The Information Security Officer (ISO) works as a member of the Information & Technology Services (I&TS) leadership team led by the Chief Information Officer (CIO). The ISO’s primary responsibility is to lead the University in establishing and maintaining a university-wide information security program to ensure PLU’s information assets are adequately protected. This position reports to the Chief Information Officer.
The ISO joins a welcoming IT organization with a history of support for information security initiatives. As the first dedicated position focused on information security, the ISO will inherit the benefits of a campus-wide MFA deployment, innovative password lifecycle program, strong SSO architecture, and an active network segmentation effort. Other initiatives in development or planning include an overhauled backup architecture, expanding log management solution, expanding information security training program, and renewed IT asset and inventory management efforts.
Essential Functions and Responsibilities:
Develop, implement and maintain campus-wide information security plans and policies to ensure compliance with local, state and federal regulations and standards including vulnerability and risk assessments of technology infrastructure, tools and third party vendors.
Oversee university-wide information security training program.
Work together with fellow I&TS team members and other campus partners to ensure appropriate security measures are incorporated in daily tasks.
Collaborate with the Director of Risk Management in reviewing contract documentation for third party vendors ensuring data security measures are adequate and any PLU data shared is strictly protected.
Work with campus departments to ensure information security compliance with regulations and industry requirements (FERPA, GDPR, GLBA, PCI, etc.).
Hold primary responsibility for security and privacy incident investigation and mitigation. This includes evaluating, documenting actions taken and preparing recommendations for information security and privacy incidents.
Coordinate audit activities including collecting and preparing documentation. Research and propose mitigations for findings related to security and privacy.
Oversee creation and maintenance of Disaster Recovery & Business Continuity plans in conjunction with I&TS leadership.
Serve as lead for security/log monitoring/review/assessment.
Perform other duties as assigned.
In-depth knowledge of information security standards and regulatory requirements for higher education institutions. Including but not limited to GLBA, NIST, HECVAT, PCI, and FERPA.
Skills in developing information security policies, procedures and documentation.
Strong interpersonal skills and ability to effectively communicate with a range of audiences.
Knowledge of and commitment to diversity, equity, and inclusion.
Leadership experience with cross-team/department project management. Ability to lead project teams to desired outcomes.
Critical thinking and problem solving abilities when assessing and managing risk and complex problems.
Strong written and oral communication skills.
Five years of job-related experience. Education may substitute for some experience.
Experience in information security.
High school diploma or GED
Finalist applicants must satisfactorily complete a pre-employment background check
Bachelor’s degree in Information Security or related field.
Five years of experience in a higher education IT field ideally related to information security management, risk assessment, creation of documentation, etc.
Experience in higher education supporting students, faculty, and staff.
CISSP, CISM, GIAC, or similar security focused certification.