Information Security Officer

Information Technology Services
Job #542450
First Review: Monday, October 21, 2024

Open Until Filled

At Cal Poly Humboldt, bold hearts and open minds shape the future.

Founded in 1913, Cal Poly Humboldt began as a small college for teachers. Today Humboldt has grown into a comprehensive university with rigorous science and liberal arts programs. Designated a polytechnic in 2022, Cal Poly Humboldt provides hands-on, impactful educational opportunities that lead to meaningful, measurable outcomes for the individual, for the state, and the world.

Cal Poly Humboldt is proud to have nearly 6,000 students of all backgrounds spread across 61 majors, 13 graduate programs, and 4 credential programs — all of whom contribute passion and creativity within their fields and set the stage for a future grounded in equity and sustainability. Hands-on learning, inspired teaching, ground-breaking research, and thought-provoking creative activity happen daily at Humboldt.

Cal Poly Humboldt is a Hispanic-Serving Institution that strives to foster an inclusive and equitable community to support our students of diverse backgrounds. We are committed to achieving the goals of equal opportunity and endeavors to employ faculty and staff of the highest quality committed to working in a multicultural and multiracial community that reflects the diversity of the state.

Finding a better future is a task for the bold and open, the down-to-earth and visionary. Cal Poly Humboldt strives to cultivate these qualities in leaders, innovators, and scholars in every field.

(Job #542450) Administrator II, Information Security Officer, Hiring Range: $10,000 - $13,417/month. This is a full-time, benefited, exempt, 12-month pay plan permanent position in Information Security. This position is an Administrator II in the California State University Management Personnel Plan (MPP). Under this plan, incumbents are subject to normal management reviews and serve at the pleasure of the University President. Additional information can be found at: http://www.calstate.edu/HRAdm/policies/mpp.shtml. This position comes with a premium benefits package that includes outstanding vacation, medical, dental, and vision plans, life insurance, voluntary pre-tax health and dependent care reimbursement accounts, a fee waiver education program, membership in the California Public Employees Retirement System (PERS), and 14 paid holidays per year. Additional benefits information can be found at https://hraps.humboldt.edu/employee-benefits. Please note that this is an internal recruitment open only to active, stateside, Cal Poly Humboldt Employees.

 

Position Summary:

The Information Security Officer leads the campus-wide information security program within Information Technology Services. Reporting to the Chief Information Officer, the Information Security Officer is responsible for managing information security assessments, planning, operations, awareness, training, intrusion detection/prevention, incident response, risk assessment, and compliance. The Information Security Officer works collaboratively to strike a thoughtful balance between improving security posture, leveraging available resources, enabling necessary functionality to meet business objectives, and enabling innovation.

The Information Security Officer develops and manages information security assessments and operations, evaluating strategic technologies. They lead the interpretation and application of Information Technology policies for the campus, ensuring compliance with system-wide policies, industry standards, and state and federal laws. They also provide ongoing support for Information Technology and Information Security components of campus audits, data governance, and maintaining access to highly confidential data (e.g., campus email content, Human Resources, Payroll, and Health Center) for investigations and secure operations. Additionally, the Information Security Officer gathers information in support of investigations related to labor disputes, litigation, Title IX investigations, criminal activity, and Public Records Access Requests.

In their leadership role, the Information Security Officer leads and manages a team of information security professionals and student workers and coordinates projects across other Information Technology operational teams. They serve as a campus-wide advocate and liaison for all information security matters. The Information Security Officer collaborates with campus stakeholders to enhance the information security program and develop Information Technology security policies ensuring the confidentiality, integrity, and availability of information assets. Additionally, the Information Security Officer collaborates with campus stakeholders to implement departmental procedures and guidelines that align with Information Technology security policies.

The Information Security Officer actively participates in planning, prioritization, projects, and continuous improvement of Information Technology Services operations and customer service. They stay informed about current and emerging risks and trends through professional organizations and networking with CSU Information Security Officers and other peers. The Information Security Officer takes a balanced and collaborative approach to managing risk and enabling faculty, staff, and students to perform mission-critical activities.

The Information Security Officer handles information technology risk assessments and security-related audits and ensures the highest level of confidentiality and integrity.

The Information Security Officer is expected to become familiar with the mission of the University, the University Strategic Plan, and technology infrastructure, systems, and Information Technology plans.

This role may include some remote work, subject to operational needs and administrator approval, with specific duties outlined in a Telecommute Program Form. While telecommuting, all Information Technology Services employees must stay signed in to email and chat programs, staying responsive and available throughout their scheduled remote shifts, as detailed in the Information Technology Services employee handbook.

 

Key Responsibilities:

 

Leadership and Team Management

Lead a high-performing team in a collective bargaining environment, including performance management, mentoring, and fostering cross-functional collaboration. Ensure appropriate levels of recognition, professional guidance, and shared accountability.

