University of Rochester

University of Rochester logo

Job Information

University of Rochester IT Security Information Security Officer - 234458 in Rochester, New York

IT Security Information Security Officer Job ID 234458

Location Central Administration Full/Part Time Full-Time Favorite Job Regular/Temporary Regular Opening

Full Time 40 hours Grade 056 University IT / IS

Schedule

8 AM-5 PM

Responsibilities

GENERAL PURPOSE:

The Information Security Officer (ISO), serves as the principal advisor to the information system owner and the Chief Information Security Officer on all matters, technical and otherwise, involving the security of the information system they reside over. The ISO typically has the detailed knowledge and expertise required to manage the security aspects of the information system. The ISO builds relationships with key personnel who have the authority or ability to ensure compliance with security laws, regulations, guidance and requirements. Key people will differ depending on circumstances. Therefore, are encouraged to coordinate with appropriate contacts as determined by their components and different situations that arise with their areas of responsibility.

RESPONSIBILITIES:

  • Provides security communication, awareness and training for audiences, which may range from senior leaders to field staff.

  • Works as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements.

  • Serves as an active and consistent participant in the information security governance process.

  • Works with the CISO and IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.

  • Provides support and guidance for legal and regulatory compliance efforts, including audit support.

  • Manages production issues and incidents, and participate in problem and change management forums.

  • Works with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.

  • Works with the CISO to develop a security program and security projects that address identified risks and business security requirements.

  • Manages the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the enterprise environment.

  • Proposes changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.

  • Enforces a strong security culture set forth by the CISO, ensuring uniformity across the enterprise leadership, business units, employees and students

  • Fosters strong relationships with internal business units and external entities to maintain a strong network.

  • Advises on enterprise-wide people, process and technology security recommendations.

  • Other duties as assigned

    QUALIFICATIONS:

  • A bachelor's degree in information systems or cybersecurity, or equivalent work experience; an M.B.A. or M.S. in information security is required.

  • 5-7 years of related experience

  • or equivalent combination of education and experience

    Required Technical Skills:

  • Expert knowledge of Microsoft Office Suite

  • Experienced in using ITSM Tool or ticketing system

  • Experienced in application configuration

  • Experience in IT and Information Security Risk

  • Experience in Risk Management Methodology and Frameworks

    Required Business Skills:

  • Self-starter requiring minimal supervision

  • Superb analytical and research skills with the ability to comprehend complex data sets; demonstrate critical-thinking and problem-solving skills

  • Excellent interpersonal, written, and oral communication skills with strong attention to detail

  • Ability to execute multiple tasks in a fast-paced environment; perform under pressure and demonstrate adaptability and flexibility

  • Demonstrated ability to conduct independent research and reporting

  • Knowledge of computer networking concepts and protocols, and network security methodologies and relationship to laws, regulations, policies, and ethics surrounding cybersecurity and privacy.

  • Knowledge of the organization's core business/mission processes.

    Certicication:

  • CISSP, CISM, CISA, GSEC, CCSP – a Plus

    How To Apply

All applicants must apply online.

EOE Minorities/Females/Protected Veterans/Disabled

DirectEmployers