Information Security Officer (Administrator Iii) - Information Technology Services

Working TitleInformation Security OfficerAdministrator Level (for MPP positions only)This position is an Administrator III in the California State University Management Personnel Plan (MPP), reporting to theAVP and Chief Information Officer of Information Technology ServicesSF StateUniversitySan Francisco State is an Equal Opportunity Employer and does not discriminate against persons on the basis of race, religion, color, ancestry, age, disability, genetic information, gender, gender identity, gender expression, marital status, medical condition, National origin, sex, sexual orientation, covered veteran status, or any other protected status. Reasonable accommodations will be provided for qualified applicants with disabilities who self-disclose by contacting the Senior Human Resources Manager.Applicants may visit titleix.sfsu.edu for more information on SF State's policy prohibiting discrimination, and how to file an online report using the procedures under Executive Order 1096 Revised. Inquiries can be directed to the campus Title IX Coordinator and Discrimination, Harassment, and Retaliation Administrator by calling (415) 338-2032 or emailing ****** Francisco State is a 100% Smoke/Vapor-Free Campus. Smoking or Vaping of any tobacco/plant-based substance is not permitted on any University properties.The person holding this position may be considered a "mandated reporter" under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 as a condition of employment.This position may be a "designated position" in the California State University's Conflict of Interest Code. The successful candidate accepting this position may be required to file Conflict of Interest forms subject to the regulations of the Fair Political Practices Commission.DepartmentInformation Technology Services Appointment TypeAt-WillTime BaseFull-TimeWork ScheduleMonday through Friday; from 8:00 am to 5:00 pmAnticipated Hiring Range$12,915.00 - $13,500.00 Per Month ($154,980.00 - $162,000.00 Annually)Salary is commensurate with experience.Position SummaryUnder the general direction of the AVP and Chief Information Officer (CIO) and coordinating with the other Directors/Managers in Information Technology Services (ITS), the Director of Information Security and Information Security Officer (ISO) will coordinate and lead the Information Security Team at SF State. The incumbent will act as the SF State's information security and privacy representative with respect to inquiries from customers, partners, and the public regarding SF State's information security and privacy strategy; act as liaison to law enforcement agencies while pursuing the sources of network attacks and information thefts; balance security needs with the SF State's strategic business plan, identify risk factors, and determine solutions to both; develop security and privacy policies and procedures that provide adequate business application protection without interfering with core business requirements; plan and test responses to security breaches, including the discussion of the event with customers, partners, or the public; oversee the selection, testing, configuration, deployment, and maintenance of security products; oversee a staff of employees responsible for security operations.Position InformationInformation Security OperationManage an information security operational program that contains administrative, technical and physical safeguards designed to protect SF State information assetsDocument, and provide direction for mitigation of incidents involving SF State information assetsManage, develop and present security awareness training programsManage incidents involving SF State information assetsFacilitate and direct a campus vulnerability management program; manage and oversee the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing a realistic overview of risks and threats in the enterprise environmentProvide regular executive level status reports on campus breaches, incidents, compliance, and other information security metricsWork with campus leadership, Enterprise Risk Management, and legal counsel to provide primary lead activities in supporting CO and campus litigation processes, forensic activities, eDiscovery and security auditsPlan, manage, and coordinate information security and privacy risk assessments; identify, track, and report issues and concerns to management; develop guidelines to ensure SF State business processes address information security and privacy risks; develop, implement and enforce information security requirements and solutions in collaboration with ITS and Chancellor's Office Information Security Advisory Council (ISAC); lead in the development/adoption and enforcement of information security policies, procedures and standards; conduct and complete a periodic review of required regulations and reports; manage 3rdparty information security risksServe as primary liaison with various University departments, including but not limited to Department of Public Safety, Audit and Advisory Services, Enrollment Management, Human Resources, Enterprise Risk Management, University Counsel, Dean of Students, and Fiscal Affairs; advise and train on campus-wide security related issues/processes; serve as liaison with other campus ISOs, the Chancellor's Office and outside auditors and organizations related to information security and privacy issues; facilitate campus stakeholder meetings to ensure campus alignment on information security and privacy mattersOversee and/or assist in performing on-going security monitoring of organization information systemsManage