Colgate University's Director of Information Security and Information Security Officer is responsible for thought leadership, policy and practice development, and operational leadership around issues of data and information security.
Accountabilities: Maintain a comprehensive working knowledge of federal, state and local laws and regulations, and industry standards (together in this document referred to as Laws and Regulations), where compliance requires specific data or information security policies, practices, reporting, or audits. These Laws and Regulations include, but are not limited to, the Health Information Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), Higher Education Opportunity Act (HEOA), and the Payment Card Industry Data Security Standard (PCIDSS).
Maintain a comprehensive working knowledge of the data landscape and information security policies and best compliance practices, including those unique to institutions of higher education and those more broadly applicable.
Maintain a high level of community empathy and understanding of Colgate's mission and the work of faculty, students, and staff sufficient to ensure a secure technology environment that enables creativity and success.
Recognizing that a technology environment that enables creativity and success can, at times, be at odds with a highly secure and regulated technical infrastructure, the successful candidate must be capable of recommending and building balanced consensus around specific systems and/or practices to ensure the University's successful operation and ongoing compliance with such laws and regulations and the generally accepted principles of data and information security. Examples include:
- Models for authentication, authorization and accounting for systems and services. - Policies for system access and permissions to support audit and detection of compliance issues. - Standards for network and system configuration. - Regular processes for system and server patches and vulnerability management. - The effective use of network security equipment, including firewalls and intrusion protection systems. -Processes for change management.
Work with technical staff to implement systems and/or practices such as those described above.
Develop and deliver training for end users, data stewards, system administrators and others as may be required in support of the above.
Establish and track benchmarks and metrics that reflect the effectiveness of College data and information security policy and practice
Conduct periodic security audits of the IT environment; develop reports, document results and recommend changes; supervise implementation plans.
Lead the development, maintenance and annual evaluation of incident response, business continuity and disaster recovery plans.
Lead incident response efforts including forensics and investigations in the event of a data breach or incident.
Participate on College-wide working groups and committees representing and advocating for the interests of a secure data environment.
Represent the College as a participant of institutional security collaborations (REN-ISAC, Higher Education Information Security Council, New York Six, etc.).
Maintain an expert working knowledge and technical understanding of the interrelationships and inter-dependencies between and among the systems, services and products provided and supported by ITS.
Maintain a working knowledge and technical understanding of the College's general networking and systems infrastructure.
Ninimum Qualifications: - A minimum of a Bachelor's Degree in Information Technology, or a related degree preferred, or a combination of education and experience from which comparable skills are attained. - Demonstrated professional experience and a record of success in the essential duties of the position. - Demonstrated technical proficiency in networking and systems sufficient to credibly work with technical staff to implement security policies and practices. - One or more applicable Information Security certifications such as Certified Information Systems Security Professional (CISSP). - Demonstrated excellent organizational, client contact, reading, writing and spoken English skills. - Ability to work both independently and within a team. Willing to collaborate, share ideas openly and learn. - Must be capable of working collegially with a diverse group of faculty, staff and students on a daily basis. Preferred Qualifications: - Experience in a higher education setting. - Formal project management training and/or experience.