Work type: Officer of Administration
Location: Eugene, OR
Categories: Information Technology
Department: Information Services
Appointment Type and Duration: Regular, Ongoing
Salary: Commensurate with experience
Compensation Band: OS-OA10-Fiscal Year 2019-2020
FTE: 1.0
Internal Only
Application Review Begins
Immediately; apply by December 23, 2019 to ensure consideration
Special Instructions to Applicants
In addition to a complete online application, including three professional references, please attach:
- A resume
- A cover letter
Department Summary
Information Services (IS) is the central information technology unit at the University of Oregon and provides wide-ranging services to campus. IS consists of four major functional areas: Customer Experience, which serves as the key contact point for interactions with campus clients and customers; Applications & Middleware, which manages and supports applications, integration services, identity management and data management; Information Security, which helps protect virtual or physical information; and Technology Infrastructure, which provides administration and support for the software, hardware, and services needed to support the campus IT environment. IS also includes the Advanced Network Technology Center. IS works closely with the Network for Education and Research in Oregon.
Established in 1876, the University of Oregon offers a breadth and depth of curricula with more than 270 academic programs and provides the opportunity to work at a respected research university with a strong holistic liberal arts foundation. The UO also has a history of political and social involvement that embraces diverse beliefs, cultures, and values, and it is committed to environmental responsibility.
The University is also proud of the newly-announced Phil and Penny Knight Campus for Accelerating Scientific Impact, an initiative specifically designed to fast-track scientific discoveries and the process of turning those discoveries into innovations that improve the quality of life for people in Oregon, the nation and beyond. IS collaborates with Research and Innovation and our schools and colleges to support the research, teaching, and learning mission of the university.
Eugene is the home of the University of Oregon’s main campus. Located in the lush Willamette Valley, Eugene is well-known for outdoor pursuits like running, cycling, rafting, and fishing, as well as arts, music, crafts, brewing, wine-making, and community-supported agriculture. With branches in Portland and on the Oregon coast, the UO is deeply connected to Oregon’s natural and cultural treasures.
Position Summary
Reporting to the Chief Information Security Officer (CISO), the Director of IT Security Compliance provides leadership and management for the IT Security Compliance team within the Information Security Office (ISO). This position is a hands-on leader who will lead and guide a team to develop and implement a robust IT security compliance program and carry out ongoing IT security compliance tasks, and initiatives in an effort to mitigate IT risks and ensure compliance with University policies, state, federal and international laws, and other regulations associated with the University of Oregon.
This position will establish and implement short-term and long-term organizational goals, objectives, and operating procedures, monitor and evaluate programmatic and operational effectiveness, and effect change required for improvement in all supervised areas. This position along with their team will align campus needs with IT compliance to university policies, relevant laws, regulations, and requirements for the protection of enterprise systems and data, operational technologies (OT) and other internet of things (IoT) deployed at the University. The incumbent in this position is a leader and a highly skilled technical contributor requiring specialized skills, knowledge, and experience to carry out the function of the position. The Director will be responsible for creating, overseeing and managing activities to support a robust and comprehensive compliance program that addresses university policies, laws and regulations including the University Acceptable Use Policy (AUP), Information Asset Classification and Management Policy, HIPAA, NIST 800-171, GLBA, GDPR, FERPA, OCIPA, and PCI DSS.
This position will participate in strategic planning including goals and objectives for the IT Security Compliance Team and the Office of Information Security that support the University’s goals for student success, administrative process improvement, and research and teaching. In conjunction with the Chief Information Security Officer and other members from the IT and UO community, this position will assess, design, deploy, monitor and continuously improve upon the IT security compliance footprint at the UO.
It is expected that this position will guide IT security compliance practices, principles, and tactics throughout the university to ensure that assets are safeguarded and members of the UO community have the resources and support to meet goals, objectives and missions. This position will design programs and strategies for the UO community to ensure the continuous availability, confidentiality, and integrity of information assets owned and used by the university community, consistent with the university’s risk tolerance. The incumbent will design and implement audit measures to track IT security compliance across the enterprise.
The Director of IT Security Compliance will develop cooperation and collaboration with major constituencies including staff, senior management, academic and non-academic administrators, managers, supervisors, union representatives, and community members. The incumbent will research and recommend security compliance solutions in coordination with other Information Services teams and campus technology partners.
Work in this role will have a campus-wide scope, and the incumbent both informs and makes decisions that have university-wide implications. This position will create and approve IT security compliance processes, strategies, and implementations related to the areas managed.
