Job Title Chief Information Security & Privacy Officer
Agency Texas A&M University - Corpus Christi
Department Information Technology
Proposed Minimum Salary Commensurate
Job Location Corpus Christi, Texas
Job Type Staff
Job Description Job Description:
Reporting to the Chief Information Officer and with a dotted-line to the Chief Compliance Officer, the Chief Information Security & Privacy Officer (CISPO) exercises discretion, independent judgment, and strategic leadership for the information security and privacy program at Texas A&M University-Corpus Christi. The CISPO ensures that appropriate information technology (IT) security and privacy policies, standards, procedures, and compliance requirements are met to empower teaching and learning, enhance research, and enable digital transformation. The CISPO serves as the designated information security office for TAMU-CC with Texas Department of Information Resources.
The CISPO engages in on-going dialogue with University departments, the community, and/or external agencies and provides leadership and supervision. Works with other departments to ensure network security, access control, physical security, application development and management meet institution, Federal, State, and industry regulatory requirements. Advises the CIO, Chief Compliance Officer, and other executive staff on issues concerning the information security and compliance needs of the university. Responsibilities include developing and implementing information security and data handling policies, ensuring compliance with University policies and state and federal laws; development of new services; overseeing project and service portfolios; and providing personnel and fiscal leadership for the IT Office of Information Security.
Key elements of this role are communicating security at a strategic level to executive management, interacting with TAMU System Internal Audit, Office of General Council, and the TAMU System Chief Information Security Officer, and evangelizing security across the business to drive adoption of security best practices.
COMPLIANCE - 25%
Serves as the Information Security Officer for (ISO) for the university as required by TAC 202 and the Texas State Department of Information Resources (DIR).
Develop/review all system-related information security plans throughout the organization to ensure alignment between security and privacy practices. Prepares university, Texas A&M System and State of Texas information risk assessments and compliance reports.
Develops/monitors internal control systems to ensure appropriate processes are in place to assure access privileges are assigned and maintained appropriately.
Monitors/ensures that the University's information technology is managed in compliance with the University security policies and procedures and with all federal, state, county, and local laws and regulations related to business continuity standards and guidelines.
Promotes a culture of compliance and information security, quality customer service, and innovation that synchronizes with the University's mission.
Increase awareness and train faculty, staff and students on compliance matters and best practices.
Serve as a project manager for information security compliance initiatives and point of contact for providing third party auditors with information that they request.
Ensure the prevention, detection, containment, correction and documentation of security incidents and breaches.
Certify that technology systems meet predetermined security requirements.
Design, implement and/or audit information technology security and privacy programs.
PEOPLE AND RESOURCE MANAGEMENT - 20%
Provides overall leadership and mentoring for assigned administration staff.
Manages the administrative processes for human resource actions (hiring, professional development, promotions, terminations, disciplinary procedures, and salary adjustments) to maintain a skilled technical and customer service-oriented staff.
Provides ongoing performance feedback, goal setting, and development plans for staff. Plans for future staffing needs.
Provides timely communications to staff.
Responsible for budgeting and resource planning to departmental goals.
RISK MANAGEMENT & IT SECURITY INCIDENT RESPONSE - 20%
Develop IT security incident response processes and plans.
Ensure that disaster recovery plans & procedures for business-critical services satisfy university security standards & support recovery following occurrence of a security event.
Engage stakeholders in planning process and define campus roles and responsibilities for security incident response.
Form and maintain Security Incident Response Team as needed.
Proactively recognize IT Security incidents wherever possible through active and passive monitoring and instrumentation.
Coordinate execution of incident response plans and communicate plans, actions and outcomes to CIO and executive leadership.
Work with system owners, data custodians and subject matter experts to coordinate the response to external requests for information such as open records requests, e-discovery requests, requests for assistance to law enforcement, abuse complaints, etc.
Ensure the proper functioning of information risk governance, obtaining senior leadership consensus on information security and privacy strategy, reporting to senior leadership the current state of the information security and privacy program, and balancing information security with privacy concerns for the University.
