Job Posting: Information Security Officer at Boston Univerity

["Fulton, Lora" <lfulton () BU EDU>]

If interested please submit your resume online at http://www.bu.edu/jobs  (job code 5494/I249)



This position leads the development and support of Information Security for the University, including security-focused 
guidance of the enterprise IT architecture, policy development and revision, collaboration with law enforcement on 
information security incidents, supervision of the Information Security team, and coordination of information 
security-related activities conducted by other University departments.



KEY RESPONSIBILITIES / ESSENTIAL FUNCTIONS*

% of TIME

*         Serve as a member of the enterprise architecture team, providing security-focused direction and formulating 
architectural initiatives to improve enterprise security.

10

*         Take a leadership role in the development and revision of information security-related policies and 
procedures.

20

*         In consultation with related University offices and stakeholders, develop and lead implementation of an 
Information Security Plan for BU.

20

*         Co-chair the Information Security governance committee.

5

*         Structure and supervise the Information Security team.

20

*         Lead incident response team investigations into network/information security breaches or other instances of 
computer-based crime.

5

*         Enhance and expand security awareness resources and programs.

10

*         Support the VP IS&T in working with BU Internal Audit, as well as third party computing and information 
security auditors.

5

*         Inform the Vice President for Information Services & Technology and the General Counsel of technical, legal 
and/or regulatory changes related to information security and computer crime.  Proactively develop plans for response 
to these changes and coordinate the implementation of such plans.

5


JOB SPECIFICATIONS:  KNOWLEDGE / SKILLS / ABILITIES


 Qualifications (Minimum education & experience level required):

Master's degree in IT management, a related field, or equivalent experience required.
Ten (10) or more years of progressive experience in information technology.

One or more of the following certifications desired:
*         Certified Information Systems Security Professional (CISSP(r))
*         Systems Security Certified Practitioner (SSCP(r))
*         Certified Information Systems Auditor (CISA(r))
*         Global Information Assurance Certification (GIAC)

Skill requirements (include complexity of position):

Extensive experience with IT security systems and best practices.
Familiarity with the requirements of advanced networking and collaborative research, as they pertain to network 
security.