Information Security Officer

Oregon, United States
Salary Commensurate with experience
May 30, 2021
Employment Level
Employment Type
Full Time

Working at Lewis & Clark College

The campus is located on 137 acres of beautifully landscaped grounds in Portland’s southwest hills. Our strong commitment to sustainability is reinforced through recycling programs, energy conservation, alternative transportation options, and farm to fork initiatives. For benefit-eligible positions, we offer a competitive benefits package that includes options for health, dental, vision, tuition, life insurance, retirement and more.


Lewis & Clark College is committed to achieving a diverse workforce. Candidates from diverse backgrounds are encouraged to apply. All qualified applicants will receive consideration for employment without regard to status as a protected veteran or a qualified individual with a disability, or other protected status, such as race, religion, color, national origin, sex, gender identity, sexual orientation, marital status or age.



The Information Security Officer (ISO), under the general direction of the CIO, is responsible for the planning, development, implementation, and delivery of a comprehensive information security program for Lewis and Clark. The scope of the program is institution-wide, applies to the College of Arts, Graduate School of Counseling and the School of Law, and includes information in electronic, print and other formats. The ISO also manages operational security service development and deployment in addition to investigative workloads associated with network, system, application security and forensic activities. The ISO is responsible for the information systems integrity, reliability and accessibility while protecting and defending against unauthorized access to systems, networks, and data.


The purposes of this program are to establish protocols governing the usage of information created, acquired or maintained by Lewis & Clark, its authorized users, be in accordance with its intended purpose; to protect Lewis & Clark information and its infrastructure from external or internal threats; and to facilitate compliance with statutory and regulatory requirements regarding information access, security and privacy for the College.


Application Requirements:

  • Resume

  • Cover Letter

  • Diversity Statement (details in application process)




Information/Infrastructure Security  (25%)

  • Protect the College's information and infrastructure from external or internal threats.

  • Recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.

  • Act as the CIO's designee representing the College on information security matters.

  • Serve as the campus DMCA agent and respond to copyright infringement notifications.

  • Lead projects for IT security-related initiatives.

  • Recommend planning and budgeting for network infrastructure, information security, and disaster recovery including recommending hardware, software and professional services.

  • Manage operational security, analyze business processes on campus for information security issues and develop solutions to address issues.

  • Work with IT and non-IT offices, business units, and management to handle data securely and in accordance with industry best practices.


Compliance Issues (25%)

  • Ensure that College policies support compliance with external and/or regulatory requirements.

  • Serve as subject matter expert for information security related laws and review third party software contracts.

  • Work with campus departments on compliance issues as necessary (FERPA, HIPAA, USPATRIOT, CALEA, HEOA, etc.).

  • Serve as the official campus contact point for information security and privacy incidents.


Program/Policy Development & Training (25%))

  • Plan, develop and deliver a comprehensive information security program for the institution.

  • Develop and implement institutional security policies and programs targeting security and privacy.

  • Develop and implement an ongoing risk assessment program targeting information security and privacy matters.

  • Develop and deliver an information awareness/training program on information security and privacy matters for students, faculty, staff and other authorized users.

  • Develop and implement identity and access management.


Subject Matter Expertise (25%)

  • Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the College and its mission.

  • Maintain certifications, continuing education credits (CPE's) and professionally mentor others as needed.

  • Serve as the campus contact point for external auditors and agencies, survey requests.



  • Bachelor's degree in computer science, information technology, or a related discipline.

  • 5 years of relevant Information Security experience.

  • Curiosity, a proactive approach, and a command of governance and risk compliance.

  • Ability to understand all threats, external and internal to the digital information that is created, acquired, and maintained by the College.

  • Ability to write policies, design programs, perform planning, design IT security architecture, incident response, IT security systems management and security awareness training, lead projects, manage contract, review/modify third party contracts, manage vendor relationships, recommend purchases, provide expert analysis and advice to campus community.

  • High level conceptual vision and experience with the flow and lifecycle of an account or identity.



  • Master's degree in computer science, information technology, or a related discipline.

  • 7 years of relevant Information Security experience.

  • 2 years experience with Systems/Network Administration.

  • 1 year experience with Programming.

  • GSEC/GIAC (Global Information Assurance Certification) Security Essential Certification.

  • GSIP/GIAC (Global Information Assurance Certification) Information Security Professional.

  • CISM (Certified Information Systems Manager).

  • CIPP (Certified Information Privacy Professional).

  • CISSP (Certified Information Systems Security Professional) Certification.



  • 37.5 hrs/week

  • Full-Time

  • Benefits Eligible: YES



  • Commensurate with Experience

Similar jobs

Similar jobs