Information Security Officer
Duties and Responsibilities
This position serves as the Chief Security Officer by developing, implementing, and managing the University’s IT Security Program and to ensure compliance with VITA IT Security Standards, federal mandates, guidelines, and adopted industry best practices. Developing overall enterprise strategic and tactical approaches for information security, user privacy, and associated architectures. Design and coordinate the implementation of a comprehensive security awareness training program for the University faculty, staff, students, contractors, and IT service providers. Properly utilizes evaluated system/network privileges in the performance of information security monitoring, auditing, and testing. This position conducts risk assessments and ongoing security reviews for core IT systems and environments. In cooperation with appropriate IT staff and other University personnel, identify and classify critical information assets, assess threats and vulnerabilities related to those assets, and implement safeguard recommendations. Implement and maintain the appropriate balance of protective, detective, and corrective controls for the University’s IT systems commensurate with data sensitivity, risk, and system criticality. Verify and validate that all University IT systems and data are classified for sensitivity. Review Intruder Detection Systems (IDS), database logs and system logs from servers and workstations for security issues. Ensure that weekly IT Vulnerability and Assessment reports are assessed, reviewed, tested on IT systems to ensure that the systems are properly patched. Establish and maintain patch management databases from US-CERT and Center for Internet Services (CIS). Determine gaps and program inefficiencies and make recommendations for information technology that can close gaps and/or improve the program. This position serves as a primary author and editor of security-related compliance and audit documents and reports. Drafts and coordinates the relevant approval process for security-related polices, standards, guidelines, and procedures. Serves as the institution’s chief liaison with state government oversight entities. Works with outside consultant as appropriate for independent security audits. Serves as a technical lead for e-Discovery, Copyright Infringement, Freedom of Information Act requests, and other matters that could result in litigation or violations. Participates in the IT Continuity Planning activities and in the review, monitoring, and assessments of Risk Assessments, Business Impact analysis, Business Continuity, and Disaster Recovery Reports. Assists in duties assigned by the Chief of Staff and serves as a liaison to Police and Public Safety.
Master’s degree in Computer Science, Management Information Systems, Information Security or related discipline and/or 5-8 years’ experience. Detailed knowledge of technical IT operations and engineering functions. Ability to educate customers at both management and technical levels. Experience in provisioning IT Security devices such as firewalls, intrusion detection/prevention systems, SPAM, packet filters, network access control devices. Experience with Windows servers and desktop environments, Red Hat, Enterprise, Linux, OS X, Cisco and Juniper network products, Altrius IT Management Suite and malware solutions. The candidate must possess strong communication, interpersonal, skills and the ability to maintain effective working relationships with coworkers, vendors, and the public.
Prior experience working in higher education environment. Knowledge of CISSP, GIAC, CEH, CISM or similar certification demonstrating security management.
How to Apply
Virginia State University will only accept on-line applications through Recruitment Management System (RMS). Faxed, e-mailed, and mailed applications will not be accepted. Please visit http://jobs.agencies.virginia.gov to complete a state application.
The selected candidate will be subject to an extensive and complete criminal background check, which may include fingerprinting. Candidates may be required to complete a Statement of Economic Personal Interest as a condition of employment.
VIRGINIA STATE UNIVERSITY IS AN EQUAL OPPORTUNITY EMPLOYER. WOMEN, MINORITIES, PERSONS WITH DISABILITIES AND VETERANS ARE ENCOURAGED TO APPLY.