Information Security Officer (ISO) – HigherEdJobs




The Information Security Officer (ISO) is responsible for the
development and delivery of a comprehensive, University-Wide information security strategy and program that protects information assets, to
ensure the confidentiality, integrity and availability of University electronic information. The ISO leads the development and
implementation of a security program to leverage collaboration, facilitate information security governance, advise executive leadership on
security direction, resource investment and design appropriate policies to manage information security risks. The incumbent will be
responsible for creating and maintaining enforceable policies, supporting processes and ensuring compliance with related regulatory
requirements. This will include a collaborative coordination of activities with all departments, including the evaluation, procurement and
deployment of security-related products; developing and coordinating information security awareness and education programs; and ensuring the
coordination of a University-wide disaster recovery and incident response plans are in place and maintained for the University.

Position Details:

  • Creates information security strategies, both short-term and long-range, in support of the
    University’s goals
  • Directs an ongoing, proactive risk assessment program for all new and existing systems in line with the
    University’s goals and objectives. Communicates risks and recommendations to mitigate risks to senior administration by communicating in
    non-technical, cost/benefit terms and in a format relevant to senior administrators so timely decisions can be made to ensure the security
    of information systems and information entrusted to the University.
  • Oversees all ongoing activities related to the development,
    implementation, and maintenance of the University’s information security policies and procedures. Ensuring the policies and procedures
    encompass the overall security of electronic information at rest or in motion within the University systems. Assisting departments in local
    process and procedure development, ensuring they are not in conflict with University security risks and posture.
  • Serves as the
    subject matter expert and assists other departments for regulatory requirements and compliance issues as applied to technology. (e.g. PCI –
    data standards, FISMA, FERPA, GLBA, etc) This includes support of data governance, data stewardship and technical architecture review
  • Oversees the departmental budget. Reviews hardware, software and services being considered for purchase or implementation
    by University Technology Services and other campus departments to assess security issues and assure proper information security features are
    incorporated to support university business needs. This includes providing security requirements in RFP’s for software and services,
    managing vendor and third-party risk strategies, along with performing review and evaluation of Service Organization Controls (SOC)
  • Will form and Chair an Information Security Committee to ensure activities are coordinated across university departments
    and colleges to ensure security decisions are consistently applied and risks are mitigated to prevent interruption in business processes
    while maintaining the confidentiality, integrity, and availability of University information. Advises University personnel on managing
    effective security practices.
  • Ensures vulnerabilities are managed by directing periodic vulnerability scans of servers connected to
    University networks and conducts adequate reporting and follow-up to ensure issues are addressed.
  • Develops information security
    awareness training and education programs, works with other University entities to present them to faculty, staff, and students, and
    participates in local, regional, and national awareness and education events, as appropriate.
  • Ensures sufficient resources are
    available and allocated to security related projects by balancing project funding requirements with the assigned budgets, coordinates and
    tracks project expenditures to ensure resources are used effectively and within budget, and provides periodic budget reports to the Vice
    President for Finance and Administration or appropriate departments.
  • Acts proactively to prevent potential disaster situations by
    ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical
    safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to
    offset the effects caused by intentional and unintentional acts.
  • Evaluates security incidents and determines what response, if any,
    is needed and coordinates University responses, including technical incident response teams, when sensitive information is
  • Interfaces with law enforcement agencies and other government agencies to address security lapses and responds to
    information security issues.
  • Works with University leadership, Office of Legal Counsel, and relevant compliance areas to build
    cohesive security and compliance programs to effectively address statutory and regulatory requirements, develop a strategy for consistent,
    cohesive interaction with audits, compliance checks and external assessment processes for both internal/external auditors.
  • Develops
    organizational metrics to report on the effectiveness and of the information security management program and the progress of the increasing
    the maturity level of the program over time.
  • Remains competent and current through self-directed professional reading, developing
    professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as
    directed by the supervisor, and obtaining or retaining certifications relevant to job duties.
  • Contributes to a work environment that
    encourages knowledge of, respect for, and development of skills to engage with those of other cultures or backgrounds.
  • Contributes
    to the overall success of the University by performing all other duties and responsibilities as assigned.


Northeastern Illinois University’s Main Campus is located on 67 acres in an attractive residential area on the
Northwest Side of Chicago. The University offers more than 40 undergraduate degree and certificate programs and more than 50 graduate
degree, certificate, licensure and endorsement programs. The University is a federally designated Hispanic-Serving Institution. It has
additional locations in the metropolitan area, including the Jacob H. Carruthers Center for Inner City Studies, El Centro, Center for
College Access and Success, and the University Center of Lake County.

Minimum Qualifications:

  • Bachelor’s
    degree in a technical discipline: Computer Science, Information Technology, Technology Engineering or similar field or equivalent
    combination of training, education and experience from which comparable skills have been acquired.
  • At least 10 years of varied
    information technology experience is required. This experience includes, but is not limited to, computer and networking infrastructure,
    operating systems, application software development, project management, regulatory compliance, risk management, and providing
  • At least 7 years of direct experience in information security-related duties including: cybersecurity, and a proven
    developer of a comprehensive security plan; a proven record in developing and implementing various levels of security training for IT staff
    and university end-users; competency in technical, vulnerability scanning and monitoring of network traffic; all phases of incident response
    management along with experience with disaster recovery planning and execution.
  • At least one of the following current professional
    certifications: CISSP, CISM, GIAC or CISA.

Preferred Qualifications:

  • Advanced degree in
    information technology or related field Master’s Degree in noted fields of experience
  • Experience in University setting Consulting
    firm experience


Screening will begin immediately until position is filled.


In order to be considered for this position, please submit the following documents within one PDF file to

(Each position requires a background check.)

Northeastern Illinois University is an Equal Opportunity /
Affirmative Action Employer and invites applications from Women, Minorities, Veterans and Persons with Disabilities, as well as other
qualified individuals. Northeastern Illinois University positions are contingent upon the University’s receipt of its State of Illinois

© Copyright 2020 Internet Employment Linkage, Inc.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *