499435 - Information Security Officer

499435 - Information Security Officer

Classificaiton: Administrator II-Range A
Department: IT-Information Security
Sub-Division: Information Technology
Salary Range: Salary commensurate with experience and qualifications
Appointment Type: At Will
Time Base: Full-Time
Work Schedule: Monday - Friday, 8:00 AM - 5:00 PM

About CSUF:
Founded in 1957, California State University, Fullerton is a leading campus of the California State University system, serving as an intellectual and cultural center for Southern California and a driver of workforce and economic development. The California State University (CSU) is the largest four-year university system in the United States, with 23 campuses, 53,000 faculty and staff, and 482,000 students. The mission of the CSU is to provide high-quality, affordable education to meet the ever-changing needs of California. With its commitment to quality, opportunity, and student success, the CSU is renowned for superb teaching, innovative research, and for producing job-ready graduates. Each year, the CSU awards more than 125,000 degrees; one in every 20 Americans holding a college degree is a graduate of the CSU.

The campus launched its new strategic plan in 2018. The ambitious goals put forth in the plan and the collective moxie to achieve them also gave rise to three powerful words that have since become the spirit by which faculty, staff, students, and alumni work, study, and play: Titans Reach Higher. That theme - and the diverse campus community that make it a reality - is the driving force for the current five-year Strategic Plan (2018-2023), which is focused on the following goals:

• Providing a transformative educational experience and environment for all students
• Strengthening opportunities for student completion and graduation
• Recruiting and retaining a high-quality and diverse faculty and staff
• Expanding and strengthening our financial and physical capacity

President Framroze “Fram” Virjee has led Cal State Fullerton since January 2018. Previously, he served as the executive vice chancellor and general counsel for the California State University Chancellor’s Office and all 23 campuses of the CSU system, and was a partner at O’Melveny & Myers, one of the largest law firms in the nation. President Virjee received a J.D. from the University of California, Hastings College of Law and a bachelor’s degree from the University of California, Santa Barbara.


Job Summary:
California State University, Fullerton (Cal State Fullerton or CSUF) seeks a collaborative Information Security Officer to serve as a deft leader, managing the information security program, information security operations, and overseeing training and staff development. The Information Security Officer (ISO) will be reach out to develop relationships across campus, serving as an educator and trainer and ensuring constituents feel well supported and well trained on issues of security and use. This person will engage outside the University as well, ensuring smooth collaboration and execution of needed projects and endeavors to improve and enhance security at Cal State Fullerton. Reporting to the Associate Vice President for Information Technology/Academic Technology Services, the ISO will join a deeply collaborative and diverse division on a tech-oriented campus.

A list of the essential and preferred qualifications for the ISO can be found at the conclusion of this document, which was prepared by the search committee with the assistance of Isaacson, Miller, a national executive search firm, to provide background information and detail the key opportunities and challenges related to the position. All confidential applications, inquiries, and nominations should be directed to the parties listed at the conclusion of this document.

About the Division of Information Technology
The Division of Information Technology plays a significant role at Cal State Fullerton. Employees understand the challenges that face CSUF's faculty, staff, and students and continuously strive to produce a higher quality of services designed to meet the expectations of the campus community. It has partnered with other divisions to fully integrate technology into regular campus operations and to ensure that the services, equipment, and software applications we provide are custom to needs of each area.

The Division of Information Technology strives to be a strategic, innovative and best‐in‐class IT organization that provides a leading‐edge technology environment for students, faculty and staff to advance the University's mission, vision and goals. It empowers CSUF's students to become digital citizens and to utilize immersive technology in curricular and co-curricular instruction. The Division seeks to advance the vision and goals of the University by contributing to educational innovation and providing agile, cost‐effective, and reliable technology services and facilities to our campus community.

Details of the IT Strategic Plan 2019-2023, developed through consultative engagement with the campus community and aligned with the University's strategic plan, can be found here: https://www.fullerton.edu/it_planning/

The Division of IT is dedicated to Diversity, Equity, and Inclusion (DEI), and has set forth diversity goals, which are constantly monitored and evaluated, to improve practices in managing DEI.

Dr. Amir Dabirian - a graduate of CSUF - has been the Vice President for the Division of Information Technology and Chief Information Officer for the University since 2008, overseeing all enterprise services of IT in support of the University's mission and strategic plan.

This position reports directly to Berhanu Tadesse, Associate Vice President for Information Technology/Academic Technology Services. At CSU Fullerton his responsibilities include audio visual project management and audio visual technology support; college support services, classroom technology support and oversight of the information security office. Through collaborative efforts with different campus constituents, he has led the telephone systems upgrade, the institution of Digital Print Services in the library, the Data Center power and cooling upgrade, server and storage infrastructure upgrades, campus wired and wireless network infrastructure upgrade, the consolidation of servers into the campus Data Center, and the disaster recovery site setup for critical IT services at CSU Sacramento. These initiatives have resulted in improved availability of the mission critical services to the campus community. Prior to joining CSU Fullerton, he served as the Director of Infrastructure Services at the CSU Chancellor's Office. He came to the CSU after several years of technical management and leadership roles in private industry.

