of effort, of resolution to succeed, of joy in achievement." LIVE TO THE TRUTH continues to guide our institution in practice and endeavor. If you share in this quest for truth and a commitment to living it fully, make the next chapter of your career the best chapter at Framingham State University.

Learn more about our career opportunities at www.framingham.edu/careers.

Description

GENERAL STATEMENT OF DUTIES:
The Information Security Officer is a member of the leadership team within the Information Technology Services (ITS) organization with responsibility for the comprehensive information security program. This includes (but is not limited to); the review, evaluation, and implementation of controls to reduce the overall risks associated with information that is under the stewardship of the University, related technological infrastructure, and third-party product or service providers. This position also administers information security training and awareness programs. Responsibilities include the monitoring, investigation, response, and remediation of vulnerabilities, threats, and breaches of Framingham State's cybersecurity as may be necessary. The Information Security Officer also proposes, drafts, and maintains all documented security policies and procedures designed to mitigate such risks.

The Information Security Officer plays an important role in formulating and executing strategies that contribute toward the University being a productive and enjoyable place to teach, learn and work. This includes (but is not limited to); ensuring generally accepted best practices for securing information and technological infrastructure are adopted by partnering with colleagues within ITS, users of Framingham State's information systems, other internal stakeholders, and vendors as part of the organization's objectives and improvement of IT services in support of Framingham State University's overall operations and strategic priorities.

SUPERVISION EXERCISED:
N/A

SUPERVISION RECEIVED:
Associate Vice President and Chief Information Officer

EXAMPLES OF SPECIFIC DUTIES AND RESPONSIBILITIES:
Leads the implementation of the controls, best practices, policies, and procedures as described or referred to in the University's Comprehensive Written Information Security Program (WISP)
Monitors changes in legislation related to cybersecurity and information security, and updates the University's Comprehensive WISP as needed.
Leads the development of annual and long-range security strategies, compliance goals, capability maturity models, performance metrics, reporting mechanisms, and program services that demonstrate measurable improvements to cybersecurity at the University over time.
Assumes responsibility for designated portions of the University's IT service offerings as the Service Owner and/or Process Manager and provides program and project management for assigned initiatives requiring a structured approach to defining a scope of work, resource planning and coordination, controlling costs, and mitigating risks.
Works with university leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements.
Coordinates and tracks all information technology and security-related assessments/audits including the scope of audits, colleges/units involved, timelines, auditing/assessing agencies, and outcomes. Works with auditors/assessors as appropriate to keep audit/assessment focus in scope, maintain excellent relationships with audit/assessment entities and provide a consistent perspective that continually puts the institution in its best light. Provides guidance, evaluation, and advocacy on audit responses. Handles the administration, planning, and coordination associated with follow-up to findings and recommendations from audits and assessments.
Develops a strategy for dealing with an increasing number of internal and external assessments, audits, and compliance checks.
Develops and administers designated budget allocations and serves as the assigned contract manager for agreements with third-party product and service providers.
Reviews contracts for departmental third-party product and service providers for appropriate and required information security and privacy protections.
Initiates and leads ongoing efforts to identify, inform and involve key stakeholders in the process of making joint decisions and engaging in productive collaborations with colleagues and constituents as part of managing the administration of policies, programs, and services.
Monitors areas of potential risk to information security, and cybersecurity more generally identify vulnerabilities and threats and takes appropriate action to help prevent, mitigate or remediate situations that might inflict financial, operational, or reputational damage to the University.
Periodically reviews and assesses logs, access controls, vulnerability scans, and patch management programs as required to ensure that documented standard operating procedures are consistent with best practice, up to date, and are being followed. Adjustments to standard operating procedures will be made as needed. Any/all findings will be noted, remediated, and reported.
Convenes a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise or situations that warrant attention in order to prevent or mitigate the risk of an incident occurring.
Convenes Ad Hoc Security Committee as appropriate and provides leadership for breach response and notification actions for the University.
Provides consultative guidance to members of academic and administrative departments as well as students on how to secure information, protect information technology, and employ generally accepted best practices for cybersecurity.
Works closely with the other colleagues within the University and third-party product and service providers to ensure supported information systems and technological infrastructure are compliant with federal, state, and industry regulations to protect institutional data, systems, personal information, and privacy.
Works closely with the other colleagues within the University and third-party product and service providers to maintain documentation of Framingham State's contingency and business continuity plans to ensure a defined scope of information technology services can be restored within agreed-upon timeframes in the event of a disaster or major cybersecurity incident.
Participate in local, regional, and national peer organizations to stay abreast of information security issues and regulatory changes affecting higher education at the state and national level.
Participate in national policy and practice discussions on information security and communicate to campus regularly about those topics.
Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Provides insights, consultative advice, and expertise as a contributing member of committees, task forces, and advisory groups charged with formulating University-wide strategies, setting operational objectives, instituting policies, and achieving goals associated with compliance, audits, and risk management.
Performs other duties as may be assigned by the Associate Vice President and Chief Information Officer.
Accountable for ensuring that affirmative action, equal opportunity, and diversity are integrally tied to all actions and decisions in areas of responsibility.

