Under general direction of the CIO at UWRF with input from the CIO at UW-Stout. This position will report to UWRF but is expected to conduct all duties and responsibilities of the position equally amongst the two campuses. This position is responsible for research, development, implementation and ongoing monitoring of IT security and regulatory compliance policies, controls, programs and facilities, including the development and maintenance of a comprehensive Information Security Assurance Program that encompasses awareness, training, risk assessment and mitigation, incident response and disaster recovery and business continuity.
This position also establishes an overall framework for IT policy development as well as performing or overseeing the actual research, development and implementation of IT policies to ensure effective and efficient IT operations and compliance with applicable laws and regulations governing University data and IT operations.
This position is a full-time position with 50% appointment to UW-River Falls and 50% appointment to UW-Stout. While work and regulations will be similar, each campus is independent and policies and procedures in some cases may be unique at each campus. Each campus will expect this employee to work from on-site during information security incidents as needed. The home campus for this position will be UW-River Falls and the employment policies of that campus will apply to this position.
Global universities and their information security threats never sleep, there may be a need for this position to be an information security response leader while working outside of normal business hours including nights, weekends and holidays.
Knowledge, Skills and Abilities:
Required Knowledge, Skills and Abilities:
Must be a US Citizen.
Ability to pass Wisconsin Department of Justice, Crime Information Bureau, finger-printed background check (CJIS) conducted by the University Police department (https://www.doj.state.wi.us/dles/cib/background-check-criminal-history-information) within six months of hire and must maintain this status as a condition of employment.
Bachelor's Degree in Information Security, Computer Science, Management Information Systems, Business, or a related field.
Minimum of 3 years progressively increasing responsibility in an IT policy, IT security or IT governance role preferably in a higher-education setting.
Must hold, or be able to obtain within six months of hire, a management-oriented security certification (e.g., CISSP, CISM or GSEC).
Knowledge of networking technologies including network security technologies including firewalls, VPN, network intrusion detection / prevention and related systems.
Strong knowledge of IT security practices, application development and operational frameworks such as Incommon Assurance, NIST CyberSecuity Framework, ISO/IEC 27001 Security Framework, Open Web Application Security Project (OWASP) practices or Control Objectives for Information and Related Technologies COBIT.
Strong knowledge of data and security regulations and their application in Higher Education, including FERPA, HIPAA-HITECH, PCI, GLBA, FTC's Red Flags Rule, GDPR, CJIS, WI Statute 134.98 and other applicable regulations.
Ability in leading an Information Security Response team including triage of daily operational events and leadership of incident management teams including the ability to drive coordination with organizational management in a corelated response.
Ability to lead internal and external regulatory self-assessment, audit and compliance response teams, to coach team members in providing responses in a truthful and coordinated manner while ensuring not to increase the risk profile for the institution.
Ability to implement organizational change while utilizing IT project management principles, processes and methodologies.
Strong ability to form and lead cross-functional teams in implementing process and organizational change.
Ability to form strong business partnerships across distinct campus departments and business units.
Ability to articulate strategy and vision and present plans, proposals and issues to executive management.
Ability to manage multiple competing priorities and remain calm and focused in high-pressure situations.
Ability to be self-directed under a general supervision by the two Chief Information Officers at two separate and distinct institutions. Ability to mitigate conflicting priorities and to decrease redundancy between the organizations while developing gained efficiencies of scale between the two organizations (do once, repeat results.) Account for time and provide written reports of activities to the organizations.
Preferred Knowledge, Skills and Abilities:
5 or more years progressively increasing responsibility in an IT policy, IT security or IT governance role preferably in a higher-education setting.
Direct career building hands on background in software application development, system and service management or network administration as a foundation builder to a technical foundation.
Direct career building involvement in management and business analysis of an organization, including financial, human resources and strategic decision-making process to establish a firm management foundation.
Direct, recent experience with policy or compliance relating to data regulations such as FERPA, PCI, HIPAA, GLBA and/or PCI.
Experience working independently to conduct technical investigations with diverse constituents, providing detailed written reports and presentations.
Knowledge in the application of Wisconsin Open Records law regarding data set development in response to open records request. Ability to work with UW System Legal Counsel in response to civil or criminal subpoena and warrants for information served to the organization.
Knowledge of systems logging and monitoring applications, including custom query and reporting development for creation of dashboards for security personnel, IT leadership and senior organizational management.
Strong knowledge of business disaster preparedness, disaster recovery and business continuity principles, concepts, technologies and architectures.
Strong knowledge of IT governance and service management frame works such as Microsoft Operational Framework (MOF) or ITILv3.
Ability to foster a working relationship with law enforcement to serve as an advisor to them when required and to work with them as needed in criminal investigations.
Special Instructions to Applicants:
Applicants are required to apply online. UWRF will not consider paper, emailed or faxed applications.
Applicants are required to provide:
Resume or CV
Letter of interest specifying qualifications and experience (cover letter)
An unofficial transcript
Names, addresses, telephone numbers, and e-mail addresses of three references who can specifically comment on your ability, experience and professional preparation (references).
Inquiries should be addressed to: Dr. Tony Varghese, Search Chair Dept. of Computer Science and Information Systems Anthony.firstname.lastname@example.org
Deadline to Apply: Initial review of applications will begin upon receipt. For full consideration, applicants should submit all required materials by March 22nd, 2019, applications will be accepted until the position is filled.
UW-River Falls does not offer H-1B or other work authorization visa sponsorship for this position. Candidates must be legally authorized to work in the United States at the time of hire and maintain work authorization throughout the employment term. If you have questions regarding this, please contact Human Resources at 715-425-4941.
UW-River Falls Diversity Statement: We declare that diversity and inclusivity are core values. We dedicate ourselves to build a culture grounded in principles of equity, social justice, and excellence. We fundamentally affirm and embrace the multiple identities, values, belief systems, and cultural practices of all individuals and communities. We will address fundamental issues of bias, discrimination, and exclusion.
The University is committed to creating an educational community which enhances student awareness and appreciation of diverse ethnicities and cultures and identities which actively supports tolerance, civility and respect for the rights and sensibilities of each person without regard to economic status, ethnic background, political views, sexual orientation, or other personal characteristics or beliefs. Awareness of and sensitivity to diverse ethnic and cultural heritages are especially sought in applicants.
UW-River Falls is an equal opportunity, affirmative action employer subject to all state and federal regulations pertaining to non-discrimination based upon sex, gender identity or expression, sexual orientation, race, color, national origin, religion, disability, marital status, age, arrest and/or conviction record, veteran or military status. All persons, especially women, minorities, veterans, and persons with disabilities are encouraged to apply.
Employment is subject to federal laws that require verification of your identity and legal right to work in the United States as required by the Immigration Reform and Control Act.
Confidentiality of Applicant Materials:
The University of Wisconsin System will not reveal the identities of applicants who request confidentiality in writing, except that the identity of the final candidates may be released. See Wis. Stat. sec. 19.36(7).
Annual Security and Fire Safety Report:
The Annual Security and Fire Safety Report, which includes statistics about reported crimes and information about UWRF campus security policies can be viewed at https://www.uwrf.edu/Police/Annual-Security-Report.cfm or call University Police at 715-425-3133 for a paper copy.
UW-Stout’s Campus Safety information and crime statistics can be found here: http://www.uwstout.edu/police/clery.cfm
Internal Number: 5101
About University of Wisconsin - River Falls
Our mission is to help prepare students to be productive, creative, ethical, engaged citizens and leaders with an informed global perspective.