STRATEGIC PLANNING & LEADERSHIP - 20%
Assumes leadership role in the development, implementation, and directing of a comprehensive security and privacy program in accordance with federal and state requirements and provide guidance in support of academic, research, and administrative information systems.
Fulfills the responsibilities of the Information Security Officer as defined by TAC 202 and TAMU System policies.
Under broad guidance of CIO and in concert with university leadership, maintain an effective framework for development of IT policies that identifies and engage stakeholders and encourages effective participation in the policy development process.
Provide guidance and counsel to the CIO and the university leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security, while building positive relationships.
Define security and privacy strategies, metrics, reporting mechanisms and program services? and create maturity models and a roadmap for continual program improvements.
Stay abreast of information security and privacy issues and regulatory changes affecting higher education at the state and national level.
Participate in national policy and practice discussions and communicate to campus on a regular basis about those topics.
Bring groups together to share information and resources and create better decisions, policies and practices for the campus.
Represent the university on committees and boards associated for TAMU System and in national and regional consortiums and collaborations.
DISASTER RECOVERY & BUSINESS CONTINUITY - 10%
Develop, implement and maintain disaster recovery and/or business continuity operations plans.
Periodically assess effectiveness of plans and provide reporting to CIO and senior leadership on disaster recovery and business continuity plan and capabilities.
Remain abreast of IT security and disaster recovery / business continuity rules, regulations and best practices.
Participate in university, TAMU System, and higher education working groups and committees as needed.
OTHER - 5%
Performs other duties as assigned.
Bachelor's Degree in computer science, engineering, technology, business management or a related field.
One or more appropriate professional certifications, such as a CISSP, CISM, CISA, CIPP, CIPT, or CRISC
Minimum 10 years of IT and/or business leadership experience, and 5+ years of information security/cybersecurity experience.
Record developing and successfully implementing information security or privacy policies and procedures.
Proficiency researching, interpreting, and applying complex state, federal, and/or international information security and privacy laws, rules, regulations, or guidelines such as:
Security, risk and control frameworks/standards/regulations (e.g. Texas TAC 202, ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO, PCI, export controls or ITIL).
Information privacy and data protection regulations [e.g. FERPA, HIPAA, EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)].
Experience either conducting or responding to information-security audits or assessments.
Understanding of on premise and cloud architectures as well as their implications on information security strategy.
Demonstrated capability to handle confidential and sensitive information with discretion
Ability to effectively guide, lead and develop technical employees promoting team relationship skills and communication.
Excellent written and verbal communication, interpersonal and collaborative skills.
Security technology acumen and experience including but not limited to: firewall, intrusion detection, cyber-attack tools and defenses, encryption, certificate authority, web filtering, anti-malware, anti-phishing, identity and access management, multi factor authentication.
Travel may be required about 10% of the time.
The ideal candidate will have education and experience in the following areas:
Appropriate terminal degree a related field preferred (e.g. doctorate, JD, etc.)
Experience identifying and documenting business risk, risk assessment and risk-based decision making.
Experienced with contract and vendor negotiations, including review and editing of contracts.
Technical acumen including but not limited to: OSI, IT infrastructure, cloud, application development languages, tools and frameworks, database technologies, web technologies, next gen mobile, network architecture, enterprise architecture, and directory services.
Proficiency evangelizing IT security and privacy to make it a critical part of business operations.
All positions are security-sensitive. Applicants are subject to a criminal history investigation, and employment is contingent upon the institution's verification of credentials and/or other information required by the institution's procedures, including the completion of the criminal history check.
Equal Opportunity/Affirmative Action/Veterans/Disability Employer committed to diversity.
Texas A&M University-Corpus Christi is a vibrant, Hispanic Serving Doctoral Research Institution that proudly provides a solid academic reputation, renowned faculty and highly-rated degree programs since 1947. The University has a heritage of teaching excellence with innovation in research and community engagement as part of the distinguished Texas A&M System. With palm tree-lined pathways throughout the campus, nearby natural wetlands, a scenic hike-and-bike trail and a university beach, Texas A&M University-Corpus Christi is the only university in the nation located on its own island, at the heart of the Texas Gulf Coast.