WORKING CONDITIONS:
All of the work associated with the duties and responsibilities for this position is ordinarily performed at Framingham State's main campus, and may be done periodically from a remote location consistent with the conditional provisions specified within University's Telework Guidelines and in accordance with an approved Telework Agreement.

Skills

MINIMUM QUALIFICATIONS:
Academic credential of a Bachelor's degree
Excellent technical, organizational, planning, documentation, and communications skills
Project management experience
5+ years progressive experience in a computer-related field
Some degree of experience in policy and planning, compliance, and operations as described in the preceding section titled "Duties and Responsibilities"

PREFERRED QUALIFICATIONS:
Prior experience as an Information Security professional
Experience working for a College or University within Information Technology Services
Certifications and other credentials for Management of Information Security

Education

Bachelor's degree

Company Description

Framingham State University is a vibrant comprehensive liberal arts institution located in the MetroWest suburbs of Boston, which integrates an academically challenging liberal arts education with workforce preparation programs. Founded in 1839, FSU enrolls about 4,000 undergraduates and 1,200 graduate and professional students. FSU offers 35 bachelor's degrees with 55 specialized concentrations, 63 minors, and 26 master's degree programs, in a highly personalized teaching environment. Our community takes pride in empowering student success by providing a superior education, leading research and innovation opportunities, and a strong first-year experience.

At FSU, we are deeply committed to inclusive excellence, encouraging a supportive, diverse and collaborative learning environment, and providing culturally relevant education. We are honored that our commitment earned FSU six Higher Education Excellence in Diversity (HEED) Awards from INSIGHT Into Diversity and that we are the only public institution in Massachusetts recognized in 2018, 2019, and 2020. FSU is designated as an emerging Hispanic-Serving Institution by the Hispanic Association of Colleges and Universities and also belongs to the Howard Hughes Medical Institute (HHMI) Inclusive Excellence community, providing national leadership in science education and exploring strategies that will lead to more inclusive science education. We encourage applications from those who share our commitment to promoting a diverse, welcoming, and inclusive community.

Our founding motto, LIVE TO THE TRUTH, was said at the end of each class by beloved first principal, Cyrus Peirce, who sought to discover and teach "truth in theory and principle...truth in spirit and motive...truth in manner and form...truth intellectual and truth moral." Principal Bagnall found this motto "speaks of sincerity of spirit...of intensity of effort, of resolution to succeed, of joy in achievement." LIVE TO THE TRUTH continues to guide our institution in practice and endeavor. If you share in this quest for truth and a commitment to living it fully, make the next chapter of your career the best chapter at Framingham State University.

Learn more about our career opportunities at www.framingham.edu/careers.

