Senior IS Specialist/Chief Information Security Officer (CISO)
The University of Wisconsin River Falls, a member of the University of Wisconsin System, is located in scenic west central Wisconsin, 30 miles from the multi-cultural, multi-ethnic cities of Minneapolis and St Paul. Year-round arts, cultural and recreational events are easily accessible from River Falls. UWRF's 6,100 undergraduate and graduate students pursue degrees in four colleges: Arts and Sciences, Education and Professional Studies; Agriculture, Food and Environmental Sciences; and Business and Economics.
The University provides an excellent environment for learning, emphasizing the importance of faculty-student interaction in classrooms, laboratories, academic advising, and co-curricular activities. A favorable student-faculty ratio affords opportunity for meaningful interchange between faculty and students. Strong interests in teaching, research and community service are highly valued. More information about UWRF can be found at: http://www.uwrf.edu/workhere/.
Under general direction of the CIO at UWRF with input from the CIO at UW-Stout. This position will report to UWRF but is expected to conduct all duties and responsibilities of the position equally amongst the two campuses. This position is responsible for research, development, implementation and ongoing monitoring of IT security and regulatory compliance policies, controls, programs and facilities, including the development and maintenance of a comprehensive Information Security Assurance Program that encompasses awareness, training, risk assessment and mitigation, incident response and disaster recovery and business continuity.
This position also establishes an overall framework for IT policy development as well as performing or overseeing the actual research, development and implementation of IT policies to ensure effective and efficient IT operations and compliance with applicable laws and regulations governing University data and IT operations.
This position is a full-time position with 50% appointment to UW-River Falls and 50% appointment to UW-Stout. While work and regulations will be similar, each campus is independent and policies and procedures in some cases may be unique at each campus. Each campus will expect this employee to work from on-site during information security incidents as needed. The home campus for this position will be UW-River Falls and the employment policies of that campus will apply to this position.
Global universities and their information security threats never sleep, there may be a need for this position to be an information security response leader while working outside of normal business hours including nights, weekends and holidays. Anticipated Appointment date: June 1, 2019.
Specific Duties and Responsibilities:
55% A. IT Security and Operational Policy Development
35% B. IT Security and Business Continuity Operations
10% C. IT Security Incident Response
- Must be a US Citizen.
- Ability to pass Wisconsin Department of Justice, Crime Information Bureau, finger-printed background check (CJIS) conducted by the University Police department (https://www.doj.state.wi.us/dles/cib/background-check-criminal-history-information) within six months of hire and must maintain this status as a condition of employment.
- Bachelor’s Degree in Information Security, Computer Science, Management Information Systems, Business, or a related field.
- Minimum of 3 years progressively increasing responsibility in an IT policy, IT security or IT governance role preferably in a higher-education setting.
- Must hold, or be able to obtain within six months of hire, a management-oriented security certification (e.g., CISSP, CISM or GSEC).
- Knowledge of networking technologies including network security technologies including firewalls, VPN, network intrusion detection / prevention and related systems.
- Strong knowledge of IT security practices, application development and operational frameworks such as Incommon Assurance, NIST CyberSecuity Framework, ISO/IEC 27001 Security Framework, Open Web Application Security Project (OWASP) practices or Control Objectives for Information and Related Technologies COBIT.
- Strong knowledge of data and security regulations and their application in Higher Education, including FERPA, HIPAA-HITECH, PCI, GLBA, FTC’s Red Flags Rule, GDPR, CJIS, WI Statute 134.98 and other applicable regulations.
- Ability in leading an Information Security Response team including triage of daily operational events and leadership of incident management teams including the ability to drive coordination with organizational management in a corelated response.
- Ability to lead internal and external regulatory self-assessment, audit and compliance response teams, to coach team members in providing responses in a truthful and coordinated manner while ensuring not to increase the risk profile for the institution.
- Ability to implement organizational change while utilizing IT project management principles, processes and methodologies.
- Strong ability to form and lead cross-functional teams in implementing process and organizational change.
- Ability to form strong business partnerships across distinct campus departments and business units.
- Ability to articulate strategy and vision and present plans, proposals and issues to executive management.
