Information Security Officer (California State University, East Bay)

#002765-INFORMATION SECURITY OFFICER, Administrator II, University Technology Projects, Permanent, Full-time (1.0 time base, 40 hrs/wk) .
The IT@CSUEB management model is committed to operational excellence, establishing and maintaining highly responsive, helpful, supportive relationships, and open-minded, receptive collaboration - key ingredients for creating trust and multiple "wins" for the colleges, faculty, students, and staff. The Information Security Office leads the development and implementation of campus-wide information security program. The Information Security function includes advising, documenting, implementing training, and assessing information security solutions that provide detection, prevention, containment, and deterrence mechanisms to protect and maintain the integrity and usability of University data, infrastructure, systems, applications, and physical assets. Responsibilities include the analysis, development, and interpretation of information security policy, practices, and assessments; security awareness training; management of incident prevention, detection and incidents response; and business continuity and disaster recovery. The scope of the Information Security Officer includes the University's administrative and business operations, learning management systems (Blackboard), as well as the servers and data stores of the Oakland and Concord campuses, the colleges, residential housing, library systems, and auxiliary organizations such as campus Foundation organization, Student Bookstore, Student Health Services and others of this ilk. This position will: identify, track, and report security issues and concerns to management; provide direction and advice on the research and evaluation of information security; provide management with recommendations on how to improve information security issues and assistance in resolving related issues; develop information security baselines and guidelines to ensure all University business processes address information security risk; consult with campus users and departments to determine security goals and objectives, and design and implement a security solution, including firewall and network design, security policies and procedures; understand the current campus technology and information architecture, including network, centralized and non-centralized computing, desktop support and topology; work with project teams to ensure the technical architecture, design and development of integrated University/technical systems and products are secure; deliver high quality consulting services and technical assistance to all units, research security issues and provide evaluations and recommendations to management; investigate, recommend, evaluate, deploy and integrate security tools and techniques to improve our ability to protect campus assets and infrastructure; mentor others on security in new technologies, tools, processes, standards and project management/system development methologies; manage the day-to-day information security operations; interact with internal and external clients to understand user service-level requirements and identify security procedures and strategies and their impact on service levels, and develop strategies to address service-level needs while maintaining campus acceptable security discipline; continually review new security information, issues, products, technologies and services and recommend appropriate action; ensure that vulnerability assessments are performed to evaluate effectiveness of existing controls; develop, maintain and implement processes for detecting, identifying, and analyzing security incidents; ensure incident response and disaster recovery plans are developed and implemented; ensure periodic testing of incident response and disaster recovery plans where appropriate; manage technical investigations and artifact analysis of network penetration attempts, computer intrusions, security anomalies, and attacks against the information security infrastructure. Function as CSUEB's focal point for information security related matters throughout the campus, including interfacing and providing support to the CSU system-wide Information Security Group. Document and report security metrics to the University executives on at least a bi-annual basis.

REQUIRES: BA or BS degree in Computer Science, Information Systems Management, Business Administration, or Public Policy, and five or more years of related experience in computer information security; or an equivalent combination of related education, training and/or experience. Must have extensive experience working with end users. Must be proficient in MicroSoft Word, Excel and PowerPoint. Must be able to work non-standard hours as required. Demonstrated ability to effectively communicate technical and information security threats, vulnerabilities, risks, and countermeasures to non-security staff, management and executives. Must have strong analytical skills to perform technical risk assessments that include vulnerability, exposure and impact to campus information technology resources. PREFERRED SKILLS AND KNOWLEDGE: MA or MS degree preferred. Must be self motivated with limited supervision and maintain positive and effective working relationships; strong interpersonal communication skills; ability to write clear and complete documentation, including policies and procedures for highly complex systems; strong customer service skills; demonstrated ability to establish and implement a plan to improve information security policies and awareness University-wide; define program and prioritize options to mitigate risk to levels acceptable to the University. Application review will begin September 2, 2008 and continue until the position is filled. HIGHLY DESIRABLE: Global Information Assurance Certification (GIAC), Systems Security Certified Practitioner (SSCP), Certified Information Systems Auditor (CISA), and Project Management Professional (PMP).

This is a position in the CSU Management Personnel Plan (MPP), and serves at the pleasure of the President. CSUEB is an equal opportunity employer – the University especially welcomes and encourages applications from women and minority candidates.