University of Utah is hiring: Director Enterprise Security in Salt Lake City
University of Utah, Salt Lake City, UT, United States
Details Open Date 10/10/2024 Requisition Number PRN40069B Job Title Director IT Working Title Director Enterprise Security Job Grade I FLSA Code Executive Patient Sensitive Job Code? No Standard Hours per Week 40 Full Time or Part Time? Full Time Shift Day Work Schedule Summary VP Area President Department 00954 - UIT Systems & Security Location Campus City Salt Lake City, UT Type of Recruitment External Posting Pay Rate Range $103,700 - $202,300 Close Date Priority Review Date Job Summary Information Security Office, Director Enterprise Security The Director of Enterprise Security ( DES ) is a key position within the Information Security Office ( ISO ) with leadership responsibilities over the Enterprise Security groups ( ISO -ES) and is responsible for facilitating communication between Senior IT and business leadership and operationally focused IT management and administrators at the University of Utah. Reporting directly to the Chief Information Security Officer ( CISO ), the DES plays a critical role within the Information Security Office and the Chief Information Security Officer’s team, serving both University of Utah Health and the University of Utah as a whole. Responsibilities The DES will be responsible for aligning ISO -ES strategic and operational efforts with the CISO’s direction and the University’s objectives and missions. The DES will be responsible for assessing risks, evaluating emerging technologies and determining long-term needs for ISO -ES. The DES will serve as a primary liaison between the ISO -ES with other parts of the organization, including senior leadership and other key stakeholders. The DES will communicate unmanaged risk, escalate security related issues or incidents, and ensure alignment with business strategies. The DES will regularly communicate cybersecurity risks and initiatives to stakeholders, ensuring they are informed and engaged with the organization’s security posture. The DES will maintain cross-departmental collaboration by working closely with other IT leaders, business units, and external partners to ensure cybersecurity measures are integrated across all areas of the organization. The DES is responsible for leadership and supervision for three groups that make up ISO Enterprise Security: Security Operations Center ( SOC ), Security Assurance, and Security Engineering. All three groups have an Associate Director which will report to the DES . The DES will provide guidance, set priorities, and ensure the teams are working cohesively. The Associate Directors will maintain operational leadership, project and team management for each group. Through these groups the DES will oversee the continuous monitoring of the University’s IT systems for potential security threats. The DES will lead ISO incident response and management efforts and planning. This includes collaboration in developing and managing ISO incident response plans and preparations for cybersecurity incidents, such as data breaches or ransomware attacks. The DES will also lead crisis management and response to significant security incidents, coordinating internally within ISO -ES and ISO as well as with other departments, Office of General Counsel, leadership and external entities. The DES will also participate with the evaluation of the cybersecurity practices of third-party vendors and partners to ensure they meet the organization’s security standards. This includes conducting security assessments and managing vendor risks. The DES will also support the CISO in helping develop and manage the overall ISO -ES budget, making decisions on how resources may be allocated across projects, teams and in support of initiatives. The DES will need to remain up to date and informed on emerging threats and vulnerabilities. Incorporating threat intelligence into ISO’s strategy and defense posture. This job description is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job. Minimum Qualifications Bachelor’s degree in related computer science, Business Administration, or related area, or equivalency (one year of education can be substituted for two years of related work experience); eight years of progressively more responsible management experience; and demonstrated leadership, human relations and effective communications skills required. Applicants must demonstrate the potential ability to perform the essential functions of the job as outlined in the position description. Preferences Professional information security experience in higher education and/or the health care industry. Industry accepted certifications, such as Certified Information Systems Security Professional ( CISSP ), Certified Information Security Manager ( CISM ), Certified Information Systems Auditor ( CISA ), or other comparable professional certifications. A strong understanding of the institutional impact of security tools, technologies, and policies. An excellent understanding of information security concepts, protocols, industry best practices, and strategies. Experience working with legal, audit, and compliance staff. Experience with common information security management frameworks, such as CIS 18, NIST Special Publication 800-171, and NIST Cyber Security Framework ( CSF ). Familiarity with applicable legal and regulatory requirements, including, but not limited to, the US Health Insurance Portability and Accountability Act ( HIPAA ), EU General Data Protection Regulation ( GDPR ), Payment Card Industry Data Security Standard ( PCI DSS ). Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining remediation strategies. Knowledge of and experience in developing and documenting security assessments and remediation plans, including strategic, tactical, and project plans. Strong analytical skills to analyze security requirements and relate them to appropriate security controls. Type Benefited Staff Special Instructions Summary Additional Information About UIT: University Information Technology ( UIT ), the central IT service provider for the University of Utah, reports to the U’s Chief Information Officer and is responsible for many of the U’s shared IT services including the wired and wireless network; Campus Information Services ( CIS ) portal; UMail, telephone, and online collaboration; digital learning technologies; information security; software licensing; and a host of other IT systems and services. About the University of Utah: Located in Salt Lake City, the U is the flagship institution of the State of Utah’s system of higher education, home to arts and museum venues and a member of the BIG -12 Conference. Skiing and snowboarding opportunities are a short distance from campus, and opportunities to pursue activities from biking to hiking to fishing abound. Salt Lake City is home to the Utah Symphony and Opera, Ballet West, professional sports teams, and a wide range of other cultural and recreational activities. University of Utah Benefits · Health, dental, and wellness coverage Automatic and immediately vested 14.2% employer contribution to personal retirement account (401a) Free public transportation pass (Utah Transit Authority) · Paid leave time · Reduced tuition benefits for employee and family members More information: https://www.hr.utah.edu/benefits/ The University is a participating employer with Utah Retirement Systems (“URS”). Eligible new hires with prior URS service, may elect to enroll in URS if they make the election before they become eligible for retirement (usually the first day of work). Contact Human Resources at (801) 581-7447 for information. Individuals who previously retired and are receiving monthly retirement benefits from URS are subject to URS’ post-retirement rules and restrictions. Please contact Utah Retirement Systems at (801) 366-7770 or (800) 695-4877 or University Human Resource Management at (801) 581-7447 if you have questions regarding the post-retirement rules. This position may require the successful completion of a criminal background check and/or drug screen. The University of Utah values candidates who have experience working in settings with students and patients from all backgrounds and possess a strong commitment to improving access to higher education and quality healthcare for historically underrepresented students and patients. All qualified individuals are strongly encouraged to apply. Veterans’ preference is extended to qualified applicants, upon request and consistent with University policy and Utah state law. Upon request, reasonable accommodations in the application process will be provided to individuals with disabilities. The University of Utah is an Affirmative Action/Equal Opportunity employer and does not discriminate based upon race, ethnicity, color, religion, national origin, age, disability, sex, sexual orientation, gender, gender identity, gender expression, pregnancy, pregnancy-related conditions, genetic information, or protected veteran’s status. The University does not discriminate on the basis of sex in the education program or activity that it operates, as required by Title IX and 34 CFR part 106. The requirement not to discriminate in education programs or activities extends to admission and employment. Inquiries about the application of Title IX and its regulations may be referred to the Title IX Coordinator, to the Department of Education, Office for Civil Rights, or both. To request a reasonable accommodation for a disability or if you or someone you know has experienced discrimination or sexual misconduct including sexual harassment, you may contact the Director/Title IX Coordinator in the Office of Equal Opportunity and Affirmative Action ( OEO /AA). More information, including the Director/Title IX Coordinator’s office address, electronic mail address, and telephone number can be located at: https://www.utah.edu/nondiscrimination/ Online reports may be submitted at oeo.utah.edu https://safety.utah.edu/safetyreport This report includes statistics about criminal offenses, hate crimes, arrests and referrals for disciplinary action, and Violence Against Women Act offenses. They also provide information about safety and security-related services offered by the University of Utah. A paper copy can be obtained by request at the Department of Public Safety located at 1658 East 500 South.