Reporting to the Chief Technology Officer and as a member of the Senior Team of HBS Information Technology, the HBS Information Security Officer and Director of IT Compliance (ISO) is responsible for designing, implementing, and evangelizing the IT security and compliance practices for the HBS campus. The ISO is also responsible for leading critical projects within the HBS IT organization.
Information Security, Data Privacy, and IT Compliance
Working with other members of HBS IT, the ISO will oversee and/or design technological, procedural, and educational/training security practices that result in an appropriate level of IT security on the HBS campus. He/she will work in partnership with human resources to implement appropriate communication and training throughout the HBS campus. He/she will serve as a liaison to the Harvard University community to ensure collaboration and adherence to Harvard University security practices. He/she will play a leadership role in leading large scale and/or critical security and compliance projects.
The ISO will:
· Be responsible for relationship building, creative problem solving, and innovative management of projects, resources, and new technologies in a dynamic environment.
- Provide leadership and vision in the realm of information technology security.
- Represent security concepts to both internal and external constituents in a professional, informative, and effective manner.
- Foster and strengthen working relationships with the HBS community, Harvard University community, and critical external vendors and partners.
- Develop and maintain multiple project plans; define scope and objectives for security initiatives across all relevant IT projects.
- Keep current on and communicate IT related topics affecting HBS and ensure technologies used are consistent with the School's IT architecture standards.
- Develop and promote an information security awareness culture within IT and the campus as a whole, including annual October awareness programs.
- Deliver Monthly / Quarterly Information Security Reports to IT senior management.
- Develop and manage an internal IT audit schedule.
- Conduct investigations into network/information security breaches or other instances of computer-based crime or online behavior contravening School/University policy.
- Ensure that periodic assessments and regular monitoring of campus information security are conducted.
- Where appropriate inform the IT Senior Team of changes in technical, legal, and regulatory areas affecting information security and computer crime. Develop appropriate plans for response to these changes and coordinate the implementation of such plans.
- Lead all IT PCI compliance initiatives, including coordination with appropriate business units.
- Develop and maintain a Security Control Catalog.
- Coordinate evaluation of information and campus security tools and make proposals for adoption as appropriate.
- Validate that the designed perimeter and access controls support business and regulatory requirements.
- Establish a strategy on reducing risks related to data leakage.
- Other duties as assigned.
The ISO will:
Policy Portfolio Management
- Be responsible for developing and maintaining an IT Academic Continuity Plan that is consistent and coordinated with school-wide and university-wide plans.
- Will be responsible for coordinating the testing of plan on a regular basis.
- Collaborate with IT colleagues on the development and ongoing revision and testing of HBS Academic Continuity plan
The ISO will:
- Be responsible for the policy portfolio management of all IT policies.
- Coordinate the development and ongoing revision of IT information security policies and security-related policies, procedures, and guidelines.
Security and Compliance Audits
The ISO will:
- Serve as IT lead on School and University audit and compliance committees and working groups.
- Coordinate IT activities in support of audit activities.
- Strengthen School computing asset management procedures and capabilities.
- Collaborate with IT Senior Team to develop an internal IT audit plan which may include: service portfolio, policy portfolio, SLA/OLA portfolio, asset management, software license management.
Salary Grade: 060
Union: 00 - Non Union, Exempt or Temporary