Position Overview

Company

Framingham State University

Location

Framingham, MA

Job Type

Full time

Salary

85000-90000

Apply Now

Listing Contact

Human Resources

hronboarding@framingham.edu 508-626-4860

Position Details

Description

GENERAL STATEMENT OF DUTIES:
The Information Security Officer is a member of the leadership team within the Information Technology Services (ITS) organization with responsibility for the comprehensive information security program. This includes (but is not limited to); the review, evaluation, and implementation of controls to reduce the overall risks associated with information that is under the stewardship of the University, related technological infrastructure, and third-party product or service providers. This position also administers information security training and awareness programs. Responsibilities include the monitoring, investigation, response, and remediation of vulnerabilities, threats, and breaches of Framingham State's cybersecurity as may be necessary. The Information Security Officer also proposes, drafts, and maintains all documented security policies and procedures designed to mitigate such risks.

The Information Security Officer plays an important role in formulating and executing strategies that contribute toward the University being a productive and enjoyable place to teach, learn and work. This includes (but is not limited to); ensuring generally accepted best practices for securing information and technological infrastructure are adopted by partnering with colleagues within ITS, users of Framingham State's information systems, other internal stakeholders, and vendors as part of the organization's objectives and improvement of IT services in support of Framingham State University's overall operations and strategic priorities.

SUPERVISION EXERCISED:
N/A

SUPERVISION RECEIVED:
Associate Vice President and Chief Information Officer

EXAMPLES OF SPECIFIC DUTIES AND RESPONSIBILITIES:
Leads the implementation of the controls, best practices, policies, and procedures as described or referred to in the University's Comprehensive Written Information Security Program (WISP)
Monitors changes in legislation related to cybersecurity and information security, and updates the University's Comprehensive WISP as needed.
Leads the development of annual and long-range security strategies, compliance goals, capability maturity models, performance metrics, reporting mechanisms, and program services that demonstrate measurable improvements to cybersecurity at the University over time.
Assumes responsibility for designated portions of the University's IT service offerings as the Service Owner and/or Process Manager and provides program and project management for assigned initiatives requiring a structured approach to defining a scope of work, resource planning and coordination, controlling costs, and mitigating risks.
Works with university leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements.
Coordinates and tracks all information technology and security-related assessments/audits including the scope of audits, colleges/units involved, timelines, auditing/assessing agencies, and outcomes. Works with auditors/assessors as appropriate to keep audit/assessment focus in scope, maintain excellent relationships with audit/assessment entities and provide a consistent perspective that continually puts the institution in its best light. Provides guidance, evaluation, and advocacy on audit responses. Handles the administration, planning, and coordination associated with follow-up to findings and recommendations from audits and assessments.
Develops a strategy for dealing with an increasing number of internal and external assessments, audits, and compliance checks.
Develops and administers designated budget allocations and serves as the assigned contract manager for agreements with third-party product and service providers.
Reviews contracts for departmental third-party product and service providers for appropriate and required information security and privacy protections.
Initiates and leads ongoing efforts to identify, inform and involve key stakeholders in the process of making joint decisions and engaging in productive collaborations with colleagues and constituents as part of managing the administration of policies, programs, and services.
Monitors areas of potential risk to information security, and cybersecurity more generally identify vulnerabilities and threats and takes appropriate action to help prevent, mitigate or remediate situations that might inflict financial, operational, or reputational damage to the University.
Periodically reviews and assesses logs, access controls, vulnerability scans, and patch management programs as required to ensure that documented standard operating procedures are consistent with best practice, up to date, and are being followed. Adjustments to standard operating procedures will be made as needed. Any/all findings will be noted, remediated, and reported.
Convenes a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise or situations that warrant attention in order to prevent or mitigate the risk of an incident occurring.
Convenes Ad Hoc Security Committee as appropriate and provides leadership for breach response and notification actions for the University.
Provides consultative guidance to members of academic and administrative departments as well as students on how to secure information, protect information technology, and employ generally accepted best practices for cybersecurity.
Works closely with the other colleagues within the University and third-party product and service providers to ensure supported information systems and technological infrastructure are compliant with federal, state, and industry regulations to protect institutional data, systems, personal information, and privacy.
Works closely with the other colleagues within the University and third-party product and service providers to maintain documentation of Framingham State's contingency and business continuity plans to ensure a defined scope of information technology services can be restored within agreed-upon timeframes in the event of a disaster or major cybersecurity incident.
Participate in local, regional, and national peer organizations to stay abreast of information security issues and regulatory changes affecting higher education at the state and national level.
Participate in national policy and practice discussions on information security and communicate to campus regularly about those topics.
Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Provides insights, consultative advice, and expertise as a contributing member of committees, task forces, and advisory groups charged with formulating University-wide strategies, setting operational objectives, instituting policies, and achieving goals associated with compliance, audits, and risk management.
Performs other duties as may be assigned by the Associate Vice President and Chief Information Officer.
Accountable for ensuring that affirmative action, equal opportunity, and diversity are integrally tied to all actions and decisions in areas of responsibility.