and provide technical leadership of information security projectsManage day-to-day information security operations; assist with oversight of change requests and attend change management meetingsPerform other duties or special projected as assignedInformation Security StrategyManage and provide leadership in the administration of the information security and privacy program strategy and governanceIdentify process improvement opportunities and develop subsequent plans of action to resolve gaps with minimal management interventionDevelop and document procedures to comply with applicable laws, regulations, and CSU policies governing information security and privacy protection, as well as serve as the primary point of contact and liaison for the Governance, Risk, and Compliance systemSuggest and lead in the development of risk management strategies to identify and mitigate threats and vulnerabilities to information assetsLead the development of, and management of the information security plan that contains safeguards designed to protect SF State information assetsRefine and develop, as necessary, new campus policies, standards and procedures governing information security and privacy protection that align with and support the SF State plan and strategyMinimum QualificationsBachelor's degree in Information Technology or similar degree (or equivalent combination of education and experience) required;Seven to ten years in progressively responsible IT roles, including enterprise-level support, information security or related fieldProject management experience with demonstrated success in leading complex IT projects in non-profit/higher education environment preferredDemonstrated excellent collaborative, management, leadership, communication and presentation skillsExtensive knowledge related to experience with security incident response planning and resolutionDemonstrated ability to develop and communicate effective recommendations for securing information assets to executives, management, and staffDemonstrated knowledge of underlying technologies (i.e. databases, operating systems, applications, networks, security and hardware)A working knowledge of information security practices and concepts including: access controls and identity management, risk management, ISO 27001/27002 standards, security information and event management (SIEM), and security operationsExtensive experience with policy development, procurement contract negotiation and information security awareness and trainingMust be detailed and a logical thinker with Strong problem-solving, leadership, team building, and organizational skillsAbility to motivate team membersMust be self-motivated and maintain positive and effective working relationshipsPreferred QualificationsAdvanced degree is highly desirableCertifications such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Information Technology Infrastructure Library (ITIL) Foundation are desirableCertifications such as Certified Privacy Program Manager (CIPM) or Project Management Professional (PMP) are beneficialExperience with cyber security frameworks such as ISO 27000, NIST 800Experience with the following security or privacy compliance programs: PCI-DSS, HIPAA, GDPR, GLBA, and FERPA is desirableMay need to work weekend and/or early morning / night hours for special projects or on-callPre-Employment RequirementsThis position requires the successful completion of a background check.Eligibility to WorkApplicants must be able to provide proof of US Citizenship or authorization to work in the United States, within three business days from their date of hire.BenefitsThreaded through our Total Compensation package is a commitment to Bridging Life's Transitions. SF State is committed to providing our employees with a comprehensive program that rewards efforts that are appreciated by your colleagues, students and the customers we serve.We offer a competitive compensation package that includes Medical, Dental, Vision, Pension, 401k, Healthcare Savings Account, Life Insurance, Disability Insurance, Vacation and Sick Leave as well as State Holidays and a dynamic Fee Waiver program, all geared towards the University's commitment to attract, motivate and retain our employee.CSUEU Position (For CSUEU Positions Only)Eligible and qualified on-campus applicants, currently in bargaining units 2, 5, 7, and 9 are given hiring preference.Additional InformationSF STATE IS NOT A SPONSORING AGENCY FOR STAFF OR MANAGEMENT POSITIONS. (i.e. H1-B VISAS).Thank you for your interest in employment with California State University (CSU). CSU is a state entity whose business operations reside within the State of California. Because of this, CSU prohibits hiring employees to perform CSU-related work outside of California with very limited exception. While this position may be eligible for occasional telework, all work is expected to be performed in the state of California, and this position is assigned to on-campus operations.CSU strongly encourages faculty, staff, and students who are accessing campus facilities to be immunized against COVID-19 or declare a medical or religious exemption from doing so. Any candidates advanced in a currently open search process are encouraged to comply with this requirement. The systemwide policy can be found at https://calstate.policystat.com/policy/9779821/latest/ and questions may be sent to ****** Human Resources office is open Mondays through Fridays from 8 a.m. to 5 p.m., and can be reached at (415) 338-1872.Please note that this position, position requirements, application deadline and/or any other component of this position is subject to change or cancellation at any time.