Information Security Officer - Framingham State University
Framingham State University
Location: Framingham, Massachusetts
Type: Full Time
Location: Framingham, MA Category: Staff Posted On: Mon Aug 22 2022 Job Description:
GENERAL STATEMENT OF DUTIES:
The Information Security Officer is a member of the leadership team within the Information Technology Services (ITS) organization with responsibility for the comprehensive information security program. This includes (but is not limited to); the review, evaluation, and implementation of controls to reduce the overall risks associated with information that is under the stewardship of the University, related technological infrastructure, and third-party product or service providers. This position also administers information security training and awareness programs. Responsibilities include the monitoring, investigation, response, and remediation of vulnerabilities, threats, and breaches of Framingham State's cybersecurity as may be necessary. The Information Security Officer also proposes, drafts, and maintains all documented security policies and procedures designed to mitigate such risks.
The Information Security Officer plays an important role in formulating and executing strategies that contribute toward the University being a productive and enjoyable place to teach, learn and work. This includes (but is not limited to); ensuring generally accepted best practices for securing information and technological infrastructure are adopted by partnering with colleagues within ITS, users of Framingham State's information systems, other internal stakeholders, and vendors as part of the organization's objectives and improvement of IT services in support of Framingham State University's overall operations and strategic priorities.
Associate Vice President and Chief Information Officer
EXAMPLES OF SPECIFIC DUTIES AND RESPONSIBILITIES:
Leads the implementation of the controls, best practices, policies, and procedures as described or referred to in the University's Comprehensive Written Information Security Program (WISP)
Monitors changes in legislation related to cybersecurity and information security, and updates the University's Comprehensive WISP as needed.
Leads the development of annual and long-range security strategies, compliance goals, capability maturity models, performance metrics, reporting mechanisms, and program services that demonstrate measurable improvements to cybersecurity at the University over time.
Assumes responsibility for designated portions of the University's IT service offerings as the Service Owner and/or Process Manager and provides program and project management for assigned initiatives requiring a structured approach to defining a scope of work, resource planning and coordination, controlling costs, and mitigating risks.
Works with university leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements.
Coordinates and tracks all information technology and security-related assessments/audits including the scope of audits, colleges/units involved, timelines, auditing/assessing agencies, and outcomes. Works with auditors/assessors as appropriate to keep audit/assessment focus in scope, maintain excellent relationships with audit/assessment entities and provide a consistent perspective that continually puts the institution in its best light. Provides guidance, evaluation, and advocacy on audit responses. Handles the administration, planning, and coordination associated with follow-up to findings and recommendations from audits and assessments.
Develops a strategy for dealing with an increasing number of internal and external assessments, audits, and compliance checks.
Develops and administers designated budget allocations and serves as the assigned contract manager for agreements with third-party product and service providers.
Reviews contracts for departmental third-party product and service providers for appropriate and required information security and privacy protections.
Initiates and leads ongoing efforts to identify, inform and involve key stakeholders in the process of making joint decisions and engaging in productive collaborations with colleagues and constituents as part of managing the administration of policies, programs, and services.
Monitors areas of potential risk to information security, and cybersecurity more generally identify vulnerabilities and threats and takes appropriate action to help prevent, mitigate or remediate situations that might inflict financial, operational, or reputational damage to the University.
Periodically reviews and assesses logs, access controls, vulnerability scans, and patch management programs as required to ensure that documented standard operating procedures are consistent with best practice, up to date, and are being followed. Adjustments to standard operating procedures will be made as needed. Any/all findings will be noted, remediated, and reported.
Convenes a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise or situations that warrant attention in order to prevent or mitigate the risk of an incident occurring.
Convenes Ad Hoc Security Committee as appropriate and provides leadership for breach response and notification actions for the University.
Provides consultative guidance to members of academic and administrative departments as well as students on how to secure information, protect information technology, and employ generally accepted best practices for cybersecurity.
Works closely with the other colleagues within the University and third-party product and service providers to ensure supported information systems and technological infrastructure are compliant with federal, state, and industry regulations to protect institutional data, systems, personal information, and privacy.
Works closely with the other colleagues within the University and third-party product and service providers to maintain documentation of Framingham State's contingency and business continuity plans to ensure a defined scope of information technology services can be restored within agreed-upon timeframes in the event of a disaster or major cybersecurity incident.
Participate in local, regional, and national peer organizations to stay abreast of information security issues and regulatory changes affecting higher education at the state and national level.
Participate in national policy and practice discussions on information security and communicate to campus regularly about those topics.
Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Provides insights, consultative advice, and expertise as a contributing member of committees, task forces, and advisory groups charged with formulating University-wide strategies, setting operational objectives, instituting policies, and achieving goals associated with compliance, audits, and risk management.
Performs other duties as may be assigned by the Associate Vice President and Chief Information Officer.
Accountable for ensuring that affirmative action, equal opportunity, and diversity are integrally tied to all actions and decisions in areas of responsibility.
All of the work associated with the duties and responsibilities for this position is ordinarily performed at Framingham State's main campus, and may be done periodically from a remote location consistent with the conditional provisions specified within University's Telework Guidelines and in accordance with an approved Telework Agreement.
Academic credential of a Bachelor's degree
Excellent technical, organizational, planning, documentation, and communications skills
Project management experience
5+ years progressive experience in a computer-related field
Some degree of experience in policy and planning, compliance, and operations as described in the preceding section titled "Duties and Responsibilities"
Prior experience as an Information Security professional
Experience working for a College or University within Information Technology Services
Certifications and other credentials for Management of Information Security
This is a full-time, exempt, benefits-eligible position in the Association of Professional Administrators (APA) bargaining unit with an official title Director and a functional title of Information Security Officer. The salary range is $85,000 - $90,000.
It is the policy of Framingham State University that all employees be fully vaccinated against COVID-19, including booster if eligible, before they begin employment. Proof of the COVID-19 vaccine is required of all individuals hired by FSU, to be verified after a verbal offer of employment has been accepted, and before employment begins. Prospective employees may submit a request for a medical or religious exemption to the COVID-19 vaccination requirement to Human Resources. Furthermore, FSU employees must wear a mask inside certain campus spaces.
Framingham State University conducts criminal history and sexual offender record checks on recommended finalists prior to final employment for all positions.
Framingham State University is an equal opportunity/affirmative action employer.
Members of underrepresented groups, minorities, women, veterans, persons with disabilities, and all persons committed to diversity and inclusive excellence are strongly encouraged to apply.