Role of the Information Security Officer

Reporting to the Associate Vice President for Information Technology/Academic Technology Services, the ISO is expected to split their time among management of the information security program (55%), information security operations (30%), training/staff development (10%), and other duties as assigned (5%). The ISO indirectly reports to the University's Chief Information Officer and is a member of the Information Technology Leadership Team.

The ISO will be responsible for administering security of all protected information collected, used, maintained, or released by the University as well as leading the development of information security strategies such as the development, implementation, and management of an information security management program for the entire University. The ISO will research and evaluate procedural and technical solutions that can be applied on the campus networks; manage the University's response to security incidents; and maintain configuration control of security devices and software applied to centralized network and systems supporting the University.

The ISO is responsible for providing recommendations to the CITO and implementing, as approved, the appropriate information security advisory groups, working committees, and task forces to add University information security issues and procedures. The ISO will be responsible for developing annual budget recommendations for training and capital expenses in compliance with the University's IT Strategic Plan in order that the ISO, IT Services staff, and the broader University community remain proficient in necessary skills and are knowledgeable on applicable information security technology.

The ISO will also serve as the IT representative to designated University and CSU committees in order to provide technical advice and professional consultation on security issues, policies, and procurements being considered. The ISO will serve as subject matter expert (SME) for security review of all IT procurements, and review new systems and platforms to that ensure the highest level of protection appropriate to use is included in purchasing and implementation planning.

Independent one year exercises will show considerable latitude in determining and achieving divisional and campus objectives on a day-to-day basis and how to meet established goals. The ISO will interpret, apply, and recommend modifications to the IT Division standards and campus policies as necessary. The ISO will lead the development, maintenance, and annual evaluation of incident response, including forensics and investigations in the event of a data breach or incident, as well as business continuity and disaster recovery plans, and will lead, conduct, or manage risk assessments.

Key Opportunities and Challenges for the ISO

The next ISO will build upon the Division's strengths, mission, and vision to support heightened services now and in the future. In doing so, the ISO will address the following opportunities and challenges:

Management of Information Security Program

• Recommend realistic preventive measures, respond to information security incidents, and plan for system upgrades or introduction of new systems to the network environment.
• Develop reports to keep University management apprised of information security threats and active attacks, incident response activities and planned equipment or software changes that could impact system and network performance and availability in order to minimize the impact on production system users.
• Provide for oversight of the implementation of an effective University network and computing asset protection mechanism to ensure stable and continuous operation of the University's mission-critical systems and applications.
• Define and become actively engaged in information security tasks in projects involving University services. Serve as point of contact within the division of Information Technology for security review of all new systems and platforms intended to be connected to the central network in order to ensure the highest level of protection appropriate to use is included in purchasing and implementation planning.
• Assess, report, and assist in the remediation of IT security vulnerabilities for University managed systems and applications that are part of Cal State Fullerton's purview.
• Work cooperatively with the University's Internal Audit staff, external CSU auditors or other security related contractors to address University information security issues.
• Collaborate with the University's legal counsels' office, Risk Management officer, and others within the University involved in protection of privacy of information.
• Lead, conduct, or manage risk assessments. Recommend to the University Chief Information and Technology Officer, and implement as approved, the appropriate information security advisory groups, working committees and task forces to address University information security issues and procedures.
• Develop annual budget recommendations for training and capital expenses in compliance with the University's IT Strategic Plan in order that the ISO, IT Services staff, and the broader University community remain proficient in necessary skills and are knowledgeable on applicable information security technology.
• Develop continuing relationships with security product vendors and consultants and recommend, as appropriate, partnerships.
• Serve as the IT representative to designated University and CSU committees in order to provide technical advice and professional consultation on security issues, policies, and procurements being considered.
• Independently exercise considerable latitude in determining and achieving divisional and campus objectives on a day-to-day basis and how to meet established goals.
• Consult with higher level management and develop and implement recommendations, policies, and operational procedures.
• Interpret, apply, and recommend modifications to the IT Division standards and campus policies as necessary.
• Lead the development, maintenance, and annual evaluation of incident response, including forensics and investigations in the event of a data breach or incident, as well as business continuity and disaster recovery plans.

Information Security Operations

• Coordinate on a continuous basis with appropriate management to schedule and review periodic audits of network and system activity.
• Coordinate directly with University representatives to develop a Security Awareness Program and an Incident Response capability.
• Coordinate with the Network Security & Telecommunications, Infrastructure, Enterprise Application and Internet Application Development and IT HelpDesk teams on procedures for technical staff to respond to information security events and incidents.
• Lead the vulnerability scanning, reporting and remediation efforts by collaborating with the Division of IT staff and campus constituents.
• Conducting periodic security audits of the IT environment, develop reports, document results, recommend changes, supervision of implementation plans.
• Serve as subject matter expert (SME) for security review of all IT procurements.
• Review new systems and platforms to that ensure the highest level of protection appropriate to use is included in purchasing and implementation planning.

