The Director of Information Security serves as primary advisor to the Chief Information Officer (CIO) and ITS Senior Directors on security-related practices and policies that will mitigate information security-related risks to the University’s information systems, applications, databases, and networks. Serve as the University Data Protection Officer in order to address and meet European Union GDPR (General Data Protection Regulation) requirements. Report to the CIO and work directly with both ITS and non-ITS departments to coordinate security efforts and resources in order to maximize information security and data protection. The Director of Information Security s upervises professional, technical and support staff as assigned.
Essential Duties and Responsibilities:
Revise and re-develop, implement and maintain a University-wide information security and data protection plan based on EDUCAUSE Higher Education Information Security Council (HEISC) standards for best practices and EU GDPR requirements. Prepare, document, maintain and disseminate information security policies and procedures. Revise the University Information Security Incident Response Policy to reflect the new response requirements dictated by EU GDPR requirements. Prepare and coordinate implementation of university-wide information security training. Implement procedures and processes to improve USD’s response to EU GDPR’s seven fundamental requirements of (1) consent, (2) breach notification, (3) right to access, (4) right to be forgotten, (5) data portability, (6) privacy by design, and (7) data protection. Lead and collaborate on periodic Information Security Audits with the CIO and ITS Sr. Directors. In coordination with the Information Technology Services leadership team, prepare plans to protect University information technology assets against data breaches. Oversee, manage, and prepare information on IT Security and IT compliance matters specific to GLBA (Gramm-Leach-Bliley) act, FERPA, HIPPA, European Union GDPR, PCI-DSS, etc. Serve in the role of University Data Protection Officer specific to European Union GDPR standards and requirements. Create plans and IT security processes to align with GDPR requirements as applied to US Universities. Participate in EDUCAUSE Higher Education Information Security Council (HEISC) and Internet 2 security group conferences and webinars. Oversee forensics and prepare responses to breaches in the confidentiality, integrity or availability of institutional data. Use and improve existing ITS monitoring and alert/SIEM systems (e.g. Oracle Advanced Security, Solar Winds, Checkpoint SmartEvent, etc.) Work with IT security vendors/providers to oversee annual penetration and vulnerability testing. Improve or re-develop an internal scanning process using USD’s NESSUS vulnerability scanner. Identify vulnerabilities, threats and incidents within the university’s information technology infrastructure, and work with the responsible team in the Information Technology Department to resolve these issues with cost-effective solutions. Ensure through policies and procedures the appropriate use of the university’s information technology resources. Provide CIO and University committees with updates/presentations on the state of USD information security. Job Requirements Bachelor’s Degree required, preferably in MIS, computer science, electrical engineering, Cyber-security or a related field. Minimum of 5 years of IT systems, networking, or security experience in progressively responsible roles. Experience designing technical solutions that improved IT security posture. Experience architecting security solutions for organizations with large networks; with special preference for University/Research networks of 10,000 or more users . Experience with security technology including, but not limited to: Enterprise ERP systems, Oracle database technology, Identity Management systems, VPN, firewall, endpoint and antivirus security, and wireless and wired network security. Enterprise system-level or applications security experience and knowledge, including understanding of threats and countermeasures. A strong understanding of enterprise systems and network administration, including best practices for perimeter and infrastructure security and messaging security. Excellent communication skills, with the ability to communicate technical information to non-technical people.
- Must be proficient in the use of workstations and servers with multiple operating systems, network testing, monitoring and alert systems, as well as system and network scanning and vulnerability testing tools, ethical hacking tools, and audit tools.
Performance Expectations: Knowledge, Skills & Abilities: Proven ability to write policies and procedures relating to information technology. Ability to present information to large and small groups. Excellent collaboration and teamwork skills. Demonstrated effective written and oral communication skills. Familiarity with security industry trends and best practices. Proven ability to exercise independent thinking and judgment. Ability to work effectively with a wide range of customers in a diverse campus environment. Excellent problem solving skills, with proven organizational skills. Knowledge of systems risk and risk assessment concepts. Knowledge of information technology security monitoring and alert systems. Excellent understanding and knowledge of the field of information technology security.
Preferred Certificates, Licenses, Registrations:
Familiarity with EU GDPR requirements, FERPA, state and federal guidelines on privacy, transactions and security. Professional Certifications in field of information security, e.g. CISSP, GIAC. Master’s degree in a technical discipline.
Background check: Successful completion of a pre-employment background check.
Degree Verification Requirement : Persons offered employment in this position will be required to provide official education transcripts for degree verification purposes. Additional Details
Salary: Commensurate with experience; Excellent Benefits.
The University of San Diego offers a very competitive benefits package, to include medical, dental, vision, a 12% retirement contribution given to you by the University (with three year vesting period), and access to on-campus Fitness Centers. Please visit the benefits section of our website to view all of the perks and benefits that USD has to offer. USD: Human Resources: Benefits
Hours: 37.5 hours per week; usual work hours 8:30 am to 5:00 pm
Closing date: Open Until Filled
Note: External job postings will be up for at least five days. After that time, applications will be reviewed by the hiring manager/committee throughout the posting period. A candidate may be selected at any time which could then close this posting on a date earlier than listed.
The University of San Diego is an equal opportunity employer committed to diversity and inclusion and is especially interested in candidates who can contribute to the diversity and excellence of the campus community.
The University of San Diego is a smoking and tobacco-free campus. For more information, visit www.sandiego.edu/smokefree .