Information Security Officer

Lewis and Clark College
Oregon, United States
Salary Not Specified
May 27, 2021
Employment Type
Full Time
Attention Current Lewis & Clark College Employees: In order to apply for posted positions, please close this window and log into Workday and click on Talent and Performance to apply internally.
Working at Lewis & Clark College

The campus is located on 137 acres of beautifully landscaped grounds in Portland’s southwest hills. Our strong commitment to sustainability is reinforced through recycling programs, energy conservation, alternative transportation options, and farm to fork initiatives. For benefit-eligible positions, we offer a competitive benefits package that includes options for health, dental, vision, tuition, life insurance, retirement and more.

Lewis & Clark College is committed to achieving a diverse workforce. Candidates from diverse backgrounds are encouraged to apply. All qualified applicants will receive consideration for employment without regard to status as a protected veteran or a qualified individual with a disability, or other protected status, such as race, religion, color, national origin, sex, gender identity, sexual orientation, marital status or age.


The Information Security Officer (ISO), under the general direction of the CIO, is responsible for the planning, development, implementation, and delivery of a comprehensive information security program for Lewis and Clark. The scope of the program is institution-wide, applies to the College of Arts, Graduate School of Counseling and the School of Law, and includes information in electronic, print and other formats. The ISO also manages operational security service development and deployment in addition to investigative workloads associated with network, system, application security and forensic activities. The ISO is responsible for the information systems integrity, reliability and accessibility while protecting and defending against unauthorized access to systems, networks, and data.

The purposes of this program are to establish protocols governing the usage of information created, acquired or maintained by Lewis & Clark, its authorized users, be in accordance with its intended purpose; to protect Lewis & Clark information and its infrastructure from external or internal threats; and to facilitate compliance with statutory and regulatory requirements regarding information access, security and privacy for the College.

Application Requirements:

  • Resume

  • Cover Letter

  • Diversity Statement (details in application process)


Information/Infrastructure Security (25%)

  • Protect the College's information and infrastructure from external or internal threats.

  • Recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.

  • Act as the CIO's designee representing the College on information security matters.

  • Serve as the campus DMCA agent and respond to copyright infringement notifications.

  • Lead projects for IT security-related initiatives.

  • Recommend planning and budgeting for network infrastructure, information security, and disaster recovery including recommending hardware, software and professional services.

  • Manage operational security, analyze business processes on campus for information security issues and develop solutions to address issues.

  • Work with IT and non-IT offices, business units, and management to handle data securely and in accordance with industry best practices.

Compliance Issues (25%)

  • Ensure that College policies support compliance with external and/or regulatory requirements.

  • Serve as subject matter expert for information security related laws and review third party software contracts.

  • Work with campus departments on compliance issues as necessary (FERPA, HIPAA, USPATRIOT, CALEA, HEOA, etc.).

  • Serve as the official campus contact point for information security and privacy incidents.

Program/Policy Development & Training (25%))

  • Plan, develop and deliver a comprehensive information security program for the institution.

  • Develop and implement institutional security policies and programs targeting security and privacy.

  • Develop and implement an ongoing risk assessment program targeting information security and privacy matters.

  • Develop and deliver an information awareness/training program on information security and privacy matters for students, faculty, staff and other authorized users.

  • Develop and implement identity and access management.

Subject Matter Expertise (25%)

  • Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the College and its mission.

  • Maintain certifications, continuing education credits (CPE's) and professionally mentor others as needed.

  • Serve as the campus contact point for external auditors and agencies, survey requests.


  • Bachelor's degree in computer science, information technology, or a related discipline.

  • 5 years of relevant Information Security experience.

  • Curiosity, a proactive approach, and a command of governance and risk compliance.

  • Ability to understand all threats, external and internal to the digital information that is created, acquired, and maintained by the College.

  • Ability to write policies, design programs, perform planning, design IT security architecture, incident response, IT security systems management and security awareness training, lead projects, manage contract, review/modify third party contracts, manage vendor relationships, recommend purchases, provide expert analysis and advice to campus community.

  • High level conceptual vision and experience with the flow and lifecycle of an account or identity.


  • Master's degree in computer science, information technology, or a related discipline.

  • 7 years of relevant Information Security experience.

  • 2 years experience with Systems/Network Administration.

  • 1 year experience with Programming.

  • GSEC/GIAC (Global Information Assurance Certification) Security Essential Certification.

  • GSIP/GIAC (Global Information Assurance Certification) Information Security Professional.

  • CISM (Certified Information Systems Manager).

  • CIPP (Certified Information Privacy Professional).

  • CISSP (Certified Information Systems Security Professional) Certification.

  • 37.5 hrs/week

  • Full-Time

  • Benefits Eligible: YES

  • Commensurate with Experience

Directions for Cover Letter

Please upload your cover letter on the My Experience screen in the resume section.

Lewis & Clark College adheres to a nondiscriminatory policy with respect to educational programs, activities, employment, and admission. We do not discriminate on the basis of actual or perceived race, color, sex, religion, age, marital status, national origin, the presence of any physical or sensory disability, veteran status, sexual orientation, gender identity, gender expression, or any other basis prohibited by applicable federal, state, and local laws. The Associate Vice President of Human Resources has been designated to handle inquiries regarding employment- and disability-related non-discrimination policies. Title IX inquiries may be directed to the Title IX coordinator or deputy Title IX coordinators

( ).

Reasonable Accommodation

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

Background Check

Lewis & Clark College will conduct a background check on the finalist, which will include a criminal record check. If a conviction is discovered, a determination will be made whether the conviction is related to the position for which the individual is applying or would present safety or security risks before an employment decision is made. A criminal conviction does not necessarily automatically bar an applicant from employment.

Eligibility to Work

In order to comply with US Homeland Security Department regulations, all employees must complete an I-9 form in Workday prior to or no later than the first day of work and bring originals (no photocopies) of their supporting documentation to Human Resources no later than the 3rd business day of employment. Failure to have a completed I-9 form on file with the College will result in immediate termination of employment.

Similar jobs

Similar jobs