Temple College
Chief Information Security Officer
Temple College, Temple, Texas, us, 76508
Position Summary & Essential Duties
The following duties, responsibilities, Knowledge, Skills, and Abilities (KSA’s), and physical requirements are intended to describe the general nature and level of work being performed. The information listed below is not intended to be construed as a complete listing of all duties, responsibilities, KSA’s, and physical requirements required of this position since changes to the position may occur at any time or additional requirements may be added over the course of time.
SUMMARY:Under the general supervision of the Executive Director of Information Technology Services, the incumbent provides a high level of information security analysis for Information Technology and other Temple College departments. Responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which Temple College operates. The incumbent is responsible for identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risks to information assets while supporting and advancing Temple College’s objectives. Participates in the implementation efforts for various infrastructure projects. Provides consulting, problem determination and resolution, and needs analysis to support the use of technology by faculty, staff, and students. Additionally, the incumbent researches new technologies and leverages optimization techniques to ensure that systems operate efficiently.
Qualifications (Required and Preferred)
MINIMUM EDUCATIONAL AND WORK REQUIREMENTS (MINIMUM QUALIFICATIONS):Master’s Degree in Cybersecurity or Information Technology or related field and one (1) year directly related work experience, OR Bachelor’s Degree in Cybersecurity or Information Technology or related field and three (3) years directly related work experience, OR Associate’s Degree and five (5) years directly related work experience, or an equivalent blend of education and directly related work experience. Directly related work experience must be in an Information Networking or Security role. A combination of experience, certification, and education that demonstrates possession of the necessary knowledge and abilities for this position is required.
CERTIFICATION OR LICENSESA valid Texas Driver’s License is required.
PREFERENCES:
CompTIA Network+, Security+, CySA+, or equivalent.
Fortinet Certified Associate (NSE4), or ability to earn within six months of hire.
Previous work experience with Fortinet security products
Previous work experience in higher education or K12 environments.
Job Duties and Responsibilities
The incumbent:
Facilitates an information security governance structure by implementing a hierarchical governance program using the Information Technology Advisory Board.
Defines and facilitates the processes for information security risk and legal and regulatory assessments, including reporting and overseeing treatment efforts to address negative findings.
Provides regular reporting on the current status of the information security program to the College President and Executive Council as part of a strategic enterprise risk management program, thus supporting business outcomes.
Creates and manages a targeted information security awareness training program for all employees, contractors, and approved system users and establishes metrics to measure its effectiveness for different audiences.
Provides clear risk-mitigating directives for projects with components in IT, including the mandatory application of controls.
Develops and enhances an up-to-date information security management framework based on the Texas Cybersecurity Framework and NIST 800-53.
Develops and maintains a document framework of continuously up-to-date information security policies, standards, and guidelines. Oversee the approval and publication of these information security policies and practices.
Creates a framework for roles and responsibilities with regard to information ownership, classification, accountability, and protection of information assets.
Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals.
Assists with hardware, firewall, telecom, and software vendor evaluation, recommendation, and negotiations.
Assists in developing, planning, and implementing recommended processes for maintaining a stable security environment.
Monitors the performance and integrity of all systems using appropriate system administration tools.
Recommends additional tools and procedures to improve stability and assist in proactively identifying potential problems.
Participates in the deployment of new software and technology.
Maintains accurate and timely documentation of systems, project plans, and work order progress.
Ensures effective inter and intra-team communications.
Understands, recommends, and provides network and security solutions.
Maintains knowledge of current technology trends, especially those trends relating to the educational environment.
Maintains and updates assigned Incident and Service Request tickets on a daily basis.
Mentors and cross-trains team members on existing and new technologies.
Maintain cooperative working relationships with other IT staff members.
Performs other duties as assigned.
SOCIAL CONSTRUCTS REQUIRED OF POSITION:
Display empathy and positive regard for others in written, verbal, and non-verbal communication.
Work with colleagues and students by practicing punctuality, respect for deadlines, collaborative problem-solving, and honest communication.
Be friendly and collegial with co-workers, faculty, students, staff, and visitors to the campus.
Build trusting relationships by acting with integrity, courtesy, and responsibility, even under stressful or demanding workplace conditions.
Attend training, read job-related materials, and meet with others in the area of responsibility to maintain proficiency as needed and approved.
Dress appropriately for a workplace with frequent customer service interaction and community outreach.
Meet all required standards
Knowledge Skills and Abilities & Physical Demands
KNOWLEDGE:
Working knowledge of the College’s vision, mission, and values.
