Founded in 2005, Georgia Gwinnett College (GGC) is the 31st member of the University System of Georgia. GGC is a premier 21st century liberal arts institution accredited by the Southern Association of Colleges & Schools. With a current enrollment of over 11,000 students, enrollment is projected to exceed 13,000 students in 2016, including both residential and commuter students. Located in the greater Atlanta metropolitan area, GGC provides a student centered, technology-enriched learning environment. Gwinnett County (pop. 850,000+) is home to a variety of businesses, including organizations involved in health care, education and information technology.
Under the general direction of the CIO, the Director of Information Security/Chief Information Security Officer (CISO) is responsible for the development and delivery of a comprehensive information security and privacy program for Georgia Gwinnett College (GGC). The scope of this program is college-wide, and includes information in electronic, print and other formats. The purpose of this program is to ensure confidentiality, integrity, and availability of GGC’s information resources by: assuring that information created, acquired or maintained by GGC, and its authorized users, is used in accordance with its intended purpose; protecting GGC information and its infrastructure from external or internal threats, and assuring that GGC complies with statutory and regulatory requirements regarding information access, security and privacy.
Duties shall include:
- Coordinate the development of GGC information security policies, standards and procedures. Work with key IT offices, data custodians and governance groups in the development of such policies. Ensure that college policies support compliance with external requirements. Oversee the dissemination of policies, standards and procedures to the college community.
- Coordinate the development and delivery of an education and training program on information security and privacy matters for employees, other authorized users, and students.
- Assist with investigations of misuse of computing resources by employees and students. Serve as the college’s compliance officer with respect to GGC, state and federal information security policies and regulations. Work with the campus-designated FERPA, Records Access and HIPAA-privacy stewards on compliance issues as necessary. Prepare and submit required reports to external agencies.?
- Develop and implement an Incident Reporting and Response System to address GGC security incidents (breaches), respond to alleged policy violations, or complaints from external parties. Serve as the official campus contact point for information security, privacy and copyright infringement incidents, including relationships with law enforcement entities.?
- Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation, and oversee vulnerability testing. Ensure alignment and integration with the institutional risk management program.?
- Act as the CIO’s designee representing GGC on Information Security matters; serve as the campus contact point for external auditors and agencies, survey requests, etc. on security/privacy matters.?
- Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the GGC and its mission.?
- Take part in Campus Disaster Recovery/Business Continuity planning in support of emergency preparedness.
- Other duties as assigned.
SALARY: Commensurate with education and experience with excellent benefits.
Specific Knowledge, Skills, and Abilities:
- Excellent written and oral communication skills.
- Ability to develop and maintain policy.
- Ability to conduct compliance audits against IT security standards.
- Ability to properly handle evidence.
- Ability to use forensics technique to reconstruct security incidents.
- Ability to configure and monitor IDS/IPS tools.
- Ability to assess current security posture, utilizing tools such as Nessus.
- Ability to perform penetration testing.
- Bachelor’s degree in Computer Science, Information Technology, or closely related field of study or equivalent additional experience.
- Minimum of eight to 10 years of experience in a combination of risk management/information security, with at least two in a senior leadership role. (Employment history must demonstrate increasing levels of responsibility.)
- Experience in developing and administering an information security program is desirable.
- Working knowledge of and experience in the policy and regulatory environment of information security, especially in higher education is desirable.
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.
Due to the volume of applications, applicants may not receive a reply from the College unless an applicant is selected for an interview. Review of applications will continue until positions are filled. Hiring is contingent upon eligibility to work in the United States and proof of eligibility will be contemporaneously required upon acceptance of an employment offer. Any resulting employment offers are contingent upon successful completion of a background investigation, as determined by Georgia Gwinnett College in its sole discretion. Georgia Gwinnett College, a unit of the University System of Georgia, is an Affirmative Action/Equal Opportunity employer and does not discriminate on the basis of race, color, gender, national origin, age, disability, sexual orientation or religion. Georgia is an open records state.
Position requires local travel. Ability to lift and carry files and materials. Ability to move from one office to another office on campus. Adequate vision, hearing and manual dexterity to interact with people in person, on the phone and in writing. Job takes place in normal environmental conditions.