- Ability to manage multiple competing priorities and remain calm and focused in high-pressure situations.
- Ability to be self-directed under a general supervision by the two Chief Information Officers at two separate and distinct institutions. Ability to mitigate conflicting priorities and to decrease redundancy between the organizations while developing gained efficiencies of scale between the two organizations (do once, repeat results.) Account for time and provide written reports of activities to the organizations.
- 5 or more years progressively increasing responsibility in an IT policy, IT security or IT governance role preferably in a higher-education setting.
- Direct career building hands on background in software application development, system and service management or network administration as a foundation builder to a technical foundation.
- Direct career building involvement in management and business analysis of an organization, including financial, human resources and strategic decision-making process to establish a firm management foundation.
- Direct, recent experience with policy or compliance relating to data regulations such as FERPA, PCI, HIPAA, GLBA and/or PCI.
- Experience working independently to conduct technical investigations with diverse constituents, providing detailed written reports and presentations.
- Knowledge in the application of Wisconsin Open Records law regarding data set development in response to open records request. Ability to work with UW System Legal Counsel in response to civil or criminal subpoena and warrants for information served to the organization.
- Knowledge of systems logging and monitoring applications, including custom query and reporting development for creation of dashboards for security personnel, IT leadership and senior organizational management.
- Strong knowledge of business disaster preparedness, disaster recovery and business continuity principles, concepts, technologies and architectures.
- Strong knowledge of IT governance and service management frame works such as Microsoft Operational Framework (MOF) or ITILv3.
- Ability to foster a working relationship with law enforcement to serve as an advisor to them when required and to work with them as needed in criminal investigations.
Materials not submitted through https://jobs.uwrf.edu/postings/5112 cannot be considered.
- Curriculum vitae (resume)
- Letter of interest specifying qualifications and experience (cover letter)
- An unofficial transcript (official copies of transcripts will be required if hired).
- Provide the names, addresses, telephone numbers, and e-mail addresses of three references who can specifically comment on your ability, experience and professional preparation (references).
Inquiries should be addressed to:
Dr. Tony Varghese, Search Chair
Dept. of Computer Science and Information Systems
Deadline to Apply: Initial review of applications will begin upon receipt. For full consideration, applicants should submit all required materials by March 22nd, 2019, applications will be accepted until the position is filled.
UW-River Falls does not offer H-1B or other work authorization visa sponsorship for this position. Candidates must be legally authorized to work in the United States at the time of hire and maintain work authorization throughout the employment term. If you have questions regarding this, please contact Human Resources at 715-425-4941.
UW-River Falls Diversity Statement: We declare that diversity and inclusivity are core values. We dedicate ourselves to build a culture grounded in principles of equity, social justice, and excellence. We fundamentally affirm and embrace the multiple identities, values, belief systems, and cultural practices of all individuals and communities. We will address fundamental issues of bias, discrimination, and exclusion.
The University is committed to creating an educational community which enhances student awareness and appreciation of diverse ethnicities and cultures and identities which actively supports tolerance, civility and respect for the rights and sensibilities of each person without regard to economic status, ethnic background, political views, sexual orientation, or other personal characteristics or beliefs. Awareness of and sensitivity to diverse ethnic and cultural heritages are especially sought in applicants.
UWRF is an equal opportunity, affirmative action employer subject to all state and federal regulations pertaining to non-discrimination based upon sex, gender identity or expression, sexual orientation, race, color, national origin, religion, disability, marital status, age, arrest and/or conviction record, veteran status, and membership in the national guard, state defense force, or any other reserve component of the military forces of the United States or the State of Wisconsin. All persons, especially women, persons of color, people with disabilities and protected veterans are encouraged to apply. Employment is subject to federal laws that require verification of your identity and legal right to work in the United States as required by the Immigration Reform and Control Act.
For a copy of the UWRF campus safety information, see http:www.uwrf.edu/Police/CampusRecordsCrimes.cfm or call University Police at (715) 425-3133 for a paper copy. This material includes crime statistics (Annual Security Report) and information on crime prevention, sexual assault, and drug/alcohol issues.