Chief Information Security Officer / Director of Information Security

Department Statement

Colgate University’s Information Technology Services ( ITS ) is a dynamic organization that serves the diverse technology needs of the university community. Comprised of several functional areas – Classrooms, Digital Media & Events; Data Analytics & Decision Support; Engagement & Support; Information Security; Learning & Applied Innovation; Services & Shared Infrastructure – ITS prides itself on exceptional customer service and building collaborative relationships to meet the unique needs of our liberal arts campus.

ITS endeavors to foster an inclusive environment that values diversity, professional development, creativity, and innovation to support the growth of individuals and the organization. Under the leadership of the CIO, ITS is embarking on a strategic planning process to align services and resources with several exciting new initiatives identified in Colgate’s Third Century Plan .

Colgate University’s Chief Information Security Officer/Director of Information Security is responsible for thought leadership, policy and practice development, and operational leadership around issues of data privacy and information security such as data compliance, business continuity, user awareness, incident response, operational security, etc. This position will reside in the office of the CIO and will report to the Chief Information Officer. Job title commensurate with experience.

Accountabilities

The Chief Information Security Officer / Director of Information Security participates in ITS strategic planning efforts to align with Colgate University’s mission, Third Century Plan, and the DEI commitment to grow and strengthen the Information Security at Colgate University.
Specific Accountabilities include but are not limited to:
Maintaining an expert level of understanding of higher ed trends and the work of faculty, students, and staff that ensures a secure technology environment that enables creativity and success.;

Maintaining a comprehensive working knowledge of federal, state, local laws and regulations, and industry standards (together in this document referred to as Laws and Regulations), where compliance requires specific data or information security policies, practices, reporting, or audits. These Laws and Regulations include, but are not limited to, HIPAA, FERPA, Higher Education Opportunity Act ( HEOA ), CCPA, GDPR, PCI DSS .

Maintaining and continuing growth of the University’s identity and access management initiatives.

Developing detailed procedures for system access and permissions to support auditing and detection of compliance issues;
Developing effective procedures for regular system and server patches and vulnerability management, based on university best practices.

Advising on the effective use of network security equipment, including firewalls and intrusion protection systems.

Maintaining expert-level knowledge of Cloud infrastructures, including IAAS, PAAS, and SAAS, and help the University maintain a secure cloud presence.

Developing and delivering user-friendly training for end-users, data stewards, system administrators, and others as required in support of the above.

Establishing benchmarks and tracking metrics that reflect the effectiveness of University data and information security policy and practice and provide feedback for future development opportunities.

Conducting periodic security audits of the IT environment, develop reports, document results, recommend changes, supervision of implementation plans.

Lead the development, maintenance, and annual evaluation of incident response, including forensics and investigations in the event of a data breach or incident, as well as business continuity and disaster recovery plans.

Participate in University-wide working groups and committees representing and advocating for the interests of a secure and private data environment.

Represent the University as a participant of institutional security collaborations ( REN - ISAC, Higher Education Information Security Council, NY 6, etc.).

Maintaining a working knowledge and technical understanding of the interrelationships and interdependencies between and among the systems, services, and products provided and supported by ITS .

Professional Experience/ Qualifications

Professional experience and a record of success in the accountabilities of the position.

Technical proficiency in enterprise systems and infrastructure sufficient to credibly work with technical staff to implement security policies and practices.

Excellent communication skills.

Ability to work both independently and within a team. Willing to collaborate, share ideas openly, and learn.

Must be capable of working tactfully and collegially with a diverse group of faculty, staff, and students on a regular basis.

Preferred Qualifications

Experience in a higher education setting.

One or more applicable Information Security certifications such as Certified Information Systems Security Professional ( CISSP ).

Education

A minimum of a Bachelor’s Degree in Information Technology, or a related degree preferred, or a combination of education and experience from which comparable skills are attained.

Job Open Date 10/13/2020 Job Close Date Open Until Filled Yes Special Instructions Summary EEO Statement

It is the policy of Colgate University not to discriminate against any employee or applicant for employment on the basis of their race, color, creed, religion, age, sex, pregnancy, national origin, marital status, disability, protected Veterans status, sexual orientation, gender identity or expression, genetic information, being or having been victims of domestic violence or stalking, familial status, or any other categories covered by law. Colgate is an Equal Opportunity/Affirmative Action employer. Candidates from historically underrepresented groups, women, persons with disabilities, and protected veterans are encouraged to apply.

For more information, click the "How to Apply" button.