Job Summary: The Deputy Information Security Officer will be responsible for office operations of the Information Security Office and assist the CISO with management of the Information Security Program. Collaborate, on behalf of the CISO, with key business and IT leaders to ensure information security compliance, to develop security policies, standards, procedures and action plans. Consult with senior IT and business leaders regarding their information security risks and responsibility in minimizing those risks. Must maintain reliable, up- to-date, information from the federal and local government and across the industry regarding identification of new threats and vulnerabilities. Manage the day to day operations and staff of the Information Security Office. Oversee the Information Security's GRC program. Develop metrics and status reports for the information security program and manage the coordination of state and UT System Reporting. Essential Duties: Departmental Leadership: Provide departmental leadership in the absence of the CISO. Represent the mission and interest of the Information Security Office on behalf of the CISO, including providing reports to senior management. Direct, plan, manage, and coordinate the day-to-day operations and budget of the Information Security Office. Governance, Risk and Compliance (GRC): Responsible for the management of UT Arlington's Security Governance, Risk and Compliance (GRC) program. Ensure that institutional risk assessments are completed. Oversee security reviews on all 3rd party vendors and cloud applications. Establish and monitor minimum security requirements for research and ensure the protection of intellectual property and research data. Implement or make effective use of GRC software. Assist the CISO in the development and management of security policies and procedures. Manage the policy exception process. Establish a reporting process to ensure that management is kept appraised of the effectiveness of information security program. Prepare periodic reports for the CISO, CFO, President, Executive Management, UT System and Texas DIR. Cybersecurity Oversight and Incident Response: Assist the CISO in the management of escalated security related issues and incidents. Monitor a variety of sources including government, industry or professional organizations for prevailing or emerging threats. Ensure required security controls are enforced on UT Arlington's security infrastructure including but not limited to firewalls, IPS/IDS, DLP, and cloud environments and that controls are effective. Identify vulnerabilities and ensure appropriate mitigation is occurring. Provide departmental leadership in the management of the Incident Response Plan. Oversee security controls testing, audit of systems, and threat hunting to detect emerging threats or vulnerabilities to our institution and escalate known risks to executive leadership. Provide departmental leadership in the management and execution of the Security Incident Response Plan. Security Project Management and Research Support: Assist the CISO with managing security projects to include those resulting from UT System initiatives or mandates. Architect or participate in the planning of IT projects involving or requiring information security. Work with Office of Information Technology server and network infrastructure groups to identify or develop security safeguards or solutions. Collaborate with the Office of Information Technology to ensure security configuration baselines are developed and implemented. Oversee support for research in the development and review of data management plans and technology control plans. Security Awareness: Oversee the development and presentation of information security awareness and security training within the various academic and administrative departments, and to the campus at large. Ensure that information security related alerts are disseminated in a timely manner. Provide leadership and coordination of the Information Security Administrator Program. Collaborate with centralized and decentralized IT stakeholders to promote improved information security practices and compliance. Other duties as assigned. Required Qualifications: Bachelor of Science in related field such as Computer Science, Management Information Systems, Information Science and Security, or related field. Bachelor degree in an unrelated field is acceptable with demonstrated information security knowledge and experience. A minimum of 7 years of progressively responsible and demonstrated information technology or information security work experience, including experience in designing, implementing, auditing and/or managing information resources, information security, or risk management projects, operations, and/or programs. Demonstrated experience with developing and maintaining information security policies and procedures. Extensive knowledge of and experience in information technology, information security and/or risk management. 2 years supervisory experience required. Experience supervising, coaching, and mentoring information technology professionals. Must have excellent interpersonal, verbal and written communication skills. Successful experience working, collaborating and establishing credibility and relationships with senior leadership, colleagues and customers. Ability to translate technical language to common language for non-technical users. Preferred Qualifications: Master’s degree in information technology or related field. Advanced information security certificates in one or more of the following: CISSP, GIAC/GSEC, CISA, CISM, GRISC, CGEIT, etc. Practical experience with implementing security frameworks, e.g. NIST 800 series, NIST CSF, ISO 20001, CIS Top 20. Experience in the protection of research data and intellectual property, implementing NIST 171 controls and/or familiarity with CMMC a plus. Technical experience in network administration, system administration, application development, database administration, and/or data center operations preferred Experience in the implementation of GRC strategies. Solid knowledge regarding risk management practices and GRC concepts and automation tools. Knowledgeable about information security risk management practices. Experience in higher education. Experience in Texas State government. Ability to devise strategies, organize work, coordinate work of collaborative groups, and oversee technical projects and staffs to achieve effective cost efficient solutions. Demonstrated experience with developing and providing an information security awareness and training program. Experience in assessing, managing as well as in negotiating vendor contracts and agreements with end users, service providers and regulatory agencies. Special Instructions: Applicants must include in their online resume the following information: 1) Employment history: name of company, period employed (from month/year to month/year), job title, summary of job duties and 2) Education: school name, degree type, and major. EEO Statement: UTA is an Equal Opportunity/Affirmative Action institution. Minorities, women, veterans and persons with disabilities are encouraged to apply. Additionally, the University prohibits discrimination in employment on the basis of sexual orientation. A criminal background check will be conducted on finalists. The UTA is a tobacco free campus. Open Until Filled: No Location: Ft. Worth |