Framingham, MA Category:
Mon Aug 22 2022 Job Description:
GENERAL STATEMENT OF DUTIES:
The Information Security Officer is a member of the leadership
team within the Information Technology Services (ITS) organization
with responsibility for the comprehensive information security
program. This includes (but is not limited to); the review,
evaluation, and implementation of controls to reduce the overall
risks associated with information that is under the stewardship of
the University, related technological infrastructure, and
third-party product or service providers. This position also
administers information security training and awareness programs.
Responsibilities include the monitoring, investigation, response,
and remediation of vulnerabilities, threats, and breaches of
Framingham State's cybersecurity as may be necessary. The
Information Security Officer also proposes, drafts, and maintains
all documented security policies and procedures designed to
mitigate such risks.
The Information Security Officer plays an important role in
formulating and executing strategies that contribute toward the
University being a productive and enjoyable place to teach, learn
and work. This includes (but is not limited to); ensuring generally
accepted best practices for securing information and technological
infrastructure are adopted by partnering with colleagues within
ITS, users of Framingham State's information systems, other
internal stakeholders, and vendors as part of the organization's
objectives and improvement of IT services in support of Framingham
State University's overall operations and strategic priorities.
Associate Vice President and Chief Information Officer
EXAMPLES OF SPECIFIC DUTIES AND RESPONSIBILITIES:
- Leads the implementation of the controls, best practices,
policies, and procedures as described or referred to in the
University's Comprehensive Written Information Security Program
- Monitors changes in legislation related to cybersecurity and
information security, and updates the University's Comprehensive
WISP as needed.
- Leads the development of annual and long-range security
strategies, compliance goals, capability maturity models,
performance metrics, reporting mechanisms, and program services
that demonstrate measurable improvements to cybersecurity at the
University over time.
- Assumes responsibility for designated portions of the
University's IT service offerings as the Service Owner and/or
Process Manager and provides program and project management for
assigned initiatives requiring a structured approach to defining a
scope of work, resource planning and coordination, controlling
costs, and mitigating risks.
- Works with university leadership and relevant responsible
compliance department leadership to build cohesive security and
compliance programs for the university to effectively address state
and federal statutory and regulatory requirements.
- Coordinates and tracks all information technology and
security-related assessments/audits including the scope of audits,
colleges/units involved, timelines, auditing/assessing agencies,
and outcomes. Works with auditors/assessors as appropriate to keep
audit/assessment focus in scope, maintain excellent relationships
with audit/assessment entities and provide a consistent perspective
that continually puts the institution in its best light. Provides
guidance, evaluation, and advocacy on audit responses. Handles the
administration, planning, and coordination associated with
follow-up to findings and recommendations from audits and
- Develops a strategy for dealing with an increasing number of
internal and external assessments, audits, and compliance
- Develops and administers designated budget allocations and
serves as the assigned contract manager for agreements with
third-party product and service providers.
- Reviews contracts for departmental third-party product and
service providers for appropriate and required information security
and privacy protections.
- Initiates and leads ongoing efforts to identify, inform and
involve key stakeholders in the process of making joint decisions
and engaging in productive collaborations with colleagues and
constituents as part of managing the administration of policies,
programs, and services.
- Monitors areas of potential risk to information security, and
cybersecurity more generally identify vulnerabilities and threats
and takes appropriate action to help prevent, mitigate or remediate
situations that might inflict financial, operational, or
reputational damage to the University.
- Periodically reviews and assesses logs, access controls,
vulnerability scans, and patch management programs as required to
ensure that documented standard operating procedures are consistent
with best practice, up to date, and are being followed. Adjustments
to standard operating procedures will be made as needed. Any/all
findings will be noted, remediated, and reported.
- Convenes a Security Incident Response Team (SIRT) as needed, or
requested, in addressing and investigating security incidences that
arise or situations that warrant attention in order to prevent or
mitigate the risk of an incident occurring.
- Convenes Ad Hoc Security Committee as appropriate and provides
leadership for breach response and notification actions for the
- Provides consultative guidance to members of academic and
administrative departments as well as students on how to secure
information, protect information technology, and employ generally
accepted best practices for cybersecurity.
- Works closely with the other colleagues within the University
and third-party product and service providers to ensure supported
information systems and technological infrastructure are compliant
with federal, state, and industry regulations to protect
institutional data, systems, personal information, and
- Works closely with the other colleagues within the University
and third-party product and service providers to maintain
documentation of Framingham State's contingency and business
continuity plans to ensure a defined scope of information
technology services can be restored within agreed-upon timeframes
in the event of a disaster or major cybersecurity incident.
- Participate in local, regional, and national peer organizations
to stay abreast of information security issues and regulatory
changes affecting higher education at the state and national
- Participate in national policy and practice discussions on
information security and communicate to campus regularly about
- Engage in professional development to maintain continual growth
in professional skills and knowledge essential to the
- Provides insights, consultative advice, and expertise as a
contributing member of committees, task forces, and advisory groups
charged with formulating University-wide strategies, setting
operational objectives, instituting policies, and achieving goals
associated with compliance, audits, and risk management.
- Performs other duties as may be assigned by the Associate Vice
President and Chief Information Officer.
- Accountable for ensuring that affirmative action, equal
opportunity, and diversity are integrally tied to all actions and
decisions in areas of responsibility.
All of the work associated with the duties and responsibilities
for this position is ordinarily performed at Framingham State's
main campus, and may be done periodically from a remote location
consistent with the conditional provisions specified within
University's Telework Guidelines and in accordance with an approved
- Academic credential of a Bachelor's degree
- Excellent technical, organizational, planning, documentation,
and communications skills
- Project management experience
- 5+ years progressive experience in a computer-related
- Some degree of experience in policy and planning, compliance,
and operations as described in the preceding section titled "Duties
- Prior experience as an Information Security professional
- Experience working for a College or University within
Information Technology Services
- Certifications and other credentials for Management of
This is a full-time, exempt, benefits-eligible position in the
Association of Professional Administrators (APA) bargaining unit
with an official title Director and a functional title of
Information Security Officer. The salary range is $85,000 -
It is the policy of Framingham State University that all
employees be fully vaccinated against COVID-19, including booster
if eligible, before they begin employment. Proof of the COVID-19
vaccine is required of all individuals hired by FSU, to be verified
after a verbal offer of employment has been accepted, and before
employment begins. Prospective employees may submit a request for a
medical or religious exemption to the COVID-19 vaccination
requirement to Human Resources. Furthermore, FSU employees must
wear a mask inside certain campus spaces.
Framingham State University conducts criminal history and sexual
offender record checks on recommended finalists prior to final
employment for all positions.
Framingham State University is an equal opportunity/affirmative
Members of underrepresented groups, minorities, women, veterans,
persons with disabilities, and all persons committed to diversity
and inclusive excellence are strongly encouraged to apply.