WORKING CONDITIONS:
All of the work associated with the duties and responsibilities for this position is ordinarily performed at Framingham State's main campus, and may be done periodically from a remote location consistent with the conditional provisions specified within University's Telework Guidelines and in accordance with an approved Telework Agreement.

Skills and Experience

MINIMUM QUALIFICATIONS:
Academic credential of a Bachelor's degree
Excellent technical, organizational, planning, documentation, and communications skills
Project management experience
5+ years progressive experience in a computer-related field
Some degree of experience in policy and planning, compliance, and operations as described in the preceding section titled "Duties and Responsibilities"

PREFERRED QUALIFICATIONS:
Prior experience as an Information Security professional
Experience working for a College or University within Information Technology Services
Certifications and other credentials for Management of Information Security

Education

Bachelor's degree

Company Description

Framingham State University is a vibrant comprehensive liberal arts institution located in the MetroWest suburbs of Boston, which integrates an academically challenging liberal arts education with workforce preparation programs. Founded in 1839, FSU enrolls about 4,000 undergraduates and 1,200 graduate and professional students. FSU offers 35 bachelor's degrees with 55 specialized concentrations, 63 minors, and 26 master's degree programs, in a highly personalized teaching environment. Our community takes pride in empowering student success by providing a superior education, leading research and innovation opportunities, and a strong first-year experience.

At FSU, we are deeply committed to inclusive excellence, encouraging a supportive, diverse and collaborative learning environment, and providing culturally relevant education. We are honored that our commitment earned FSU six Higher Education Excellence in Diversity (HEED) Awards from INSIGHT Into Diversity and that we are the only public institution in Massachusetts recognized in 2018, 2019, and 2020. FSU is designated as an emerging Hispanic-Serving Institution by the Hispanic Association of Colleges and Universities and also belongs to the Howard Hughes Medical Institute (HHMI) Inclusive Excellence community, providing national leadership in science education and exploring strategies that will lead to more inclusive science education. We encourage applications from those who share our commitment to promoting a diverse, welcoming, and inclusive community.

Our founding motto, LIVE TO THE TRUTH, was said at the end of each class by beloved first principal, Cyrus Peirce, who sought to discover and teach "truth in theory and principle...truth in spirit and motive...truth in manner and form...truth intellectual and truth moral." Principal Bagnall found this motto "speaks of sincerity of spirit...of intensity of effort, of resolution to succeed, of joy in achievement." LIVE TO THE TRUTH continues to guide our institution in practice and endeavor. If you share in this quest for truth and a commitment to living it fully, make the next chapter of your career the best chapter at Framingham State University.

Learn more about our career opportunities at www.framingham.edu/careers.

Become a Member

Complete the application for Institution Membership to start using NERCOMP member benefits now!

Get Started

You are using an unsupported version of Internet Explorer. To ensure security, performance, and full functionality, please upgrade to an up-to-date browser.