Information Security Officer (ISO)
University Technology Services
The Information Security Officer (ISO) is responsible for the development and delivery of a comprehensive, University-Wide information security strategy and program that protects information assets, to ensure the confidentiality, integrity and availability of University electronic information. The ISO leads the development and implementation of a security program to leverage collaboration, facilitate information security governance, advise executive leadership on security direction, resource investment and design appropriate policies to manage information security risks. The incumbent will be responsible for creating and maintaining enforceable policies, supporting processes and ensuring compliance with related regulatory requirements. This will include a collaborative coordination of activities with all departments, including the evaluation, procurement and deployment of security-related products; developing and coordinating information security awareness and education programs; and ensuring the coordination of a University-wide disaster recovery and incident response plans are in place and maintained for the University.
- Creates information security strategies, both short-term and long-range, in support of the University’s goals.
- Directs an ongoing, proactive risk assessment program for all new and existing systems in line with the University’s goals and objectives. Communicates risks and recommendations to mitigate risks to senior administration by communicating in non-technical, cost/benefit terms and in a format relevant to senior administrators so timely decisions can be made to ensure the security of information systems and information entrusted to the University.
- Oversees all ongoing activities related to the development, implementation, and maintenance of the University’s information security policies and procedures. Ensuring the policies and procedures encompass the overall security of electronic information at rest or in motion within the University systems. Assisting departments in local process and procedure development, ensuring they are not in conflict with University security risks and posture.
- Serves as the subject matter expert and assists other departments for regulatory requirements and compliance issues as applied to technology. (e.g. PCI – data standards, FISMA, FERPA, GLBA, etc) This includes support of data governance, data stewardship and technical architecture review programs.
- Oversees the departmental budget. Reviews hardware, software and services being considered for purchase or implementation by University Technology Services and other campus departments to assess security issues and assure proper information security features are incorporated to support university business needs. This includes providing security requirements in RFP’s for software and services, managing vendor and third-party risk strategies, along with performing review and evaluation of Service Organization Controls (SOC) Reports.
- Will form and Chair an Information Security Committee to ensure activities are coordinated across university departments and colleges to ensure security decisions are consistently applied and risks are mitigated to prevent interruption in business processes while maintaining the confidentiality, integrity, and availability of University information. Advises University personnel on managing effective security practices.
- Ensures vulnerabilities are managed by directing periodic vulnerability scans of servers connected to University networks and conducts adequate reporting and follow-up to ensure issues are addressed.
- Develops information security awareness training and education programs, works with other University entities to present them to faculty, staff, and students, and participates in local, regional, and national awareness and education events, as appropriate.
- Ensures sufficient resources are available and allocated to security related projects by balancing project funding requirements with the assigned budgets, coordinates and tracks project expenditures to ensure resources are used effectively and within budget, and provides periodic budget reports to the Vice President for Finance and Administration or appropriate departments.
- Acts proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.
- Evaluates security incidents and determines what response, if any, is needed and coordinates University responses, including technical incident response teams, when sensitive information is breached.
- Interfaces with law enforcement agencies and other government agencies to address security lapses and responds to information security issues.
- Works with University leadership, Office of Legal Counsel, and relevant compliance areas to build cohesive security and compliance programs to effectively address statutory and regulatory requirements, develop a strategy for consistent, cohesive interaction with audits, compliance checks and external assessment processes for both internal/external auditors.
- Develops organizational metrics to report on the effectiveness and of the information security management program and the progress of the increasing the maturity level of the program over time.
- Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by the supervisor, and obtaining or retaining certifications relevant to job duties.
- Contributes to a work environment that encourages knowledge of, respect for, and development of skills to engage with those of other cultures or backgrounds.
- Contributes to the overall success of the University by performing all other duties and responsibilities as assigned.
- Bachelor’s degree in a technical discipline: Computer Science, Information Technology, Technology Engineering or similar field or equivalent combination of training, education and experience from which comparable skills have been acquired.
- At least 10 years of varied information technology experience is required. This experience includes, but is not limited to, computer and networking infrastructure, operating systems, application software development, project management, regulatory compliance, risk management, and providing training.
- At least 7 years of direct experience in information security-related duties including: cybersecurity, and a proven developer of a comprehensive security plan; a proven record in developing and implementing various levels of security training for IT staff and university end-users; competency in technical, vulnerability scanning and monitoring of network traffic; all phases of incident response management along with experience with disaster recovery planning and execution.
- At least one of the following current professional certifications: CISSP, CISM, GIAC or CISA
- Advanced degree in information technology or related field Master’s Degree in noted fields of experience
- Experience in University setting Consulting firm experience
(Each position requires a background check.)
About Northeastern Illinois University:
Northeastern Illinois University’s Main Campus is located on 67 acres in an attractive residential area on the Northwest Side of Chicago. The University offers more than 40 undergraduate degree and certificate programs and more than 50 graduate degree, certificate, licensure and endorsement programs. The University is a federally designated Hispanic-Serving Institution. It has additional locations in the metropolitan area, including the Jacob H. Carruthers Center for Inner City Studies, El Centro, Center for College Access and Success, and the University Center of Lake County.
Screening will begin immediately until position is filled.
In order to be considered for employment to Northeastern Illinois University (NEIU) you must submit the following and send all documents within one PDF document to: ISO-Search@neiu.edu
- A letter of interest addressing your qualifications for the position
- Current Resume
- Three (3) current professional references
- Employment Application
- Statement of Annuitant Status
Northeastern Illinois University is an Equal Opportunity/Affirmative Action Employer and invites applications from Women, Minorities, Veterans and Persons with Disabilities, as well as Other Qualified Individuals. Northeastern Illinois University's positions are contingent upon the University's receipt of its State of Illinois appropriation.