Training/Staff Development

• Identify job related training requirements and, within budgetary constraints, accomplish that training through collaboration with other internal campus entities. This should be communicated by the development of a written
• information security training and development plan.
• Participate on external University in formation security committees as opportunities arise, as well as mentor campus constituents through the delivery of security presentations and seminars.
• Attend conferences, such as EDUCAUSE and other relevant University information security gatherings.
• Ensure that both the ISO and the information security staff maintain an aggressive continuing education program to maintain currency in their field. Document the information security related skill proficiency of network systems and network operations center employees and coordinate with appropriate managers to document as training may be identified and accomplished.
• Assist in the creation and revision of job descriptions and tasks related to information security for employees in IT and other department s to identify skills required to perform the tasks associated with each job and expected outcome of performance.
• Maintain a working knowledge of University network architecture and both central and departmental application servers in order to better understand the risk of system exposure.

Essential Qualifications:
The next ISO at CSUF will also possess many, if not all, of the following qualifications and characteristics.

• A four-year college degree and /or graduate degree in Computer Science or Information Systems Management from an accredited four-year institution.
• 10-15 years of experience in information technology, with at least 5 years of experience leading and supporting Information Security management program in an academic environment.
• At least 5 years of supervisory experience in an information technology role.
• Technical proficiency in enterprise systems and infrastructure sufficient to credibly work with technical staff to implement security policies and practices.
• Effective people management skills and appropriate leadership skills and behaviors.
• Change management and critical thinking skills.
• Ability to form and sustain alliances, including proven ability to work in a team environment.
• Effective interpersonal and communication skills, including effective oral and written communication skills. Must be capable of working tactfully and collegially with a diverse group of faculty, staff, and students on a regular basis.
• Knowledge of organizational structure, culture and processes.
• Skills in resource management and planning.
• CISSP Certification
• SSCP Certification
• CISM Certification

A background check (including a criminal records check) must be completed satisfactorily and is required for employment. CSU will make a conditional offer of employment, which may be rescinded if the background check reveals disqualifying information, and/or it is discovered that the candidate knowingly withheld or falsified information. Failure to satisfactorily complete the background check may affect the continued employment of a current CSU employee who was conditionally offered the position.


Preferred Qualifications:


Special Working Conditions:
Notice of Non-Discrimination on the Basis of Gender or Sex and Contact Information for Title IX Coordinator


Additional Information:
California State University, Fullerton celebrates all forms of diversity and is deeply committed to fostering an inclusive environment within which students, staff, administrators and faculty thrive. Individuals interested in advancing the University’s strategic diversity goals are strongly encouraged to apply. Reasonable accommodations will be provided for qualified applicants with disabilities who self-disclose.

The scope of responsibilities for this position includes the making or participating in the making of decisions that may have a material financial benefit on the incumbent. Therefore, you will be required to file an initial “Conflict of Interest Form 700: Statement of Economic Interests” within thirty (30) days from date of hire and on an annual basis; and complete the CSU sponsored ethics on-line training within thirty (30) days of appointment, and at least once during each consecutive period of two calendar years following the appointment.

The person holding this position is considered a mandated reporter under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 as a condition of employment.

Multiple positions may be hired from this recruitment based on the strength of the applicant pool.

If you are applying for a staff position, please note that you are not eligible to work concurrently in a staff position and an Academic Student position such as Graduate Assistant, Teaching Associate, Instructional Student Assistant or a Student Assistant position.

Regular attendance is considered an essential job function.

Employee/applicant who submits an application for a position may be required to successfully complete job related performance test(s) as part of the selection process.

Online application/resume must be received by electronic submission on the final filing date by 9:00 PM (Pacific Standard Time)/midnight (Eastern Standard Time). Applicants who fail to complete all sections of the online application form will be disqualified from consideration.

California State University, Fullerton is not a sponsoring agency for staff or management positions (i.e. H1-B Visas).

Applications, Inquiries, and Nominations

Screening of complete applications will begin immediately and continue until the completion of the search process. Inquiries, applications, nominations, and referrals should be sent via the Isaacson, Miller website for the search: www.imsearch.com/7845. Complete applications will include a resume, cover letter, and diversity statement that demonstrates your past and present contributions to, and future aspirations for, promoting diversity, equity, inclusion, and antiracism in your professional career. The purpose of the diversity statement is to help identify candidates who have professional experience, intellectual commitments, and/or willingness to engage in activities that could help CSUF contribute to its mission in these areas.



Dan Rodas & Emily Chiswick-Patterson Isaacson, Miller

1000 Sansome Street, Suite 300 San Francisco, CA 94111

California State University Fullerton celebrates all forms of diversity and is deeply committed to fostering an inclusive environment within which students, staff, administrators, and faculty thrive. Individuals interested in advancing the University’s strategic diversity goals are strongly encouraged to apply. Reasonable accommodations will be provided for qualified applicants with disabilities who self-disclose.


Application Deadline: Apr 29, 2021 (9:00 PM)

Apply online at: https://careers.pageuppeople.com/873/fl/en-us/job/499435/499435-information-security-officer

jeid-cc75c8d749ae7e48a9e13d81a89a4618