Logo
University of Utah

Director IT

University of Utah, Salt Lake City, Utah, United States, 84193


Information Security Office, Director Enterprise Security

The Director of Enterprise Security (DES) is a key position within the Information Security Office (ISO) with leadership responsibilities over the Enterprise Security groups (ISO-ES) and is responsible for facilitating communication between Senior IT and business leadership and operationally focused IT management and administrators at the University of Utah. Reporting directly to the Chief Information Security Officer (CISO), the DES plays a critical role within the Information Security Office and the Chief Information Security Officer’s team, serving both University of Utah Health and the University of Utah as a whole. Responsibilities

The DES will be responsible for aligning ISO-ES strategic and operational efforts with the CISO’s direction and the University’s objectives and missions. The DES will be responsible for assessing risks, evaluating emerging technologies, and determining long-term needs for ISO-ES. The DES will serve as a primary liaison between the ISO-ES with other parts of the organization, including senior leadership and other key stakeholders. The DES will communicate unmanaged risk, escalate security-related issues or incidents, and ensure alignment with business strategies. The DES will regularly communicate cybersecurity risks and initiatives to stakeholders, ensuring they are informed and engaged with the organization’s security posture. The DES will maintain cross-departmental collaboration by working closely with other IT leaders, business units, and external partners to ensure cybersecurity measures are integrated across all areas of the organization. The DES is responsible for leadership and supervision for three groups that make up ISO Enterprise Security: Security Operations Center (SOC), Security Assurance, and Security Engineering. All three groups have an Associate Director which will report to the DES. The DES will provide guidance, set priorities, and ensure the teams are working cohesively. The Associate Directors will maintain operational leadership, project, and team management for each group. Through these groups, the DES will oversee the continuous monitoring of the University’s IT systems for potential security threats. The DES will lead ISO incident response and management efforts and planning. This includes collaboration in developing and managing ISO incident response plans and preparations for cybersecurity incidents, such as data breaches or ransomware attacks. The DES will also lead crisis management and response to significant security incidents, coordinating internally within ISO-ES and ISO as well as with other departments, Office of General Counsel, leadership, and external entities. The DES will also participate with the evaluation of the cybersecurity practices of third-party vendors and partners to ensure they meet the organization’s security standards. This includes conducting security assessments and managing vendor risks. The DES will also support the CISO in helping develop and manage the overall ISO-ES budget, making decisions on how resources may be allocated across projects, teams, and in support of initiatives. The DES will need to remain up to date and informed on emerging threats and vulnerabilities, incorporating threat intelligence into ISO’s strategy and defense posture. This job description is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to the job. Minimum Qualifications

Bachelor’s degree in related computer science, Business Administration, or related area, or equivalency (one year of education can be substituted for two years of related work experience); eight years of progressively more responsible management experience; and demonstrated leadership, human relations, and effective communications skills required. Applicants must demonstrate the potential ability to perform the essential functions of the job as outlined in the position description. Preferences

Professional information security experience in higher education and/or the health care industry. Industry accepted certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other comparable professional certifications. A strong understanding of the institutional impact of security tools, technologies, and policies. An excellent understanding of information security concepts, protocols, industry best practices, and strategies. Experience working with legal, audit, and compliance staff. Experience with common information security management frameworks, such as CIS 18, NIST Special Publication 800-171, and NIST Cyber Security Framework (CSF). Familiarity with applicable legal and regulatory requirements, including, but not limited to, the US Health Insurance Portability and Accountability Act (HIPAA), EU General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS). Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining remediation strategies. Knowledge of and experience in developing and documenting security assessments and remediation plans, including strategic, tactical, and project plans. Strong analytical skills to analyze security requirements and relate them to appropriate security controls. Additional Information

About UIT:

University Information Technology (UIT) , the central IT service provider for the University of Utah, reports to the U’s

Chief Information Officer

and is responsible for many of the U’s shared IT services including the wired and wireless network; Campus Information Services (CIS) portal; UMail, telephone, and online collaboration; digital learning technologies; information security; software licensing; and a host of other IT systems and services. About the University of Utah:

Located in Salt Lake City, the U is the flagship institution of the State of Utah’s system of higher education, home to

arts and museum venues

and a member of the

BIG-12 Conference .

Skiing and snowboarding opportunities

are a short distance from campus, and opportunities to pursue activities from

biking to hiking to fishing abound . Salt Lake City is home to the

Utah Symphony and Opera ,

Ballet West ,

professional sports teams , and a wide range of other cultural and recreational activities.

#J-18808-Ljbffr