IT Security Officer
The Information Security Officer provides the vision and strategies necessary to ensure the confidentiality, integrity, and availability of university electronic information by communicating risk to senior administration, creating, and maintaining enforceable policies and supporting processes, and ensuring compliance with regulatory requirements. To support these activities, the Information Security Officer coordinates activities with other departments, including the evaluation, procurement, and deployment of security-related products and develops and coordinates information security awareness and education programs. Additionally, the Information Security Officer ensures a university system-wide disaster recovery and incident response plans are in place.
Main Duties and Responsibilities
The main duties and responsibilities of the IT Security Officer:
- Creates information security strategies, both short-term and long-range, in support of the University’s goals.
- Directs an ongoing, proactive risk assessment program for all new and existing systems and remains familiar with the University’s goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk.
- Communicates risks and recommendations to mitigate risks to the senior management by communicating in non-technical, cost/benefit terms and in a format relevant to senior managers so decisions can be made to ensure the security of information systems and information entrusted to the University.
- Provide support and guidance to internal users when they need to learn about new security products and procedures. Work with the Technology team to manage threat protection strategies to include all layers of Information Security strategies such as firewalls, patching, anti-virus, log monitoring, data backup, disaster recovery, etc.
- Oversees all ongoing activities related to the development, implementation, and maintenance of the University’s information security policies and procedures by ensuring these policies and procedures encompass the overall security of electronic information at rest or in motion within the UCA system and assisting departments in local process and procedure development, ensuring they are not in conflict with university policies.
- Ensures vulnerabilities are managed by directing periodic vulnerability scans of systems like servers, firewalls, routing and switching equipment at UCA.
- Develops information security awareness training and education programs, works with other University entities to present them to faculty, staff, and students, and participates in local, regional, and national awareness and education events, as appropriate.
- Acts proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.
- Coordinate with internal and external auditors, third party firms and consultants for audits. Manage and drive remediation efforts related to information security; remediation may be from incidents, penetration tests, vulnerability scans, internal/external audits for all campuses and critical practice assessments.
- Evaluates security incidents and determines what response, if any, is needed and coordinates University responses, including technical incident response teams, when sensitive information is breached.
- Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by the supervisor, and obtaining certifications relevant to job duties.
Required Qualifications and Experience
- Bachelor’s Degree in a related field and minimum five years of related experience in an information security environment; or the equivalent combination of education and experience.
- Broad knowledge of information security management, risk assessment and regulatory compliance.
- Proven knowledge of privacy and regulatory compliance as it relates to information security.
- Knowledge of Information Security and technology standards including but not limited to ISO 27001.
- Knowledge of: TCP/IP, computer networking, routing, and switching
- Demonstrated oral and written communication skills. Well organized and detail oriented. Ability to prepare documentation to provide guidance related to compliance with government regulations, and university policies and procedures.
- Proven ability interact with individuals with differing levels of technical expertise including, business and technical staff, and end users.
- Good team player with the ability to build effective working relationships with colleagues.
- Adaptability and willingness to learn quickly and to train others and share knowledge on tasks.
- Good communication and presentation skills with an ability to communicate all aspects of the job requirements, including creation of formal documentation.
- Knowledge cloud platforms Microsoft Azure, Office 365 will be an advantage.
- Certificates in IT Security and Networking will be an advantage.
- Good command of written and spoken English is a requirement. Knowledge of Kazakh/Kyrgyz/Tajik and Russian is added value.
- Candidates from Kyrgyzstan, Tajikistan and Kazakhstan are encouraged to apply.
How to Apply
Please send a cover letter, CV, and contact information for three references to firstname.lastname@example.org by August 7, 2022. As your application e-mail subject, please write: “IT Security Officer”.
Only shortlisted candidates will be contacted.