Advanced working knowledge of server, computer hardware, and desktop software.
Advanced working knowledge of networking environments.
Advanced working knowledge of physical building security environments.
Knowledge of local, state, and federal laws and regulations relating to information security.
Knowledge and understanding of relevant legal and regulatory requirements, such as the Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry/Data Security Standard, Texas Risk and Authorization Management Program (TX-RAMP) and Texas Administrative Code 202: Information Security Standards.
Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, the Texas Cybersecurity Framework, and those from NIST, including 800-53 and Cybersecurity Framework.
Project management skills: financial/budget management, scheduling, and resource management.
Knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
SKILLS:
Analytical skills with expert knowledge of information systems and technical expertise with Microsoft, macOS, and Linux operating systems, storage systems, firewalls, and Internet applications.
Excellent contemporary customer service skills.
Excellent communication skills. Ability to communicate with various levels of users to understand the problem. Must maintain a positive, professional image.
Excellent organizational and project management skills. Experience with project management tools and techniques.
Experience in developing information security policies and procedures.
Performing security risk assessments and audits.
Up-to-date knowledge of methodologies and trends in both business and IT.
ABILITIES:
Ability to learn new things and keep up with the pace of technological changes.
Ability to collect the appropriate information from the user to expedite the resolution of the problem. Demonstrate good judgment in investigating and escalating problems.
Ability to identify problems and recommend solutions.
PHYSICAL EFFORT:Medium physical activity that may include lifting, pushing, and pulling objects up to 50 pounds or larger with the help of a colleague. Extended periods of reading, writing, bending, and sitting. Computer data entry.
WORKING CONDITIONS:Work is normally performed in an office setting. Duties will require travel in personal or college-owned vehicles. Evening and weekend work may be required.
WORK SCHEDULE:8:00 AM to 6:00 PM Monday through Thursday with an hour lunch break.8:00 AM to 12:00 PM on Friday.Work hours may be flexed to meet the needs of the department.
This is an on-site position. Essential duties of the role must be performed in-person, during prescribed work hours.
HOURS REQUIRED PER WEEK:40
TRS/ORP:TRS only
SUPERVISOR OF:None
DIRECT SUPERVISOR:Executive Director, Information Technology Services
#J-18808-Ljbffr
The following duties, responsibilities, Knowledge, Skills, and Abilities (KSA’s), and physical requirements are intended to describe the general nature and level of work being performed. The information listed below is not intended to be construed as a complete listing of all duties, responsibilities, KSA’s, and physical requirements required of this position since changes to the position may occur at any time or additional requirements may be added over the course of time.
SUMMARY:Under the general supervision of the Executive Director of Information Technology Services, the incumbent provides a high level of information security analysis for Information Technology and other Temple College departments. Responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which Temple College operates. The incumbent is responsible for identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risks to information assets while supporting and advancing Temple College’s objectives. Participates in the implementation efforts for various infrastructure projects. Provides consulting, problem determination and resolution, and needs analysis to support the use of technology by faculty, staff, and students. Additionally, the incumbent researches new technologies and leverages optimization techniques to ensure that systems operate efficiently.
Qualifications (Required and Preferred)
MINIMUM EDUCATIONAL AND WORK REQUIREMENTS (MINIMUM QUALIFICATIONS):Master’s Degree in Cybersecurity or Information Technology or related field and one (1) year directly related work experience, OR Bachelor’s Degree in Cybersecurity or Information Technology or related field and three (3) years directly related work experience, OR Associate’s Degree and five (5) years directly related work experience, or an equivalent blend of education and directly related work experience. Directly related work experience must be in an Information Networking or Security role. A combination of experience, certification, and education that demonstrates possession of the necessary knowledge and abilities for this position is required.
CERTIFICATION OR LICENSESA valid Texas Driver’s License is required.
PREFERENCES:
CompTIA Network+, Security+, CySA+, or equivalent.
Fortinet Certified Associate (NSE4), or ability to earn within six months of hire.
Previous work experience with Fortinet security products
Previous work experience in higher education or K12 environments.
Job Duties and Responsibilities
The incumbent:
Facilitates an information security governance structure by implementing a hierarchical governance program using the Information Technology Advisory Board.
Defines and facilitates the processes for information security risk and legal and regulatory assessments, including reporting and overseeing treatment efforts to address negative findings.
Provides regular reporting on the current status of the information security program to the College President and Executive Council as part of a strategic enterprise risk management program, thus supporting business outcomes.
