This position is not eligible for sponsorship.
Announcement Number: STAFF – VA – 25110
Position Number: 4C0800
Department: UIT Info Security
Division: VP for Information Technology
Appointment Type: Professional
Contract Term: Fiscal Year
FLSA: Exempt
Union Affiliation: Exempt from Collective Bargaining
FTE: 1.0
Salary: Salary commensurate with experience, education, and qualifications.
Recruitment Type: Open
General Statement
The Chief Information Security Officer reports directly to the Vice President & CIO providing leadership, management, and planning of all information security functions across MSU's 4–campus enterprise. This position is responsible, under the general direction of the Vice President & CIO, for leading security efforts including development of policy and procedures, incident response, implementation and ongoing operational support of enterprise security services, technical consultation, and educational outreach to ensure the confidentiality, integrity, and availability of the University's computing and information resources. This position is accountable for the Information Security Group budget and staff including budgeting, employee development, and long–term planning.
Duties and Responsibilities
- Lead authority for information security matters, working closely with the Vice President & CIO, Legal Counsel, VP for Research, Provost, University Police, and others in all activities related to information security.
- Develop long–term vision, strategy and supporting roadmap/program for IT risk, security and compliance.
- Lead the development and implementation of information security policies, practices, procedures, and standards.
- Maintain information security policies, practices, procedures, and standards and assist in promoting awareness and compliance.
- Ensure the institution complies with applicable state, federal, and international laws, campus policies and procedures, and industry privacy standards.
- Ensure active and relevant information security awareness programming.
- Plays a lead role in information security compliance reviews and/or investigations and coordinates with campus departments and related entities.
- Oversees alleged information security violations and conducts investigations as needed.
- Establish and operate the Montana State University Security Operations Center.
- Lead the Information Security Group whose responsibilities include:
- The monitoring and management of day–to–day issues that pertain to system and network security, ERP security, user accounts, and data privacy.
- Vulnerability Management – Identification, management, and resolution of vulnerabilities to systems and applications.
- Operational management of the University's Data Loss Prevention program.
- Staff Management – Directing tasks, setting goals, ensuring high productivity, ensuring effective customer service, individual employee development and evaluating performance.
- Coordination of communication of security risks to deans, department heads, and security associates.
- Development and implementation of security training for employees, contractors, or other third parties that may have access to university data or interact with University information systems.
- Development and maintenance, which includes developing and maintaining incident response procedures, investigation and remediation of all security incidents, and reporting of all security incidents.
- Provide support as needed for information security assessments under direction of the Vice President & CIO and/or Internal Audit.
- Additional Responsibilities:
- Represent the Vice President & CIO on all matters related to information security as needed.
- Provide updates and presentations to the Chief Information Officer and other MSU leadership as needed.
- Other duties, as assigned.
Required Qualifications – Experience, Education, Knowledge & Skills
- Bachelor's degree in information security, Computer Science, Information Management Systems, or an equivalent combination of education and/or experience.
- Progressive experience and knowledge of security and privacy best practices and procedures in enterprise level environments. This experience should include incident response, security management, knowledge of appropriate information security legislature, and development of training and outreach campaigns to foster security.
- Advanced knowledge of vulnerability management practices with experience implementing these in Enterprise Resource Planning (ERP) systems.
- Advanced knowledge of Information Technology operating environments including the knowledge of system and network administration, operating systems, and system patch management.
- Progressive experience in the areas of Personnel, Project, and Budget Management.
- Experience with enterprise security tools including data loss prevention, vulnerability management, anti–malware, and intrusion detection and prevention systems.
Preferred Qualifications – Experience, Education, Knowledge & Skills
- Master's degree in information security, Computer Science, or Information Management Systems.
- Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) – May substitute an equivalent combination of education and experience.
- Advanced network administration experience including a knowledge of network protocols, firewalls, and associated risks.
- Advanced skills and experience with ERP systems, including issues regarding access and authorization, with a specific knowledge of Ellucian and Oracle security protocols.
- Strong experience with DLP, IDPS, NDR, vulnerability, and endpoint management tools (such as: Spirion, Qualys, Ivanti, MS Defender) in a higher education environment.
- Experience working in a higher education information technology environment.
The Successful Candidate Will
- Strong written skills and public speaking experience focused on development and delivery of information security content.
- Demonstrated discretion in handling sensitive information and circumstances, including high–stress incident handling.
- High level of comfort working with law enforcement, technical staff, and executive personnel across the University system and the State.
- Experience leading a group of professional–level technical staff; and experience in planning and implementing technical initiatives in an open, participative environment.
- Skilled in oral and written communications.
- Ability to handle competing demands and maintain high levels of customer service and response.
- Ability to manage and develop technical staff in a way which enables the unit to function as a team, working toward shared goals where individual efforts complement group efforts.
- Ability to engage others in the unit in accepting and developing a customer–service orientation in all aspects of the operation.
- Ability to anticipate and resolve technical problems; ability to establish and maintain effective working relationships with other related IT units and campus customers.
- Ability to professionally represent UIT and MSU.
Position Special Requirements/Additional Information
This position requires periodic on–call availability and after–hours support.
This job description should not be construed as an exhaustive statement of duties, responsibilities or requirements, but a general description of the job. Nothing contained herein restricts Montana State University's rights to assign or reassign duties and responsibilities to this job at any time.
Physical Demands
Work requires some travel to visit other campuses within the Montana University System. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily with or without reasonable accommodations. The requirements listed above are representative of the knowledge, skill, and/or ability required.
Application Information
Applications will be screened beginning on October 3, 2024 ; however, applications will continue to be accepted until an adequate applicant pool has been established.
EEO Statement
Montana State University is an equal opportunity employer. MSU does not discriminate against any applicant on the basis of race, color, religion, creed, political ideas, sex, sexual orientation, gender identity or expression, age, marital status, national origin, physical or mental disability, or any other protected class status in violation of any applicable law.
Required Documents
- Resume
- Cover Letter
Required fields are indicated with an asterisk ( ).
#J-18808-Ljbffr