Educause Security Discussion mailing list archives
Information Security Officer - Loyola University Chicago
From: Jim Sibenaller <Jsibena () LUC EDU>
Date: Mon, 29 Sep 2008 11:45:01 -0500
All, Loyola University Chicago has an immediate opening for an Information Security Officer due to the departure of the current incumbent to another University. Applicants with qualified skills and interest should utilize the following link to apply. www.careers.luc.edu/applicants/Central?quickFind=52305 ========================================================================== Job Title: Information Security Officer Reports To: Director Enterprise Architecture & PMO Department: Information Technology Services Division: Enterprise Architecture & PMO Campus: Lake Shore, Chicago IL Summary: The Information Technology Services division at Loyola University Chicago seeks an Information Security Officer to own and manage the information security program at Loyola. This position works closely with clients to fully understand their requirements and define expectations. Essential Duties and Responsibilities include the following. Other duties may be assigned. 1. Develop and implement plans to ensure institutional compliance with applicable laws, regulations and requirements, such as: FERPA (Family Educational Rights and Privacy Act), GLBA (Graham-Leach-Bliley Act), HIPAA (Health Insurance Portability and Accountability Act), PCI-DSS (Payment Card Industry Data Security Standard), DMCA (Digital Millennium Copyright Act), and the Illinois Personal Information Protection Act. 2. Develop and promulgate institutional and divisional Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements, as well as institutional business objectives. 3. Coordinate response to any information security incidents. 4. Maintain and remain current regarding information security threats and vulnerabilities, as well as the best practices and technologies used to mitigate them. 5. Establish relevant security metrics. 6. Facilitate the process for working with end users and various resources to ensure security expectations and controls can be met. Must be able to influence and persuade individuals and/or groups to identify common ground solutions. 7. Identifies, assesses and works with the appropriate teams to mitigate known information security risks. 8. Create, manage and keep “ever-green” the information security program. 9. Regularly communicate in writing and in-person to end users and resource contributors about the state of information security, security expectations and on-going information risk status. 10. Demonstrate a commitment to Loyola’s mission and strategy by supporting the ITS core values of service excellence for university strategic initiatives and continuous development/improvement. 11. Proactively manages change through existing change management processes. 12. Leads University-wide information security committee. 13. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary. Qualifications: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Education/Experience: · Bachelor’s degree in Management Information Systems, Computer Science or Engineering or equivalent experience. Relevant industry experience, aptitude, and the ability to learn while applying knowledge and skill-sets is important. · At least 5 years of experience in information security and/or network/security management. · Proven experience in managing information security personnel. · Familiarity with regulatory compliance, such as FERPA, GLBA, HIPAA, PCI DSS, DMCA, Illinois Personal Information Protection Act, and similar regulation s. · Familiarity with security concepts such as defense-in-depth, the principle of least privilege, access controls, risk management, and mitigating controls required. · Experience in Higher Education is a plus, but not required. · Experience with IT frameworks such as the ISO 27000 series a plus, but not required Language Ability: · Excellent communication (oral, written, presentation), interpersonal and consultative skills to work effectively with vendors, clients, peers, and ITS management and staff. · Core consulting skills such as business writing, presenting, and analytic comparisons. · Ability to communicate technical concepts and solutions to both technical and non-technical audiences. Computation Ability: · Strong analytical and problem solving skills. Reasoning Ability: · Must be detail oriented, results focused, and be able to support change management initiatives. · Synthesizes complex or diverse information; Generates creative solutions; Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully; Develops alternative solutions; Works well in both group and individual problem solving situations. Looks for ways to improve and promote quality; Responds promptly to customer needs; Solicits customer feedback to improve service; Responds to requests for service and assistance. Computer Skills: · Proficient in Microsoft Applications (Excel, Word, PowerPoint, Visio and Project). Certificates and Licenses: · CISSP certification required · GIAC certification a plus, but not required Interpersonal: · Great attitude and strong work ethic; Ability to work independently and in team settings; Focuses on solving conflict, not blaming; Maintains confidentiality and follows ITS and other university policies regarding data security and protection; Balances team and individual responsibilities; Contributes to building a positive team spirit; Effectively influences actions and opinions of others; Strives to continuously build knowledge and skills; Shares expertise with others. · Collaborates information security concepts with both technical and non-technical individuals; Possesses the ability to explain and gain concurrence on information security concepts. · Diversity- Shows respect and sensitivity for cultural differences; educates others on the value of diversity. · Ethics- Treats people with respect; Works with integrity and ethically; handles sensitive and confidential issues and materials appropriately. Organizational Skills: · Supports organization's goals and values; Develops strategies to achieve organizational goals; Adapts strategy to changing conditions; Includes appropriate people in decision-making process; Strong administrative and organizational skills. Supervisory Responsibilities: · Direct report ownership of 2 staff members within the security area, additional consultants and student workers as required by project/work load. · Requires the matrix management responsibility of project teams. Jim Sibenaller Director, Enterprise Architecture & PMO Information Technology Services LoyolaUniversity Chicago W: 773-508-7665 M: 847-828-5222
Current thread:
- Information Security Officer - Loyola University Chicago Jim Sibenaller (Sep 29)