The Information Security Officer (ISO) is responsible for leading the College's security strategy, program oversight, and architecture development, working in collaboration with key constituencies to create a safe and secure information environment. The ISO directs the management of data; identifies and minimizes data and cyber risks; and proposes and helps implement technology solutions, crisis management, third party data arrangements, and compliance efforts relative to applicable data privacy and confidentiality laws and regulations. The ISO guides the development of information and cybersecurity technical architecture, security standards, controls, procedures, and guidelines for systems, platforms, applications, and networks, especially regarding cloud technologies, and mobile and hosted environments to deliver programs and services that enhance teaching, learning, research, and the student experience.
Develop and maintain appropriate data/information security policies, standards, procedures and organizational awareness/programs relative to the Information Security and Cybersecurity of the College and its subsidiaries. Work with the Office of General Counsel as well as business units and College leaders to implement practices that meet defined policies and standards for information security, PCI, FERPA, GDPR, and other applicable laws and regulations etc.
Provide strategic and tactical security guidance for proposed projects, including evaluation and recommendation of technical controls.
Regularly identify, assess, and prioritize IT risks to data and systems, including internal/external threats, cyber-crimes, and third-party risks. Advise relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.
Work closely with the College's cloud-managed solution providers and in-house IT staff to ensure that technological, administrative, and procedural controls and policies meet all data security requirements.
Prepare for, and participate in, periodic organization compliance assessments.
Work closely General Counsel and Risk Management to establish, maintain, and monitor activities that assure an acceptable level of risk for the organization.
Maintain a robust information security incident management program to ensure, insofar as possible, the prevention, detection, containment, and correction/recurrence of security breaches.
Act as a lead participant in the resolution of problems concerning security violations.
Perform regular physical and system information security testing, including clean desk policy, social engineering testing, vulnerability, and penetration testing. Conduct network, system, and application vulnerability scanning, configuration assessment, and remediation. Periodically report results to the College's senior leadership team or designated committee.
Maintain awareness of, and manage, the College's compliance with the regulatory environment, including monitoring new developments in Federal and State regulations applying to data privacy, the protection of personally identifiable information and cybersecurity, and maintaining the College's data privacy statement.
Assist the management team in reviewing information and cyber security related due diligence documentation to ensure appropriate third-party security measures are in place.
Serve as a member of the ITSD Change Control Board with approval authority.
Manage College-wide information security awareness and IT security training programs.
Participate in the development of the College's application Systems Design and Life Cycle (SDLC) plan; ensure that systems and services meet the requirements of the College's security plan.
Stay current on IT security technologies, trends, and threat landscape.
Keep the CIO apprised of current security posture including vulnerabilities or threats to Babson's IT assets.
Manage relationships with vendors as appropriate; help negotiate security terms into contracts with the College's legal team.
Assume additional responsibilities as required.
Minimum Level of Education Required BS degree in Computer Science, cybersecurity, or a related technical field; or extensive cybersecurity experience.
Position Knowledge/Skills & Abilities Requirements:
10+ years of experience with increasing levels of responsibility in a combination of risk management, information security, and information technology. At least 4 years in a senior leadership role and 5 years of cybersecurity experience.
Demonstrated experience with security tools such as SIEM, EDR, IAM, etc., and vulnerability scanning and auditing tools and processes.
Ability to identify trends that inform the broader cybersecurity strategy.
Ability to excel with minimal direct supervision; to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
Demonstrated expertise with security considerations for enterprise-level technologies such as Office365/Exchange, Salesforce, Windows Server, Active Directory, Google Apps, CMS (Drupal, WordPress, Terminalfour), Application Servers (Java, PHP, IIS), file and printer sharing, DNS, etc.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
Strong analytical, customer service, and problem-solving skills. Must be able to appropriately handle sensitive data and material.
Desire to learn and translate that learning into appropriate solutions for the College.
Proven track record and experience in developing information security policies and procedures, as well as the ability to successfully execute programs that meet the College's objectives of excellence in a dynamic environment.
Ability to work independently to solve problems; look for opportunities to take on responsibility.
Envisions and proposes new methods to perform tasks that support ET&A; takes thoughtful risks; and accepts new and ongoing initiatives, objectives, and solutions to gain sought-after results.
Anticipates and embraces change; demonstrates willingness to achieve, acquire, and utilize new skills and challenging tasks; and is flexible in changing conditions.
Occasional nights/weekends when issues arise.
Additional Experience, Skills & Abilities:
Experience and familiarity with multiple operating systems such as Windows Server 2016, Windows 10, Red Hat Enterprise Linux, Ubuntu, Mac, etc.
We are an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity,national origin, disability, veteran status,or any otherprotected characteristic. The EEO is the Law poster is available here. Babson College is committed to enhancing diversity and inclusion across all levels of the College. Candidates who believe they can contribute to this value are strongly encouraged to apply.
Internal Number: 122750076
About Babson College
At Babson, we believe that entrepreneurship is applicable?and crucial?in organizations of all types and sizes, in established businesses as well as new ventures. Today, teams, divisions, and whole enterprises are striving to be more entrepreneurial. Furthermore, entrepreneurial thought and action are happening at all levels of an organization, where collaboration complements top-down leadership.Babson College was the first to understand that thinking and acting entrepreneurially is more than just an inclination. Rather, it can be taught. And we do it better than anyone.