| Description: |
Sacramento State University seeks a dynamic and experienced leader for the position, Director, Information Security & IT Policy; this position also hold the working title Information Security Officer (ISO). The primary duties of the Director are: Participate as a member of the senior IT Management team in governance processes related to the university's security strategies and practices and in development of IT policies. Develop, track and control the information security annual operating budget for purchasing, staff and operations. Supervise recruitment, development, retention and organization of information security and compliance staff. Remain informed on trends and issues in the security industry, including current and emerging technologies and compliance requirements. Advise, consel and educate executive and management teams on the organizational structure for information security and the relative importance and financial impact os security requirements. Develop and implement campus-wide strategic information security planning and policy development. Collaborate with the VP/CIO, IRT senior managers, Cabinet, faculty, students, university counsel, Risk Management, auditors, and Human Resources to establish and maintain a system for ensuring that security and privacy policies are implemented and complied with. Develop plans for the security of asset managment, human resource security, physical security, communications/operations, access control, incident response, and information system procurement. Prioritize information security defense initiatives and coordinate the evaluation, budgeting, deployment and management of current and future security technologies. Identify foreseeable internal and external information security risks. Perform risk and cost benefit analyses to determine appropriate level of security controls. Develop and implement strategies to communicate security policies, plans, and procedures to executive team, faculty, staff, students and other stakeholders. Act as advocate and primary liaison for Sacramento State's security vision via regular written and in-person communications with the university's executives, department heads, and end users. Develop and manage the implementation of comprehensive information security training. Coordinate the security-related work of IT technial staff campus-wide to ensure the integrity of information on computer, network and data processing systems. Direct the planning and implementation of enterprise IT system, business operation and facility defenses against security breaches and vulnerability issues. Develop, implement, audit and ensure compliance with security policies and practices for the management of PeopleSoft and related system, servers, desktops, operating systems, software, user account administration, identify management, firewalls, intrusion detection systems, crytography systems, anti-malware software, and other IT functions related to information security. Coordinate design and implementation of disaster recovery planning for mission critical IT systems, in cooperation with Risk Management and senior division staff. Ensure university compliance with all applicable laws and regulations. Monitor internal security control systems to ensure that appropriate information access levels and security clearances are maintained. Monitor compliance with the university's information security policies and procedures among employees, students, third parties and others, and referring problems for appropriate resolution. Recommend and implement changes in security policies and practices in accordance with changes in local or federal law. Represent Sacramento State on CSU information security initiatives. Including participation as the designated campus Information Security Officer (ISO) in system-wide meetings and training events. Education and Experience Requirements:
1. Must have a four-year college degree, a minimum of seven years of experience in information resources or a related area of information technology, and a minimum three years experience in the management of information security.
2. Must have a minimum total of five years of experience across at least hree of the seven primay duties listed above.
3. Must have the demonstrated ability to clearly communicate concepts related to information security threats, vulnerabilities, risk, and countermeasures clearly to non-security staff, management and executives.
4. Demonstrated strong customer service and teamwork skills. Preferred Qualifications:
1. Experience in a higher education setting, preferably related to information security management, with thorough knowledge of higher education policies and procedures as they relate to information security issues.
2. Strong knowledge of information security policies and practices within the information technology field.
3. Strong familiarity with urrent and developing information security compliance requirements such as FERPA, HIPAA, copyright, state privacy laws, and others.
4. Post-graduate study or degree.
5. One or more of following certificates, or equivalent: Certified Information Security Professional (CISSP), System Security Certified Practitioner (SSCP), GIAC Security Essentials Certification (GSEC), Certified Information Systems Auditor (CISA).
6. Evidence of experience developing clear and comprehensive security plans and policies, along with evidence of effectiveness in preenting plans and ideas to executive management.
7. Evidence of effective supervision of staff and management of departmental resources.
8. Evidence of excellent relationship management skills, including the ability to resolve conflicts between security and business objectives and to develop a shared, team approach to information security. The salary range is $90,000 to $125,000 annually. Application Procedure:
Priority review of appications will begin on October 22, 2007 and will continue thereafter until the position is filled. A start date of no later than January 15, 2008 is expected. Applications and nominations will be accepted until the position is filled. Applicants should submit the following materials:
1. Detailed cover letter clearly addressing the qualifications and experience of the applicant in each of the main areas of responsibility and qualification listed.
2. Current vita/resume.
3. Names and contact information for at least three professional references. Electronic submissions will be accepted at IRT MPP Recruitment@csus.edu Send mail to:
Vice President and Chief Information Officer
Information Resources and Technology
%Annette Montgomery, Executive Assistant
AIRC 3010
California State Univesity, Sacramento
6000 J Street
Sacramento, CA 95819-6065 Telephone: 916.278.6606 Appointment:
This positions is in the Management Personnel Plan of the California State University, witht he classification of Administrator II. Salary is very competitive and commensurate with experience and qualifications. California State MPP benefits are extremely competitive. The position is a senior manaement postion excluded from the collective bargaining processand exempt from the overtime provisions of the Fair Labor Standards Act. Sacramento State is located in the heart of Northern California, one of the most beautiful, diverse and rapidly growing areas of the country. The 300 acre campus, just five miles from the State Capitol, is situated along the American River parkway that offers miles of trails and recreational access to the city's two rivers. The University, where quality teaching is a top priority, has a student population of approximately 25, 000 and offers programs of instruction taught by approximately 1,600 faculty, with bachelor's degrees in 60 disciplines, Master's degrees in 40 disciplines, and two joint doctoral programs. Sacramento is a high-growth metropolitan area with a population of approximately 2 million. Sacramento was identified by Tim Magazine in 2002 as "America's most integrated city". As a major metropolitan university, Sacramento is committed to providing leadership in addressing significant regional needs and to enriching our liberal arts tradition. The proximity of Sacramento State to the California legislature and other agenices of state and federal government provides unparalleled opportunities for faculty and students to participate in public service. California State University, Sacramento is an Affirmative Action/Equal Opportunty employer and has a strong institutional commitment to the principle of diversity in all areas. In that spirit, we are particularly interested in receiving applications from a broad spectrum of qualified people who assist the University in meeting its Strataegic Plan goal of pluralism: "To develop a campus community whose diversity enriches the lives of all and whose members develop a strong sense of personal and community identity as well as a mutual respect." Sacramento State hires only those individuals who are lawfully authorized to accept employment in the United States. In compliance with the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act, California State University, Sacramento has made crime statistics available on-line at www.csus.edu/police/cleryact.htm. Reported crimes that occurred on campus, in certain off-campus building or property owned or controlled by CSUS and on public property within or immediately adjacent to and accessible from the campus, during the last three years, are included. The report also includes institutional policies concerning campus security, alcohol, and drug use, crime prevention, the reporting of crimes, sexual assault and other safety matters. Print copies are available in the library, and by request from the Office of Public Safety and the Office of the Vice President for Student Affairs. |
