Location: Binghamton, NY Category: Professional Posted On: Tue Jun 18 2019 Job Description:
Budget Title: Associate Director of Computing Services (SL-6)
Salary: Commensurate with qualifications and experience
Binghamton University is seeking an experienced, energetic, engaging and collaborative individual to lead the information security efforts and initiatives of the institution.
The information assets of the institution are diverse and highly distributed. Therefore, information security has become a critical aspect of every facet of institutional business. As such, it is critical to develop, implement, and maintain appropriate strategies, policies, protocols, and procedures regarding these information assets.
The CISO will be responsible for collaborating with university leadership to develop, propose, and implement the overall information security posture, strategy, policies and procedures, and best practices. The overall information security strategy must balance the necessary protections and risk mitigation approaches against the ever increasing security threat landscape and academic values and mission of Binghamton University. The CISO will have the primary responsibility in keeping abreast of security threats and changes and advise and recommend the necessary adjustments. Additionally, the incumbent will collaborate with the SUNY System and other SUNY campuses as appropriate in achieving their objectives. The incumbent will be responsible for information security outreach, education and training of central and distributed IT units, as well as university constituency at large. The incumbent will be responsible for and is the primary point of contact for information security risk management and incident response. Finally, the incumbent will be responsible for leadership and supervision of the Information Security Unit within Information Technology Services.
The CISO reports to the Associate Vice President and Chief Information Officer and is a member of the CIO's leadership team.
University and Program Leadership:
Provide guidance and counsel to the CIO and university leadership, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security, while building relationships and goodwill.
Promote collaborative, empowered working environments across campus, removing barriers and realizing possibilities related to information security.
Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire institution in support of academic, research, and administrative information systems and technology.
Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level. Participate in national policy and practice discussions, and communicate to campus on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Represent the university on SUNY System committees and in national and regional consortiums and collaborations.
Policy, Compliance and Audit:
Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant federal and state laws; SUNY and Binghamton University regulations and policies.
Lead efforts to internally assess, evaluate and recommend changes and improvements to university leadership regarding the adequacy of the security controls for the current and proposed information and technology systems.
Coordinate and track all information technology and security related audits including scope of audits, units involved, timelines, auditing agencies and outcomes. Work with auditors, as appropriate, to keep audit focus in scope while providing a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.
Work with university leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements, including FERPA, HIPAA, ITAR, PCI, FISMA, and the current NIST standards.
Outreach, Education and Training:
Create education and awareness programs and advise academic and operating units at all levels on security issues, best practices, and vulnerabilities.
Implement security awareness solutions for the university constituency to comply with SUNY policies and requirements.
Work with campus distributed technology groups to build awareness and a sense of common purpose around security.
Inform and educate the university community regarding current and ongoing security threats and how to avoid them.
Inform and educate the university community on how to develop useful security related behavior patterns.
Risk Management and Incident Response:
Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
Review any proposed data and information technology investment from a security viewpoint. Assure relevant security and risk mitigation provisions are incorporated into acquisition considerations, In collaboration with staff in the Information Security Unit, develop strategies, methodologies, and tools to quickly recognize and efficiently resolve a security breach or threat.
Develop action protocols to address when a breach or threat materializes.
Communicate with appropriate members of administration in case of a breach or threat.
Provide a post-mortem analysis, relevant reports, and communicate as necessary once the incident is resolved. Also, assure the current risk mitigation policies and protocols are updated as necessary.
Provide leadership philosophy for the Information Security Unit to create a strong bridge between organizations, build respect for the contributions of all and bring groups together to share information and resources and create better security and information decisions, policies and practices for the campus.
Supervise the Unit including workload assessment, work distribution, staffing, and annual assessment.
Mentor the Information Security Unit team members and implement professional development plans for all members of the team.
Due to the nature of this position, may be assigned ad hoc information security projects and be required to assist and respond to off hour information security/operational emergencies
Must be able to maintain data confidentiality and compliance with regulatory requirements (HIPAA, FERPA, PCI, etc.)
Bachelor's Degree in Computer Science, Information Systems/Sciences, or a related field
Minimum of eight years of relevant information security experience
Minimum of three years experience in Information Security leadership and/or management
Demonstrated hands-on knowledge and experience in state-of-the-art information security technologies and forensic investigation methodology and investigation tools
Demonstrated experience in development and deployment of information security policies, procedures, risk mitigation approaches, and various information security tools
Demonstrated curiosity, interest, and ability in keeping abreast of technology and methodology advancements in information security
Familiarity with federal and state information security and related compliance laws, regulations, and standards
High degree of personal integrity and standards of professional conduct
Experience and ability to interact with senior management
Ability and experience in a fast-paced environment with minimal to no direct supervision
Proven ability to engage simultaneously in multiple projects and bring them to successful completion
Excellent decision making and problem solving skills and effectiveness in getting things done collaboratively
Ability to interact effectively with a wide variety of users with different expectations and backgrounds
Ability to lead and manage a technically diverse staff
Experience in a complex and diverse organization
Excellent interpersonal and communication skills, strong analytical skills, and ability to deal with ambiguity in a changing business environment
Excellent customer service skills
An advanced degree in Computer Science, Information Systems/Sciences, or a related field
Certified Information Security Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or similar certifications
Experience in higher education or a research environment
Experience working in a large complex organization
Offers of employment may be contingent upon successful completion of a pre-employment background check and verification of degree(s) and credentials.
Binghamton University is a tobacco-free campus.
Pursuant to Executive Order 161, no State entity, as defined by the Executive Order, is permitted to ask, or mandate, in any form, that an applicant for employment provide his or her current compensation, or any prior compensation history, until such time as the applicant is extended a conditional offer of employment with compensation. If such information has been requested from you before such time, please contact the Governor's Office of Employee Relations at (518) 474-6988 or via email at firstname.lastname@example.org
Equal Opportunity/Affirmative Action Employer The State University of New York is an Equal Opportunity/Affirmative Action Employer. It is the policy of Binghamton University to provide for and promote equal opportunity employment, compensation, and other terms and conditions of employment without discrimination on the basis of age, race, color, religion, disability, national origin, gender identity or expression, sexual orientation, veteran or military service member status, marital status, domestic violence victim status, genetic predisposition or carrier status, or arrest and/or criminal conviction record unless based upon a bona fide occupational qualification or other exception.
As required by Title IX and its implementing regulations Binghamton University does not discriminate on the basis of sex in the educational programs and activities which it operates. This requirement extends to employment and admission. Inquiries about sex discrimination may be directed to the University Title IX Coordinator or directly to the Office of Civil Rights (OCR). Contact information for the Title IX Coordinator and OCR, as well as the University's complete Non-Discrimination Notice may be found here.
Internal Number: 111658
About Binghamton University
Binghamton University is a world-class institution that unites more than 130 broadly interdisciplinary educational programs with some of the most vibrant research in the nation. Our unique character — shaped by outstanding academics, facilities and community life — promotes extraordinary student success.
Binghamton merges rigorous academics, distinguished faculty and state-of-the-art facilities to engage and challenge its 17,000 students. The high-achieving Binghamton student body also represents a great diversity of life experiences, from first-generation college-goers to international students. Beyond their talent, these classmates share a desire to shape the future through technology, insight, intellectual exploration and community service.