In collaboration with the Chief Information Officer and Information Technology Services Budget Analyst, plan and oversee annual budget allocations and expenditures for the Information Security department in accordance with university fiscal guidelines.

 

Information Security Program Management

Program Management: Oversee and manage the campus information security program, including compliance, training, awareness, vulnerability management, intrusion detection/prevention, and incident response. Develop and maintain security plans, annual security priorities, risk assessments, pen tests, and firewall reviews.

Coordinate with the Chief Information Officer, campus leadership, and systemwide team in implementing program objectives. Inform and advise designated individuals about any real or potential risk or threat to the security of campus devices, applications, or data.

Policy and Procedure Oversight: Oversee campus information policies, procedures, and processes. Coordinate with campus leadership and systemwide teams in implementing program objectives. Ensure the development and maintenance of security policies that ensure the confidentiality, integrity, and availability of information assets.

Incident Response Management: Lead and manage the incident handling process, including documentation, protection of evidence, and long-term secure archiving. Act as a liaison with the University Counsel, the Chancellor’s Office, and other stakeholders for incidents involving campus systems and information.

 

Audit, Risk, and Data Governance

Security Audits and Risk Management: Manage security-related audits and prepare risk assessments and other reports. Conduct security reviews of campus systems, including security scanning, intrusion detection probes, and system log file audits. Classify and report on security events and incidents for trending and data-driven decision-making.

Data Governance: Collaborate with the Chief Technology Officer (CTO) and the Chief Data Officer (CDO) to ensure that the data governance strategy is aligned with the university’s purpose (mission), vision, and goals and that it furthers its strategic plan(s). Jointly work with CTO & CDO to ensure compliance with relevant regulations (e.g., FERPA, HIPAA, etc.) and implement relevant campus policies, procedures, and guidelines.

 

Collaboration, Communication, & Training

Collaboration & Communication: Collaborate with campus stakeholders, including the Information Technology Services Help Desk and other units within Information Technology Services, to create, enhance, and provide a consistent and effective set of services to the campus community. Provide regular and consistent updates and presentations to campus constituents.

Training and Awareness Programs: Oversee overall security awareness training and provide specialized training for various campus personnel on maintaining information security with their job duties. Advise, counsel, and educate constituents about the role and benefits of information security.

Data Retrieval and Public Access Requests

Respond to litigation holds, data retrieval requests, and assist with Public Access Requests.

Continuous Improvement and Professional Development

Stay informed about current and emerging risks, trends, and technologies through professional organizations and networking with CSU Information Security Officers and other peers. Participate in planning, projects, prioritization, and continuous improvement of Information Technology Services operations and customer service.

Project Management

Provide leadership as a project manager or participant for complex, campus-wide projects with an information security component. Create or contribute to project plans using established tools and collaborate with colleagues internally and externally.

 

Other Duties as Assigned

 

Knowledge, Skills, and Abilities Associated with this Position Include:

 

Demonstrated Experience in Information Security:

• Performing enterprise information security program activities, including risk assessments, security controls assessments, security awareness, training, intrusion detection/prevention, incident response, and compliance.
• Using security tools such as vulnerability management, log management, and network and asset management tools.
• Understanding information security best practices, policy compliance, and technological controls.

 

Leadership and Change Management:

• Serving in an IT leadership role, including experience with supervision, delegation, and performance management.
• Leading change and effective change management.
• Demonstrated commitment and/or experience promoting and fostering a working environment that is supportive of individuals from diverse backgrounds.

 

Adaptability and Problem Solving:

• Quickly adapting to rapidly changing security exposure scenarios/incidents.
• Owning, managing, and solving complex problems in a creative and timely manner.

 

Communication and Interpersonal Skills:

• Establishing and nurturing cross-functional relationships and building consensus.
• Articulating to a non-technical audience the implications and trade-offs associated with information security risks.
• Providing excellent service to diverse constituents, cultivating partnerships, and maintaining collegial relationships throughout the organization.
• Strong writing, speaking, and presentation skills.

 

Strategic Thinking and Proactivity:

• Thinking and acting strategically and proactively.
• Developing, interpreting, implementing, and articulating plans that balance improving security posture with capacity while enabling necessary functionality to meet business objectives.

 

Technical and Regulatory Knowledge:

• In-depth knowledge of laws and standards relevant to information security (such as HIPAA, PCI, and FERPA) and ability to balance their practical applicability.
• Experience with modern enterprise architecture across on-premise, cloud, and hybrid environments.
• Ability to participate in technical conversations about topics such as networks, systems, log management, firewalls/IDP, SSO, MFA and emerging technologies.