Creates and manages a targeted information security awareness training program for all employees, contractors, and approved system users and establishes metrics to measure its effectiveness for different audiences.
Provides clear risk-mitigating directives for projects with components in IT, including the mandatory application of controls.
Develops and enhances an up-to-date information security management framework based on the Texas Cybersecurity Framework and NIST 800-53.
Develops and maintains a document framework of continuously up-to-date information security policies, standards, and guidelines. Oversee the approval and publication of these information security policies and practices.
Creates a framework for roles and responsibilities with regard to information ownership, classification, accountability, and protection of information assets.
Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals.
Assists with hardware, firewall, telecom, and software vendor evaluation, recommendation, and negotiations.
Assists in developing, planning, and implementing recommended processes for maintaining a stable security environment.
Monitors the performance and integrity of all systems using appropriate system administration tools.
Recommends additional tools and procedures to improve stability and assist in proactively identifying potential problems.
Participates in the deployment of new software and technology.
Maintains accurate and timely documentation of systems, project plans, and work order progress.
Ensures effective inter and intra-team communications.
Understands, recommends, and provides network and security solutions.
Maintains knowledge of current technology trends, especially those trends relating to the educational environment.
Maintains and updates assigned Incident and Service Request tickets on a daily basis.
Mentors and cross-trains team members on existing and new technologies.
Maintain cooperative working relationships with other IT staff members.
Performs other duties as assigned.
SOCIAL CONSTRUCTS REQUIRED OF POSITION:
Display empathy and positive regard for others in written, verbal, and non-verbal communication.
Work with colleagues and students by practicing punctuality, respect for deadlines, collaborative problem-solving, and honest communication.
Be friendly and collegial with co-workers, faculty, students, staff, and visitors to the campus.
Build trusting relationships by acting with integrity, courtesy, and responsibility, even under stressful or demanding workplace conditions.
Attend training, read job-related materials, and meet with others in the area of responsibility to maintain proficiency as needed and approved.
Dress appropriately for a workplace with frequent customer service interaction and community outreach.
Meet all required standards
Knowledge Skills and Abilities & Physical Demands
KNOWLEDGE:
Working knowledge of the College’s vision, mission, and values.
Advanced working knowledge of server, computer hardware, and desktop software.
Advanced working knowledge of networking environments.
Advanced working knowledge of physical building security environments.
Knowledge of local, state, and federal laws and regulations relating to information security.
Knowledge and understanding of relevant legal and regulatory requirements, such as the Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry/Data Security Standard, Texas Risk and Authorization Management Program (TX-RAMP) and Texas Administrative Code 202: Information Security Standards.
Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, the Texas Cybersecurity Framework, and those from NIST, including 800-53 and Cybersecurity Framework.
Project management skills: financial/budget management, scheduling, and resource management.
Knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
SKILLS:
Analytical skills with expert knowledge of information systems and technical expertise with Microsoft, macOS, and Linux operating systems, storage systems, firewalls, and Internet applications.
Excellent contemporary customer service skills.
Excellent communication skills. Ability to communicate with various levels of users to understand the problem. Must maintain a positive, professional image.
Excellent organizational and project management skills. Experience with project management tools and techniques.
Experience in developing information security policies and procedures.
Performing security risk assessments and audits.
Up-to-date knowledge of methodologies and trends in both business and IT.
ABILITIES:
Ability to learn new things and keep up with the pace of technological changes.
Ability to collect the appropriate information from the user to expedite the resolution of the problem. Demonstrate good judgment in investigating and escalating problems.
Ability to identify problems and recommend solutions.
PHYSICAL EFFORT:Medium physical activity that may include lifting, pushing, and pulling objects up to 50 pounds or larger with the help of a colleague. Extended periods of reading, writing, bending, and sitting. Computer data entry.
WORKING CONDITIONS:Work is normally performed in an office setting. Duties will require travel in personal or college-owned vehicles. Evening and weekend work may be required.
WORK SCHEDULE:8:00 AM to 6:00 PM Monday through Thursday with an hour lunch break.8:00 AM to 12:00 PM on Friday.Work hours may be flexed to meet the needs of the department.
This is an on-site position. Essential duties of the role must be performed in-person, during prescribed work hours.
HOURS REQUIRED PER WEEK:40
TRS/ORP:TRS only
SUPERVISOR OF:None
DIRECT SUPERVISOR:Executive Director, Information Technology Services
#J-18808-Ljbffr