Advertising/Posting Title Information Security Officer Diversity Statement The University is especially interested in candidates who can contribute to the diversity and excellence of the institution. Applicants are required to include in their cover letter information about how they will further this goal. Posting Summary
TThe UVM Information Security Officer (ISO) has both operational and strategic responsibilities for information security at the University, with most day-to-day activities focusing on the operational. The ISO is responsible for establishing and communicating the University's information security vision, policies, and programs to ensure that information assets entrusted to it are adequately protected. This position requires collaborative, hands-on leadership, with the ability to think strategically, plan to the strategy, and oversee execution of the plan.
The ISO provides guidance and expertise to advance the operational mission of the Information Security Office. The position chairs the Information Security Council, the Computer security Incident Response Team, and the Information Security Operations Team, collaborates closely with University leadership (including the Chief Compliance and Privacy Officer, General Counsel, the Chief Internal Auditor, the Chief Information Officer, the Chief Risk Officer and the Director of Risk Management) and collaborates more generally with administrative, academic and information technology staff throughout the University.
The ISO is involved in all forms of IT governance and is responsible for information security-related policy and procedure development and risk assessment work. In collaboration with other stakeholders, the ISO is expected to contribute to UVM's information security awareness and outreach efforts.
The ISO maintains situational awareness using threat intelligence and leads incident response activities. The ISO focuses significant effort on providing oversight and direction for the Information Security Office and in regular consultation with constituents on campus.
The ISO is accountable for all aspects of staff management, hiring, coaching, training, and performance reviews for the Information Security Office. The position must foster a positive, collaborative and engaged team dynamic in the pursuit of ISO priorities, which includes active development of individual team members.
The position must be able to offer strong technical guidance as necessary. Communication and prioritization skills are essential, with a strong track record in information security as both practitioner and leader. In-depth expertise with Information Security tools and practices is important, and the ISO must be able to advise on how to best use technology to enhance UVM's security posture.
This is a senior-level position within Enterprise Technology Services and has University-wide responsibilities to provide information security leadership for the institution.
Minimum Qualifications (or equivalent combination of education and experience)
Bachelor's degree in technology or related field and seven to ten years' related experience. Industry-recognized security professional certification, or the ability to acquire within the first year of employment, e.g.: CISSP (Certified Information Systems Security Professional), GIAC (Global Information Assurance Certification) Advanced-Level Certification (such as GLSC, GCED,GSNA), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor). Ability to comprehend and assess technical issues across information technology domains. Knowledge of applicable information security regulations and compliance standards.
Experience as a practitioner in one of more of network engineering, systems administration, forensics, traffic analysis, and/or SOC operations
Project planning, prioritization, management, implementation, and assessment skills
Ability to establish rapport and maintain trust
Ability to develop and administer policies across constituencies in a decentralized organizational environment
Effective written and verbal communications skills, including experience with communications to a diverse community, group facilitation, formal presentations
Collaboration, problem-solving and negotiation skills
Experience creating/advancing enterprise incident response programs
Experience creating/advancing enterprise vulnerability management programs
Experience leveraging technical tools common to information security programs such as security event information management (SEIM), network traffic analysis (NTA), vulnerability management, and/or endpoint detection and response (EDR) platforms in support of advancing a coherent enterprise security program
Work experience in higher education
Other Information Special Conditions A probationary period may be required FLSA Exempt Hiring Min (Represents full-time (12 months, 1.0 FTE) equivalent salary. Must be prorated for jobs less than 12 months or 1.0FTE (Salary/12 x # of months x FTE)) 87000.00 Payband Max (Represents full-time (12 months, 1.0 FTE) equivalent salary. Must be prorated for jobs less than 12 months or 1.0FTE (Salary/12 x # of months x FTE)) 182700.00 Staff Hiring Band Hiring salary budgeted at mid to high end of pay band Staff Union Code NU
Position will be posted for a minimum of one week, after which it is subject to removal without notice.
Job Open Date 12/19/2019 Job Close Date (Jobs close at 11:59 PM EST.) Open Until Filled No
Position Title Classified Executive Posting Number S2367PO Department Information Security Office/11670 Position Number 00022100 Employee FTE 1.0 Employee Term 12
University Of Vermont