Bulletin #200033; 12/23/20
DIRECTOR, IT SECURITY & COMPLIANCE/INFORMATION SECURITY OFFICER (ISO)
California State University, Los Angeles, invites applications for the above Administrator III position.
The University: California State University, Los Angeles, under the leadership of President, William A. Covino, is one of 23 campuses of the California State University system. Founded in 1947, the University is in the city of Los Angeles, adjacent to the San Gabriel Valley, and has more than 28,000 students who reflect the rich ethnic diversity of the area.
The Position: the Director of IT Security & Compliance / Information Security Officer (ISO) is responsible for the campus cybersecurity program maintaining the confidentiality, integrity and availability of services provided by the University. The ISO manages and maintains a cost-effective information technology security program including development and implementation of security standards, policies and procedures, awareness and training plan, and overall information security framework for the University. A key element of the ISO's role is working with executive management to determine acceptable levels of risk for the University. This position is responsible for establishing and maintaining a campus-wide information security management program to ensure that information assets are protected appropriately. The ISO leads incident response for the investigation and remediation of security breaches and cyberattacks, initiates appropriate actions to protect information assets, and assists with disciplinary and legal matters associated with such breaches. The ISO provides oversight of Information Technology (IT) related audit responses and conducts information security risk assessments. The ISO also works closely with the legal, audit and Human Resources Management to assist with litigation requirements. The incumbent serves as the campus ISO liaison on various committees including the CSU Information Security Advisory Committee (ISAC).
Required Qualifications and Experience: Bachelor's degree in business administration or a technology related field from a four-year accredited college or university. The incumbent must have a minimum of ten years of hands-on experience in managing, designing, implementing and/or auditing information technology security programs. The incumbent must have expertise in information investigation and litigation process. The incumbent must also have proficient knowledge of common information security management frameworks, such as ICSUAM Section 8000, ISO/IEC 27001, and NIST; state and federal information security, compliance, and privacy procedures such as GDPR and CCPA securities policies; security and data loss prevision tools such as Palo Alto Prisma Cloud Security and Cortex Endpoint Security; network penetration and incident response services such as Dell SecureWorks, Acunetix, Cloudlock, BitGlass, and Qualys; forensic handling process and software such as EnCase and Paraben; and state and federal laws and regulations affecting the handling, access, storage and disposal of Levels 1 and 2 confidential and personal data; network security policies and best practices for security network topologies. The incumbent must have excellent verbal and written communication skills, including the ability to draft and deliver technical processes, reports, presentations, and correspondence. The incumbent must have the ability to identify and interpret state and federal laws, campus guidelines, and CSU Executive Orders to determine how they apply to the campus; understand potential threats to the campus and put into place a recovery plan that ensures minimal disruption or loss of data; work with complete confidentiality with high level of personal integrity; work effectively as part of a team and to give and receive constructive feedback; schedule and prioritize in order to meet deadlines; work independently with minimal supervision; and have a demonstrated interest and ability to work in a multicultural/multiethnic environment. A background check (including a criminal records check) must be completed satisfactorily before any candidate can be offered a position with the CSU. Failure to satisfactorily complete the background check may affect the application status of applicants or continued employment of current CSU employees who apply for the position.
Desired Qualifications: Master's degree in a related field from a four-year accredited college or university. Certified Information Systems Auditor or Certified Information System Security Professional. Experience working in higher education and familiar with CSU security and compliance policies and procedures. As well as be familiar with Agile Software Process and Management.
Compensation: Salary is commensurate with experience and qualifications. A comprehensive benefits package is provided.
Appointment: The Administrator III appointment will be made under the guidelines for management and supervisory employees of the California State University. All rights and benefits associated with this appointment are governed by the Management Personnel Plan.
This position is a "designated position" in the California State University's Conflict of Interest Code. The successful candidate accepting this position is required to file Conflict of Interest forms subject to the regulations of the Fair Political Practices Commission.
Closing Date: Review of applications will begin on January 8, 2021 and will continue until the position is filled; however, the position may close when an adequate number of qualified applications are received. A completed online Cal State University, Los Angeles employment application is required. Resumes will not be accepted in lieu of a completed application.
The person holding this position is considered a "mandated reporter" under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 revised July 21, 2017, as a condition of employment.
Closing Date/Time: Open until filled
Los Angeles, California