Chief Information Security Officer

  • Montana State University
  • Bozeman, MT, USA
  • 215 views
Full Time Information Technology

Job Description

Chief Information Security Officer

Montana State University

Position Information

Announcement Number: STAFF - VA - 25110

For questions regarding this position, please contact:
Ryan Knutson
(406) 994-4061
rknutson@montana.edu

Classification Title: Executive Director

Working Title: Chief Information Security Officer

Brief Position Overview

The Chief Information Security Officer reports directly to the Vice President & CIO providing leadership, management, and planning of all information security functions across MSU’s 4-campus enterprise.

Position Number: 4C0800

Department: UIT Info Security

Division: VP for Information Technology

Appointment Type: Professional

Contract Term: Fiscal Year

Semester:

If other, specify From date:

If other, specify End date:

FLSA: Exempt

Union Affiliation: Exempt from Collective Bargaining

FTE: 1.0

Benefits Eligible: Eligible

Salary: Salary commensurate with experience, education, and qualifications.

Contract Type: MUS

If other, please specify:

Recruitment Type: Open

Position Details

General Statement

The Chief Information Security Officer reports directly to the Vice President & CIO providing leadership, management, and planning of all information security functions across MSU’s 4-campus enterprise. This position is responsible, under the general direction of the Vice President & CIO, for leading security efforts including development of policy and procedures, incident response, implementation and on-going operational support of enterprise security services, technical consultation, and educational outreach to ensure the confidentiality, integrity, and availability of the University’s computing and information resources. This position is accountable for the Information Security Group budget and staff including budgeting, employee development, and long-term planning.

Duties and Responsibilities

• Lead authority for information security matters, working closely with the Vice President & CIO, Legal Counsel, VP for Research, Provost, University Police, and others in all activities related to information security.
• Develop long-term vision, strategy and supporting roadmap/program for IT risk, security and compliance.
• Lead the development and implementation of information security policies, practices, procedures, and standards.
• Maintain information security policies, practices, procedures, and standards and assist in promoting awareness and compliance.
• Ensure the institution complies with applicable state, federal, and international laws, campus policies and procedures, and industry privacy standards.
• Ensure active and relevant information security awareness programming.
• Plays a lead role in information security compliance reviews and/or investigations and coordinates with campus departments and related entities.
• Oversees alleged information security violations and conducts investigations as needed.
• Establish and operate the Montana State University Security Operations Center.
• Lead the Information Security Group whose responsibilities include:
• The monitoring and management of day-to-day issues that pertain to system and network security, ERP security, user accounts, and data privacy.
• Vulnerability Management – Identification, management, and resolution of vulnerabilities to systems and applications.
• Operational management of the University’s Data Loss Prevention program.
• Staff Management – Directing tasks, setting goals, ensuring high productivity, ensuring effective customer service, individual employee development and evaluating performance.
• Coordination of communication of security risks to deans, department heads, and security associates.
• Development and implementation of security training for employees, contractors, or other third parties that may have access to university data or interact with University information systems.
• Development and maintenance, which includes developing and maintaining incident response procedures, investigation and remediation of all security incidents, and reporting of all security incidents.
• Provide support as needed for information security assessments under direction of the Vice President & CIO and/or Internal Audit.
• Additional Responsibilities:
• Represent the Vice President & CIO on all matters related to information security as needed.
• Provide updates and presentations to the Chief Information Officer and other MSU leadership as needed.
• Other duties, as assigned.

Required Qualifications – Experience, Education, Knowledge & Skill

1. Bachelor’s degree in information security, Computer Science, Information Management Systems, or an equivalent combination of education and/or experience.
2. Progressive experience and knowledge of security and privacy best practices and procedures in enterprise level environments. This experience should include incident response, security management, knowledge of appropriate information security legislature, and development of training and outreach campaigns to foster security.
3. Advanced knowledge of vulnerability management practices with experience implementing these in Enterprise Resource Planning (ERP) systems.
4. Advanced knowledge of Information Technology operating environments including the knowledge of system and network administration, operating systems, and system patch management.
5. Progressive experience in the areas of Personnel, Project, and Budget Management.
6. Experience with enterprise security tools including data loss prevention, vulnerability management, anti-malware, and intrusion detection and prevention systems.

Preferred Qualifications – Experience, Education, Knowledge & Skills

1. Master’s degree in information security, Computer Science, or Information Management Systems.
2. Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) – May substitute an equivalent combination of education and experience.
3. Advanced network administration experience including a knowledge of network protocols, firewalls, and associated risks.
4. Advanced skills and experience with ERP systems, including issues regarding access and authorization, with a specific knowledge of Ellucian and Oracle security protocols.
5. Strong experience with DLP, IDPS, NDR, vulnerability, and endpoint management tools (such as: Spirion, Qualys, Ivanti, MS Defender) in a higher education environment.
6. Experience working in a higher education information technology environment.

The Successful Candidate Will

• Strong written skills and public speaking experience focused on development and delivery of information security content.
• Demonstrated discretion in handling sensitive information and circumstances, including high-stress incident handling.
• High level of comfort working with law enforcement, technical staff, and executive personnel across the University system and the State.
• Experience leading a group of professional-level technical staff; and experience in planning and implementing technical initiatives in an open, participative environment.
• Skilled in oral and written communications.
• Ability to handle competing demands and maintain high levels of customer service and response.
• Ability to manage and develop technical staff in a way which enables the unit to function as a team, working toward shared goals where individual efforts complement group efforts.
• Ability to engage others in the unit in accepting and developing a customer-service orientation in all aspects of the operation.
• Ability to anticipate and resolve technical problems; ability to establish and maintain effective working relationships with other related IT units and campus customers.
• Ability to professionally represent UIT and MSU.

Position Special Requirements/Additional Information

This position requires periodic on-call availability and after-hours support.

This position is not eligible for sponsorship.

This job description should not be construed as an exhaustive statement of duties, responsibilities or requirements, but a general description of the job. Nothing contained herein restricts Montana State University’s rights to assign or reassign duties and responsibilities to this job at any time.

Physical Demands

Work requires some travel to visit other campuses within the Montana University System.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily with or without reasonable accommodations. The requirements listed above are representative of the knowledge, skill, and/or ability required.

This position has supervisory duties?: Yes

Posting Detail Information

Number of Vacancies: 1

Desired Start Date: Upon completion of a successful search.

Position End Date (if temporary):

Open Date:

Close Date:

Applications will be:

Screening of applications will begin on October 3, 2024; however, applications will continue to be accepted until an adequate applicant pool has been established.

Special Instructions

This position is not eligible for sponsorship.

EEO Statement

Montana State University is an equal opportunity employer. MSU does not discriminate against any applicant on the basis of race, color, religion, creed, political ideas, sex, sexual orientation, gender identity or expression, age, marital status, national origin, physical or mental disability, or any other protected class status in violation of any applicable law.

In compliance with the Montana Veteran’s Employment Preference Act, MSU provides preference in employment to veterans, disabled veterans, and certain eligible relatives of veterans. To claim veteran’s preference, please complete the veteran’s preference information located in the Demographics section of your profile.

Applicant Documents

Required Documents

1. Resume
2. Cover Letter

For complete job announcement and application procedures, please click on:
https://apptrkr.com/5662801

Equal Opportunity Employer, Veterans/Disabled