Develops and delivers a comprehensive information security and privacy program for the institution(s). Includes information in electronic, print, and other formats to assure that information created, acquired, or maintained by the university and its authorized users is used in accordance with its intended purpose to protect university information and its infrastructure from external or internal threats and to assure that campus complies with statutory and regulatory requirements regarding information access, security, and privacy.
UWRF Expanded Description:
Under general direction of the CIO at UWRF with input from the CIO at UW-Superior. This position will report to UWRF but is expected to conduct all duties and responsibilities of the position equally amongst the two campuses. This position is responsible for research, development, implementation and ongoing monitoring of IT security and regulatory compliance policies, controls, programs and facilities, including the development and maintenance of a comprehensive Information Security Assurance Program that encompasses awareness, training, risk assessment and mitigation, incident response and disaster recovery and business continuity.
This position also establishes an overall framework for IT policy development as well as performing or overseeing the actual research, development, and implementation of IT policies to ensure effective and efficient IT operations and compliance with applicable laws and regulations governing University data and IT operations.
This position is a full-time position with 50% appointment to UW-River Falls and 50% appointment to UW-Superior. While work and regulations will be similar, each campus is independent and policies and procedures in some cases may be unique at each campus. Each campus will expect the CISO to work from on-site during information security incidents as needed. The home campus for this position will be UW-River Falls and the employment policies of that campus will apply to this position.
Global universities and their information security threats never sleep, there may be a need for this position to be an information security response leader while working outside of normal business hours including nights, weekends, and holidays.
This position will be considered for scheduling flexibility to work in a hybrid capacity based on staffing and business need.
· Bachelor's Degree in Information Security, Computer Science, Management Information Systems, Business, or a related field.
· Minimum of 3 years progressively increasing responsibility in an IT policy, IT security or IT governance role preferably in a higher-education setting.
· Must hold, or be able to obtain within six months of hire, a management-oriented security certification (e.g., CISSP, CISM or GSEC).
· Knowledge of networking technologies including network security technologies including firewalls, VPN, network intrusion detection / prevention and related systems.
· Strong knowledge of IT security practices, application development and operational frameworks such as Incommon Assurance, NIST CyberSecuity Framework, ISO/IEC 27001 Security Framework, Open Web Application Security Project (OWASP) practices or Control Objectives for Information and Related Technologies COBIT.
· Strong knowledge of data and security regulations and their application in Higher Education, including FERPA, HIPAA-HITECH, PCI, GLBA, FTC's Red Flags Rule, GDPR, CJIS, WI Statute 134.98 and other applicable regulations.
· Ability in leading an Information Security Response team including triage of daily operational events and leadership of incident management teams including the ability to drive coordination with organizational management in a corelated response.
· Ability to lead internal and external regulatory self-assessment, audit and compliance response teams, to coach team members in providing responses in a truthful and coordinated manner while ensuring not to increase the risk profile for the institution.
· Ability to implement organizational change while utilizing IT project management principles, processes and methodologies.
· Strong ability to form and lead cross-functional teams in implementing process and organizational change.
· Ability to form strong business partnerships across distinct campus departments and business units.
· Ability to articulate strategy and vision and present plans, proposals and issues to executive management.
· Ability to manage multiple competing priorities and remain calm and focused in high-pressure situations.
· Ability to be self-directed under a general supervision by the two Chief Information Officers at two separate and distinct institutions. Ability to mitigate conflicting priorities and to decrease redundancy between the organizations while developing gained efficiencies of scale between the two organizations (do once, repeat results.) Account for time and provide written reports of activities to the organizations.
· Strong knowledge of current information security risks and threats as they apply to higher education institutions.
Preferred Knowledge, Skills and Abilities:
· 5 or more years progressively increasing responsibility in an IT policy, IT security or IT governance role preferably in a higher-education setting.
· Direct career building hands on background in software application development, system and service management or network administration as a foundation builder to a technical foundation.
· Direct career building involvement in management and business analysis of an organization, including financial, human resources and strategic decision-making process to establish a firm management foundation.
· Direct, recent experience with policy or compliance relating to data regulations such as FERPA, PCI, HIPAA, GLBA and/or PCI.
· Experience working independently to conduct technical investigations with diverse constituents, providing detailed written reports and presentations.
· Knowledge in the application of Wisconsin Open Records law regarding data set development in response to open records request. Ability to work with UW System Legal Counsel in response to civil or criminal subpoena and warrants for information served to the organization.
· Knowledge of systems logging and monitoring applications, including custom query and reporting development for creation of dashboards for security personnel, IT leadership and senior organizational management.
· Strong knowledge of business disaster preparedness, disaster recovery and business continuity principles, concepts, technologies and architectures.
· Strong knowledge of IT governance and service management frame works such as Microsoft Operational Framework (MOF) or ITILv3.
· Ability to foster a working relationship with law enforcement to serve as an advisor to them when required and to work with them as needed in criminal investigations.
Special Instructions to Applicants:
Applicants are required to apply online. UWRF will not consider paper, emailed or faxed applications. Applicants are required to provide:
Letter of interest specifying qualifications and experience (cover letter)
Names, addresses, telephone numbers and email addresses of at least three references who can specifically comment upon your professional experience in relation to this position (references)
Inquiries should be addressed to: Joseph Kmiech, Search Chair and Hiring Manager
Deadline to Apply: Initial review of applications will begin upon receipt. For full consideration, applicants should submit all required materials by September 29, 2022.
UW-River Falls does not offer H-1B or other work authorization visa sponsorship for this position. Candidates must be legally authorized to work in the United States at the time of hire and maintain work authorization throughout the employment term. If you have questions regarding this, please contact Human Resources at 715-425-4941.