Assistant Vice President for Information Security

Vassar College

Assistant Vice President for Information Security & Data Privacy, Information Security Officer

Department: Computing & Information Services
Duration of Position: Full year / Full time
Work Schedule:
Employee Type: Administrator
Posting Date: 01/27/2021
Union Representation: Not Applicable
Posting Number: AS037P
Pay Rate:

About Vassar College
Located in the scenic Mid-Hudson Valley, Vassar College is a highly selective, residential, coeducational liberal arts college. Vassar is strongly committed to fostering a community that reflects the values of a liberal arts education and to promoting an environment of equality, inclusion and respect for difference. Vassar College is an affirmative action, equal opportunity employer, and applications from members of historically underrepresented groups are especially encouraged. Vassar College is a smoke-free, tobacco-free campus.

Position Summary and Responsibilities
Vassar is seeking an experienced information security professional to join the College as Assistant Vice President for Information Security & Data Privacy, Information Security Officer (ISO). As ISO, the AVP oversees the office of Information Security and is responsible for maintaining our framework of policies, procedures and outreach programs necessary to maintain confidentiality, integrity, and availability of information throughout the institution-while continuing to grow and improve Vassar's Information Security Program. The AVP also develops and implements plans and policies for maintaining the College's compliance with applicable data privacy regulations, such as EU GDPR, CCPA, and others.

Reporting to the Vice President for Technology & Human Resources, a member of the President's cabinet, the AVP and ISO will provide guidance to the college in all matters relating to information security and data privacy and, as such, may prepare and deliver reports from time to time to about the state of the College's information security and data privacy programs to the College's Senior Team and/or Board of Trustees.
Responsibilities:

• Maintain and enhance the college's information security (IS) and data privacy programs: devise and implement security standards, processes/procedures, and guidelines; conduct an ongoing IS risk assessment program that includes data privacy considerations; recommend and implement methods for vulnerability detection and remediation; maintain an information security awareness program to ensure personnel across the organization understand the trade-off between risk and return; coordinate with technology and business groups to assess, implement, and monitor IT-related security risks/hazards.
  
• Work with the college's IT department, College data custodians, and governance groups in the development of data- and security-specific policies, including data governance & handling, effectively balancing organizational effectiveness with security requirements; ensure that college policies support compliance with external requirements; oversee the dissemination of policies, standards and procedures to the community; periodically assess data handling to ensure compliance with relevant standards, rules, and regulations.
  
• Establish annual and long-range security and privacy compliance goals, coordinating as appropriate with college and external partners (incl. Insurance companies, legal counsel, external advisors, and other vendor partners as needed); define security and privacy strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements; propose associated budgets to fund information security and privacy program needs.
  
• Coordinate and directly participate in responding to information security incidents, including data exposures, electronic scams, data breaches, and attacks; maintain a quality, up-to-date incident response plan to guide action in such incidents; document incident response, coordinating as appropriate with college and external partners (incl. Insurance companies, legal counsel, external advisors, and other vendor partners as needed); represent Vassar as needed in committees and consortiums associated with data management, emergency planning, and/or crisis response; maintain 24×7 on-call support coverage for participation as needed in information security incidents that may occur.
  
• Manage vendor relationships to enhance the college's information security posture and optimize benefits received for costs incurred. Review maintenance contracts for IS-related hardware and software, and make recommendations for change as appropriate; determine sourcing and vendor-supported operations strategies that balance needs for privacy, reliability, and customization with cost optimization and efficiency.
  
  

Qualifications

• Bachelor’s degree required, CISSP certification (or equivalent, including relevant graduate degree) preferred.
  
• 7+ years relevant experience, with a minimum of 3 years of successful management-level experience in a service-oriented technology environment.
  
• Established track record of successfully introducing organizational change to mitigate security risk and/or proactively improve enterprise information security.
  
• Demonstrated, in-depth knowledge of both technologies relevant to information security and systems inherent to academic and administrative operations of a college, university, or relevant enterprise.
  
• Strong interpersonal and written communication skills, with the ability to present both technical and non-technical ideas to a diverse groups of students, faculty, and other employees, and to present risks and propose initiatives and budget requests to executive audiences.

Special Instructions to Applicants
To complete your online application, you will be required to attach your resume, cover letter, and contact information for 3 professional references. All attachments must be in PDF format. Review of applications will begin immediately. If you have any questions, please contact Human Resources, 845-437-5820.

For full consideration applicants should apply by:

All applicants must apply online at: https://employment.vassar.edu/postings/1741.



jeid-d55f902e26424b448393a201b3a2a1db