NORTHEASTERN ILLINOIS UNIVERSITY
SECURITY OFFICER (ISO)
The Information Security Officer (ISO) is responsible for the
development and delivery of a comprehensive, University-Wide information security strategy and program that protects information assets, to
ensure the confidentiality, integrity and availability of University electronic information. The ISO leads the development and
implementation of a security program to leverage collaboration, facilitate information security governance, advise executive leadership on
security direction, resource investment and design appropriate policies to manage information security risks. The incumbent will be
responsible for creating and maintaining enforceable policies, supporting processes and ensuring compliance with related regulatory
requirements. This will include a collaborative coordination of activities with all departments, including the evaluation, procurement and
deployment of security-related products; developing and coordinating information security awareness and education programs; and ensuring the
coordination of a University-wide disaster recovery and incident response plans are in place and maintained for the University.
- Creates information security strategies, both short-term and long-range, in support of the
- Directs an ongoing, proactive risk assessment program for all new and existing systems in line with the
University’s goals and objectives. Communicates risks and recommendations to mitigate risks to senior administration by communicating in
non-technical, cost/benefit terms and in a format relevant to senior administrators so timely decisions can be made to ensure the security
of information systems and information entrusted to the University.
- Oversees all ongoing activities related to the development,
implementation, and maintenance of the University’s information security policies and procedures. Ensuring the policies and procedures
encompass the overall security of electronic information at rest or in motion within the University systems. Assisting departments in local
process and procedure development, ensuring they are not in conflict with University security risks and posture.
- Serves as the
subject matter expert and assists other departments for regulatory requirements and compliance issues as applied to technology. (e.g. PCI –
data standards, FISMA, FERPA, GLBA, etc) This includes support of data governance, data stewardship and technical architecture review
- Oversees the departmental budget. Reviews hardware, software and services being considered for purchase or implementation
by University Technology Services and other campus departments to assess security issues and assure proper information security features are
incorporated to support university business needs. This includes providing security requirements in RFP’s for software and services,
managing vendor and third-party risk strategies, along with performing review and evaluation of Service Organization Controls (SOC)
- Will form and Chair an Information Security Committee to ensure activities are coordinated across university departments
and colleges to ensure security decisions are consistently applied and risks are mitigated to prevent interruption in business processes
while maintaining the confidentiality, integrity, and availability of University information. Advises University personnel on managing
effective security practices.
- Ensures vulnerabilities are managed by directing periodic vulnerability scans of servers connected to
University networks and conducts adequate reporting and follow-up to ensure issues are addressed.
- Develops information security
awareness training and education programs, works with other University entities to present them to faculty, staff, and students, and
participates in local, regional, and national awareness and education events, as appropriate.
- Ensures sufficient resources are
available and allocated to security related projects by balancing project funding requirements with the assigned budgets, coordinates and
tracks project expenditures to ensure resources are used effectively and within budget, and provides periodic budget reports to the Vice
President for Finance and Administration or appropriate departments.
- Acts proactively to prevent potential disaster situations by
ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical
safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to
offset the effects caused by intentional and unintentional acts.
- Evaluates security incidents and determines what response, if any,
is needed and coordinates University responses, including technical incident response teams, when sensitive information is
- Interfaces with law enforcement agencies and other government agencies to address security lapses and responds to
information security issues.
- Works with University leadership, Office of Legal Counsel, and relevant compliance areas to build
cohesive security and compliance programs to effectively address statutory and regulatory requirements, develop a strategy for consistent,
cohesive interaction with audits, compliance checks and external assessment processes for both internal/external auditors.
organizational metrics to report on the effectiveness and of the information security management program and the progress of the increasing
the maturity level of the program over time.
- Remains competent and current through self-directed professional reading, developing
professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as
directed by the supervisor, and obtaining or retaining certifications relevant to job duties.
- Contributes to a work environment that
encourages knowledge of, respect for, and development of skills to engage with those of other cultures or backgrounds.
to the overall success of the University by performing all other duties and responsibilities as assigned.
Northeastern Illinois University’s Main Campus is located on 67 acres in an attractive residential area on the
Northwest Side of Chicago. The University offers more than 40 undergraduate degree and certificate programs and more than 50 graduate
degree, certificate, licensure and endorsement programs. The University is a federally designated Hispanic-Serving Institution. It has
additional locations in the metropolitan area, including the Jacob H. Carruthers Center for Inner City Studies, El Centro, Center for
College Access and Success, and the University Center of Lake County.
degree in a technical discipline: Computer Science, Information Technology, Technology Engineering or similar field or equivalent
combination of training, education and experience from which comparable skills have been acquired.
- At least 10 years of varied
information technology experience is required. This experience includes, but is not limited to, computer and networking infrastructure,
operating systems, application software development, project management, regulatory compliance, risk management, and providing
- At least 7 years of direct experience in information security-related duties including: cybersecurity, and a proven
developer of a comprehensive security plan; a proven record in developing and implementing various levels of security training for IT staff
and university end-users; competency in technical, vulnerability scanning and monitoring of network traffic; all phases of incident response
management along with experience with disaster recovery planning and execution.
- At least one of the following current professional
certifications: CISSP, CISM, GIAC or CISA.
- Advanced degree in
information technology or related field Master’s Degree in noted fields of experience
- Experience in University setting Consulting
Screening will begin immediately until position is filled.
In order to be considered for this position, please submit the following documents within one PDF file to ISO-Search@neiu.edu
(Each position requires a background check.)
Northeastern Illinois University is an Equal Opportunity /
Affirmative Action Employer and invites applications from Women, Minorities, Veterans and Persons with Disabilities, as well as other
qualified individuals. Northeastern Illinois University positions are contingent upon the University’s receipt of its State of Illinois
© Copyright 2020 Internet Employment Linkage, Inc.