The Information Security Officer (ISO), under the general direction of the CIO, is responsible for the planning, development, implementation, and delivery of a comprehensive information security program for Lewis and Clark. The scope of the program is institution-wide, applies to the College of Arts, Graduate School of Counseling and the School of Law, and includes information in electronic, print and other formats. The ISO also manages operational security service development and deployment in addition to investigative workloads associated with network, system, application security and forensic activities. The ISO is responsible for the information systems integrity, reliability and accessibility while protecting and defending against unauthorized access to systems, networks, and data.
The purposes of this program are to establish protocols governing the usage of information created, acquired or maintained by Lewis & Clark, its authorized users, be in accordance with its intended purpose; to protect Lewis & Clark information and its infrastructure from external or internal threats; and to facilitate compliance with statutory and regulatory requirements regarding information access, security and privacy for the College.
Diversity Statement (details in application process)
DESCRIPTION OF DUTIES & RESPONSIBILITIES
Information/Infrastructure Security (25%)
Protect the College's information and infrastructure from external or internal threats.
Recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.
Act as the CIO's designee representing the College on information security matters.
Serve as the campus DMCA agent and respond to copyright infringement notifications.
Lead projects for IT security-related initiatives.
Recommend planning and budgeting for network infrastructure, information security, and disaster recovery including recommending hardware, software and professional services.
Manage operational security, analyze business processes on campus for information security issues and develop solutions to address issues.
Work with IT and non-IT offices, business units, and management to handle data securely and in accordance with industry best practices.
Compliance Issues (25%)
Ensure that College policies support compliance with external and/or regulatory requirements.
Serve as subject matter expert for information security related laws and review third party software contracts.
Work with campus departments on compliance issues as necessary (FERPA, HIPAA, USPATRIOT, CALEA, HEOA, etc.).
Serve as the official campus contact point for information security and privacy incidents.
Program/Policy Development & Training (25%))
Plan, develop and deliver a comprehensive information security program for the institution.
Develop and implement institutional security policies and programs targeting security and privacy.
Develop and implement an ongoing risk assessment program targeting information security and privacy matters.
Develop and deliver an information awareness/training program on information security and privacy matters for students, faculty, staff and other authorized users.
Develop and implement identity and access management.
Subject Matter Expertise (25%)
Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the College and its mission.
Maintain certifications, continuing education credits (CPE's) and professionally mentor others as needed.
Serve as the campus contact point for external auditors and agencies, survey requests.
Bachelor's degree in computer science, information technology, or a related discipline.
5 years of relevant Information Security experience.
Curiosity, a proactive approach, and a command of governance and risk compliance.
Ability to understand all threats, external and internal to the digital information that is created, acquired, and maintained by the College.
Ability to write policies, design programs, perform planning, design IT security architecture, incident response, IT security systems management and security awareness training, lead projects, manage contract, review/modify third party contracts, manage vendor relationships, recommend purchases, provide expert analysis and advice to campus community.
High level conceptual vision and experience with the flow and lifecycle of an account or identity.
Master's degree in computer science, information technology, or a related discipline.
7 years of relevant Information Security experience.
2 years experience with Systems/Network Administration.
1 year experience with Programming.
GSEC/GIAC (Global Information Assurance Certification) Security Essential Certification.
GSIP/GIAC (Global Information Assurance Certification) Information Security Professional.
CISM (Certified Information Systems Manager).
CIPP (Certified Information Privacy Professional).
CISSP (Certified Information Systems Security Professional) Certification.
Benefits Eligible: YES
Commensurate with Experience
Internal Number: R-001967
About Lewis & Clark College
Lewis & Clark is a private institution with a public conscience, a residential campus with global reach. Students and faculty throughout all three of Lewis & Clark’s schools—the undergraduate College of Arts and Sciences, the Graduate School of Education and Counseling, and the School of Law—pursue new ways of knowing by combining classic liberal learning with pioneering collaboration.
Our students represent the next generation of global thinkers and leaders, unafraid to discard conventional thinking, civic complacency, and outmoded preconceptions. Yet they value what Lewis & Clark offers: an education built from the time-tested elements of careful study, original research, and spirited debate.