 

Organizational Skills:

• Good organizational and documentation skills; strong orientation to details.
• Managing complex projects, prioritizing based on strategic goals, planning information security improvements, and meeting deadlines.

 

Minimum Qualifications:

Education:

 Bachelor’s degree from an accredited institution or equivalent experience.

Experience:

At least five years of experience in information security or related fields.

 

Preferred Qualifications:

Educational Background:

• Bachelor's or advanced degree in an appropriate area of expertise (e.g., Computer Science, Software Engineering, MIS, or related discipline).
• Professional Certification:
• Certified Ethical Hacker, Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), or equivalent professional certification in information or technology security.

 

Technical Knowledge and Skills:

• Knowledge of security models and architectures including segmentation/isolation, layering, and domains and how they may be applied to meet specific information protection requirements.
• Knowledge of specific domains as they apply to information protection: physical security, telecommunications and network technology, cryptography, application and system development, identity management.

 

Experience and Abilities:

• Proven experience implementing processes that span functional or organizational areas.
• Demonstrated understanding of higher education organizational structures and mission; experience with shared governance.

 

Application Procedure: To apply, qualified candidates must electronically submit the following materials by clicking the Apply Now button:

• Letter of Interest
• Resume or Curriculum Vitae
• Contact information for at least three professional references

Application Deadline: The deadline to submit application materials before first review is 11:55 p.m. on Sunday, October 20, 2024.

Any inquiries about this recruitment can be directed to careers@humboldt.edu or Cal Poly Humboldt’s Human Resources Office at (707) 826-3626.

We acknowledge that Cal Poly Humboldt is located on the unceded lands of the Wiyot people, where they have resided from time immemorial. We encourage all to gain a deeper understanding of their history and thriving culture. As an expression of our gratitude we are genuinely committed to developing trusting, reciprocal, and long lasting partnerships with the Wiyot people as well as all of our neighboring tribes. Cal Poly Humboldt was the first campus in the California State University system to offer a stand-alone major in Native American Studies.

Cal Poly Humboldt is committed to enriching its educational environment and its culture through the diversity of its staff, faculty, and administration. Persons with interest and experience in helping organizations set and achieve goals relative to diversity and inclusion are especially encouraged to apply.

 

Working in the state of California is a condition of employment for this position. Even if part or all of an employee's assignment can be performed remotely, the employee must maintain a permanent residence in the state of California. The employee must be able to accept on-campus work assignment, as assigned, and come to campus when needed.

CSU strongly recommends that all individuals who access any in-person program or activity (on- or off-campus) operated or controlled by the University follow COVID-19 vaccine recommendations adopted by the U.S Centers for Disease Control and Prevention (CDC) and the California Department of Public Health (CDPH) applicable to their age, medical condition, and other relevant indications and comply with other safety measure established by each campus. The systemwide policy can be found at CSU Vaccination Policy and any questions you have may be submitted to hr@humboldt.edu.

Cal Poly Humboldt hires only individuals lawfully authorized to work in the United States. This position may be considered a “Campus Security Authority”, pursuant to the Clery Act, and is required to comply with the requirements set forth in CSU Executive Order 1107 a condition of employment.

CAL POLY HUMBOLDT IS NOT A SPONSORING AGENCY FOR STAFF OR MANAGEMENT POSITIONS (e.g. H1-B VISAS)

Evidence of required degree(s), certification(s), or license(s) is required prior to the appointment date. Satisfactory completion of a background check (including a criminal records check, employment verification, and education verification) is required for employment. Cal Poly Humboldt will issue a contingent offer of employment to the selected candidate, which may be rescinded if the background check reveals disqualifying information, and/or if it is discovered that the candidate knowingly withheld or falsified information.  Certain positions may also require a credit check, motor vehicle report, and/or fingerprinting through Live Scan service. Failure to satisfactorily complete or adverse findings from a background check may affect the employment status of candidates or continued employment of current CSU employees who are being considered for the position.

Cal Poly Humboldt is committed to achieving the goals of equal opportunity and endeavors to employ faculty and staff of the highest quality reflecting the ethnic and cultural diversity of the state. Additional information about Cal Poly Humboldt can be found at www.humboldt.edu.

Cal Poly Humboldt is a Title IX/Affirmative Action/Equal Opportunity employer. We consider qualified applicants for employment without regard to race, religion, color, national origin, ancestry, age, sex, gender, gender identity, gender expression, sexual orientation, genetic information, medical condition, disability, marital status, protected veteran status, or any other legally protected status.  Mandated Reporting: This position may be considered a “mandated reporter” under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 as a condition of employment.

Additionally, all CSU staff and faculty receive training annually on their obligations in responding to and reporting incidents of sexual harassment and sexual violence. You will be notified by email when you are required to take this mandated training.

Class Code: 3312
Publication Date: 10/4/2024