Under the general direction of, and reporting to, the Chief Information Officer, the Information Security Officer (ISO) is responsible for the development and delivery of a comprehensive Information security and privacy program for Columbus State Community College. The ISO develops and implements a campus-wide security program that supports the academic and administrative use of information technology. Coordinates the development, implementation, and administration of security policies, practices, standards and programs. Coordinates the development and execution of effective security awareness programs. Participates as a member of Columbus State Community College IT Management, providing pertinent security information and input to strategic and tactical planning; budget preparation; initiatives and projects planning; internal and external reporting; and other management activities as required.
Develops and maintains a written information security plan. Facilitates and directs the timely dissemination of security information. Directs the activities of the Computer Security Incident Response Team (CSIRT), including coordination with the campus legal and police department, and law enforcement agencies. Conducts and/or delegates the assessment of computer systems and network security risks and participates in evaluation and implementation of security-related technologies to mitigate these risks. Investigates and develops contingency plans by undertaking risk analysis, security investigations, forensic analysis, audits, and threat assessments. Technology lead for e-discovery, litigation hold, and other legal requests and response. Attends conferences and training as required to maintain proficiency.
To perform this job successfully, an individual must be able to satisfactorily perform each essential duty listed below. Reasonable accommodations will be made for persons with disabilities, covered by the Americans with Disabilities Act, in accordance with its requirements.
Duties are numbered for convenience, and do not indicate order in terms of importance, frequency that the duty is performed, or the amount of time spent on the duty.
1) Develops, maintains, implements, and evaluates security policies, practices, standards and procedures; develops and maintains a written information security plan and security architecture documentation.
2) Directs the development and execution of security awareness programs to educate the campus community on the safe and ethical use of information technology resources.
3) Investigates possible violations of computer and network security and coordinates response to security incidents to include, but not be limited to, notification of campus police, other offices as appropriate, and contact with external response teams.
4) Develops procedures to ensure confidentiality, integrity, and accessibility of data and software. Works closely with the IT’s Network Systems, Systems Administration and Enterprise Applications units on the identification and implementation of appropriate security procedures, software, and hardware.
5) Develops and implements procedures and guidelines for internal auditing of information security controls. Conducts or facilitates auditing procedures. Coordinates IT General Controls Review component of state mandated annual financial audit and facilitates IT response and necessary remediation.
6) Works with other units on campus, as appropriate, to formulate and promulgate campus wide effective practices and standards for security and access control to data and information systems.
7) In conjunction with other IT staff, investigates, recommends, and authorizes security tests or security scans (i.e. vulnerability, penetration) affecting information systems resources.
8) Leads technology-related activities related to e-discovery, litigation hold, and other legal requests and response.
9) Advise senior college management periodically on status of information security and confidentiality conditions including regulatory and standards compliance, problem areas and recommended enhancements on security issues and/or events.
10) Networks with security professionals and colleagues at other higher education institutions, the local community, and in industry regarding broad information security issues and trends.
11) Keeps abreast of changes to existing and proposed State and Federal legislation and regulatory laws pertaining to information system security and privacy. Keeps management aware of the regulatory changes that will affect information privacy, information processing and/or security standards and techniques.
12) Works assigned schedule, exhibits regular and predictable attendance and works outside of normal schedule as needed to meet workload demands.
13) Performs other related duties as required.
Usual Physical Demands: The incumbent of this position typically exhibits the physical demands identified in the Functional Job Analysis on file in the College’s Human Resources Department and which is periodically reviewed and updated. Physical demands listed in the Functional Job Analysis are not job qualification standards, but are used to help the College assess and determine reasonable accommodations for otherwise qualified individuals covered by the American’s with Disabilities Act.
Working Condition: Normal working conditions.