Information Security Officer

at  FRONTIER NURSING UNIVERSITY

JOB SUMMARY:

The Information Security Officer is a member of the IT leadership team and will work closely with the Chief Information and Digital Officer to develop and implement strategic IT initiatives. The position will assist in mentoring and developing the IT team to ensure continuous improvement and modernization of IT processes. The position will coordinate the development and implementation of the FNU IT portfolio while leading information security, cybersecurity, and IT risk management programs based on industry-accepted information security and risk management frameworks.
Additionally, the Information Security Officer is responsible for designing, implementing, operating, and maintaining the information security framework, processes, and systems. The Information Security Officer will guide FNU’s information security program and support the IT leadership team in developing and implementing appropriate security controls for enterprise applications and infrastructure. The Information Security Officer will also coordinate and guide cybersecurity and incident response activities.

REQUIRED SKILLS/ABILITIES

• Primarily days; 8:00 AM – 5:00 PM. However, this position may require additional time during evenings, weekends, and holidays to accomplish work goals
• Strong technical knowledge of information security, risk management, compliance, and incident response activities
• Advanced knowledge of NIST CSF, GLBA, PCI, COBIT, ITIL, and risk management frameworks including NIST SP 800-30,NIST SP 800-39 preferred
• Demonstrated ability to lead and perform risk assessment/management activities
• Strong analytical skills and the ability to resolve complex problems
• Ability to work independently
• Strong interpersonal and communication skills and ability to effectively communicate with management, staff and regulatory agencies
• Policy and procedure development

EDUCATION AND EXPERIENCE:

• Master degree and 10+ years of related higher education IT experience, with at least 5 years in an Information Security, IT Audit, Cybersecurity or similar role.
• Relevant certifications within two years of hire (e.g. CISSP, CISM, CISA)

PHYSICAL REQUIREMENTS:

• Should be able to stand/sit for long periods of time.
• Must maintain a valid driver’s license and reliable mode of transportation in order to attend work-related meetings and events off-site.

• Work with the Chief Information and Digital Officer in developing and executing the IT strategic plan to help enable innovation across FNU
• Provide leadership in the planning and implementation of enterprise IT systems to support business operations.
• Identify opportunities for innovation and efficiency improvements in IT processes.
• Provide leadership, management, support and technical expertise for specific project groups to drive innovation and best practices within internal IT operations
• Continuous evaluation of IT portfolio to achieve cost savings and better ROI on IT investments
• Plan and conduct information security risk assessments to proactively identify, mitigate, and reduce risk to the organization.
• Provide leadership in establishing IT policies, guidelines, standards, processes, procedures, best practices
• Guide the development and implementation of appropriate security controls for information technology applications and infrastructure
• Proactive identification of risks and protecting FNU information, applications, and infrastructure from external/internal threats and implement processes which help manage and reduce the overall risk impact to the enterprise
• Manage the design, implementation and management of appropriate processes and controls which help assure that information created, acquired or maintained by FNU and its authorized users, is used in accordance with its intended purpose
• Develop, implement, and test incident response plans
• Coordinate incident response activities
• Review third party contracts for compliance with security requirements and recommending appropriate language, as necessary
• Providing guidance and recommendations to help FNU comply with regulatory requirements (e.g. FERPA, GLBA, HIPAA, and PCI-DSS)
• Preparing reports that identify technical and procedural findings, and providing recommended remediation strategies and solutions
• Communicating risk posture, security metrics, and security issues to leadership
• Collaborating with technical and non-technical teams to analyze and recommend actions related to compliance, vulnerabilities, and control weaknesses
• Providing security requirements to be included in statements of work and other appropriate procurement documents
• Develop methods to monitor and measure risk, compliance, and assurance efforts
• Ensure that risk management processes are followed and documented
• Promoting security awareness across the organization
• Provide service to the University through activities such as involvement in FNU shared governance (e.g. committees, workgroups), FNU sponsored activities (e.g. charity drives, community-outreach activities), and/or service to the profession (e.g. presentations, professional organization committee work).
• Adhere to the elements of the Culture of Caring
• Other duties as assigned.