Chief Information Security Officer - Information Technology

Ashland University Portal•Ashland, OH

14d•Hybrid

About The Position

The Chief Information Security Officer ( CISO ) would report to the CITO and is responsible for engineering activities and systems that monitor, detect and alert on potential security threats and vulnerabilities. Also identifying, developing, testing, implementing, and maintaining security compliance, risk and vulnerability management for Ashland University students, staff, and faculty. This position is critical to providing daily support, troubleshooting, and resolution of the Ashland University cyber security infrastructure. Works closely with network engineering and technical operations staff as security threats and vulnerabilities are detected and coordinates the response to contain and mitigate threats or breaches. Leads and coordinates the network penetration process for network security operations and communicate event status to leadership. Physical Demands Office environment with some lifting and hauling of equipment up to 60 lbs. Typical work week: 8AM – 5PM, however, some weekend and evening work hours required; remote hybrid work is negotiable Cellphone availability during normal and after work hours required Valid Driver’s License and ability to drive to remote campus locations and attend training as assigned.

Requirements

Experience: Bachelor’s degree in IT Security or closely related field from an accredited college or university with a minimum of three (3) years’ experience in high-level technology computing or related technology areas, or a bachelor’s degree and other relevant education and training from an accredited college or university with a minimum of five(5) years in high-level technology computing or related technology areas.
Must possess professional security management certification such as a Certified Information Systems Security Professional ( CISSP ), Certified Information Security Manager ( CISM ), Certified Information Systems Auditor ( CISA ), or other similar credentials.
Must demonstrate knowledge of common information security management frameworks such as ISO / IEC 27001 and ITIL , COBIT and NIST , and an understanding of relevant legal and regulatory requirements such as Payment Card Industry/Data Security.
Experience with network, application, and security awareness security concepts, methodologies, processes, & tools.
Experience with information risk assessment and mitigation concepts, methodologies, processes, and tools.
Experience with forensics concepts, methodologies, processes, and tools.
Skills: Expert knowledge of application, network, and system security vulnerabilities and exploits.
Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies
Forms business partnerships that help drive the IT security strategy forward
Can make decisions that are well informed and timely
Must have organizational skills and can make sound decisions independently.
Must possess excellent interpersonal, communications and collaborative skills and have experience working in a service capacity with direct customer interaction.
Must be able to build team support as well as can work cooperatively with all levels of the university community.

Responsibilities

Conduct periodic senior level needs analyses as directed
Analyze patterns of non-compliance and take appropriate administrative or programmatic actions to minimize security risks and insider threats.
Manage accounts, network rights, and access to systems and equipment.
Analyze potential security violations to determine if the network environment has been breached, assess the impact, and preserve evidence.
Support, monitor, test, implement, document, and troubleshoot hardware and software problems pertaining to the cyber security infrastructure.
Analyze systems and network for potential security problems and recommend resolutions or remediate when necessary.
Review access control lists on routers, firewalls, and other network devices.
Lead and perform system audits to assess security related factors within the network. environment and recommend or implement improvements to security systems.
Evaluate potential security risks and take appropriate corrective and recovery action.
Monitor/Manage clients’ endpoint security and SIEM .
Design, implement, and conduct internal and third-party Security Test and Evaluations
Serve as an information security resource on projects.
Develop and lead formal and informal education and training for Ashland University
Develop and utilize “Case Management” processes for incident and resolution tracking. The processes should also be used for historic recording of all anomalous or suspicious activity.
Maintain knowledge of the current security threat level by monitoring related Internet postings, Intelligence reports, and other related documents as necessary.
Provides advanced technical expertise, consulting, and support to staff members with security tasks.
Recommends appropriate actions to improve project security and designs new monitoring strategies for complex securing systems.
Maintain system baselines and configuration management items, including security event monitoring “policies” in a manner determined and agreed to by management.
Ensure changes are made using an approval process agreed to in advance.