General Function (Description):
Reporting to the Vice President, Chief Information Officer, the Senior Security Engineer provides strategic and policy leadership in the implementation and management of the University Information Technology (IT) Security program. Provides ongoing direction for developing, deploying, maintaining, operating, educating on, and evolving the University’s IT security architecture, controls, standards, processes and procedures.
Examples of Duties and Responsibilities:
• Provides technical leadership and non-technical leadership, including education, to ensure and increase university information security awareness.
• Provides leadership in establishing University information security architecture, controls, standards, policies, processes, and procedures.
• Develop an information security vision and strategy that is aligned to the University’s priorities enables and facilitates the institution’s business objectives and ensures senior stakeholder buy-in and mandate.
• Creates a risk-based process for the assessment and mitigation of any information security risk in the University’s ecosystem.
• Provides academic and business units with information security risk assessments and provides or assists with the development and deployment of protective measures.
• Works with the compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the university is processed and stored according to applicable laws and other global regulatory requirements, such as data privacy.
• Collaborates and liaises with the compliance officer(s) to ensure that data privacy and compliance requirements are enforced where applicable.
• Oversees the monitoring of University-wide security tools and investigates breaches of security controls, taking action according to the University's established process and procedures.
• Ensures that disaster recovery and business resumption plans exist in alignment with the business (i.e. Business Impact Analysis, Business Continuity, etc.) regulatory requirements (i.e. Health Insurance Portability and Accountability Act, Family Educational Rights and Privacy Act, etc.).
Minimum Hiring Standards
Education: Bachelor’s degree or equivalent experience required
Years of Experience Required Eight (8) years of experience in a combination of IT Security, IT Risk Management and general IT positions; Experience developing and implementing IT security policies and procedures.
Years of Management/Supervisor Experience N/A
Preferred Qualifications
Education Advanced degree preferred
Certifications Certifications such as CISSP (Certified Information Systems Security Professional), CISM (ISACA Certified Information Security Manager), CISA (ISACA Certified Information Systems Auditor), or Security+ preferred Experience Experience working in an IT department at higher education institutions preferred