This position will oversee the budgeting and fiscal management processes over areas managed. This position will work with financial staff within the department as well as the Chief Information Security Officer to identify and prioritize expenditures as well as look for new cost-effective services/strategies. It is expected that this position will ensure compliance with federal, state, and university policies and regulation, while maintaining appropriate internal control safeguards.
Essential Personnel
This position may provide essential services during times of emergencies and inclement weather. This position may be required to fulfill essential services and functions during these times.
Candidates who promote and enhance diversity are strongly desired.
Minimum Requirements
- Bachelor’s degree or demonstrated equivalent skills and experience.
- Five years of experience managing IT security compliance, information security program, or an IT function, or equivalent services.
- Four years of management experience providing supervision, coaching and mentoring to IT security compliance, information security, or other information technology professionals.
- Experience managing or coordinating complex projects, programs, or services, and budgets.
- Demonstrated expertise in four or more of the following IT domains; this may include responsibilities as a security or compliance professional, an IT auditor, or as an IT administrator/supervisor (e.g., network, systems, application, desktop, IT support, or cloud administrator/supervisor) with significant experience implementing, assessing, or supporting these domains:
o Security Compliance (e.g., HIPAA, GLBA, PCI DSS, GDPR, etc.),
o Data Security (e.g., Digital Forensics, Incident Response and Analysis),
o Network Security,
o Systems or Applications security or support,
o Vulnerability Management – scanning, patching, configuration management, etc.,
o Penetration Testing,
o User Awareness Training,
o Cloud Security,
o IT Systems development or Operations,
o Endpoint System security or support, or
o Process development and support.
Professional Competencies
- Demonstrated ability to work collaboratively with a team of diverse IT professionals, clients, and partners.
- Demonstrated experience establishing credibility and relationships with senior leadership, colleagues, and customers.
- Demonstrated ability to assess functional requirements and provide appropriate technology solutions.
- Demonstrated problem-solving skills.
- Ability to adapt within a rapidly changing technical environment.
- Excellent verbal and written communication skills, including the ability to explain technical concepts to audiences with a wide range of technical skills.
- Ability to deal efficiently and effectively with a wide range of vendors.
- Successful experience working, collaborating and establishing credibility and relationships with colleagues and customers.
Preferred Qualifications
- Advanced degree.
- Experience working in information security or compliance or Information Technology within higher education.
- Demonstrated experience with developing and maintaining short-term and long-term plans and budgets for an IT area.
- Experience with ITIL or ITSM.
- Experience managing and negotiating vendor contracts and agreements with end users, service providers, and regulatory agencies.
- In-depth knowledge of security techniques and vulnerabilities across a wide variety of applications and operating systems, including Windows, Macintosh, and UNIX.
- Experience with Information Technology policy development, implementation, and administration.
- Familiarity with regulatory compliance, such as FERPA, GLBA, HIPAA, PCI DSS, DMCA, GDPR and similar regulations.
- Understanding of the NIST Cybersecurity Framework, ISO 27002, NIST SP-800 series controls or similar frameworks/standards.
- Strong familiarity with information system design, network design, and security technologies (such as firewalls and intrusion detection systems) in a large, diverse, distributed systems environment and ability to participate in security reviews and design efforts.
- Certification in or progress toward at least one designation in an information security, risk, compliance or related discipline (e.g. CISSP, CISM, CISA).
FLSA Exempt: Yes
All offers of employment are contingent upon successful completion of a background inquiry.
The University of Oregon is proud to offer a robust benefits package to eligible employees, including health insurance, retirement plans and paid time off. For more information about benefits, visit http://hr.uoregon.edu/careers/about-benefits.
The University of Oregon is an equal opportunity, affirmative action institution committed to cultural diversity and compliance with the ADA. The University encourages all qualified individuals to apply, and does not discriminate on the basis of any protected status, including veteran and disability status. The University is committed to providing reasonable accommodations to applicants and employees with disabilities. To request an accommodation in connection with the application process, please contact us at uocareers@uoregon.edu or 541-346-5112.
UO prohibits discrimination on the basis of race, color, sex, national or ethnic origin, age, religion, marital status, disability, veteran status, sexual orientation, gender identity, and gender expression in all programs, activities and employment practices as required by Title IX, other applicable laws, and policies. Retaliation is prohibited by UO policy. Questions may be referred to the Title IX Coordinator, Office of Civil Rights Compliance, or to the Office for Civil Rights. Contact information, related policies, and complaint procedures are listed on the statement of non-discrimination.
In compliance with federal law, the University of Oregon prepares an annual report on campus security and fire safety programs and services. The Annual Campus Security and Fire Safety Report is available online at http://police.uoregon.edu/annual-report.
Advertised: 09 Dec 2019 Pacific Standard Time
Applications close:
Find one job in US 