Director, Information Security

Type of Appointment: Full-Time, Management Personnel Plan (MPP II)

Anticipated Hiring Amount: $125,000 - $134,000 Annually (Commensurate with qualifications and experience)

Work Hours: Monday - Friday 8:00 am-5:00 pm

Benefits Include: (15) Paid Holidays, (24) Vacation Days, Comprehensive Benefits Package

Recruitment Closing Date: Open Until Filled

First Application Review: July 29th, 2024

THE DEPARTMENT

The Division for Information Technology & Institutional Planning (IT&IP) provides innovative, strategic, and cost-appropriate technology services in collaboration with the campus community to advance the mission of the University. The Division’s services are recognized as an essential resource in furthering the University’s mission. The Division of IT&IP will provide technology solutions, expert consultation, and leadership resulting in numerous enhancements to the advancement of learning and knowledge and to the effectiveness of campus support services and business processes for the entire University. The Department of IT Security & Compliance is responsible for

• Information Security - Works in collaboration with the campus community to protect the integrity of campus information technology infrastructure to mitigate risks and losses associated with security threats while supporting access to technology.
• Information & Digital Compliance - An information & digital compliance program to improve the efficiency and effectiveness of the internal controls and assessment processes, monitor regulations for new or changed requirements, and coordinate with internal and external auditors to ensure compliance.
• Business continuity (BC) and disaster recovery (DR) - Work with the University community to establish IT Disaster Recovery and Business Continuity criteria and plans;
• Accessible Technology - Leadership, oversight, and coordination for the campus implementation of the CSU's Accessible Technology Initiative (ATI) to comply with Section 508, WCAG 2.0AA, and WAI-ARIA. It includes each of the three priority areas of ATI: web accessibility, instructional materials accessibility, and procurement.

DUTIES AND RESPONSIBILITIES

Vulnerability Management, Alert Monitoring, and Response

• Oversight for vulnerability analysis, process, and management, which includes vulnerability scanning/reporting process. Includes use of campus vulnerability, SIEM systems and log management systems. Work with CISO, security staff and IT staff to perform technical analysis of high impact vulnerabilities and coordinate/verify response with appropriate technical teams.
• Provide Leadership for alert monitoring security tools and services, investigate, respond, and escalate as appropriate.
• Communicate with CISO to follow incident response process, coordinate with appropriate campus security and technical teams as appropriate.
• Participate as requested in approved campus investigations as a representative of IT Security & Compliance Department in accordance with CSU and CPP policy and procedures following accepted industry best practices/principles as well as ethics, privacy, and confidentiality.

Risk Management & Compliance

• Perform risk and control assessments of campus 3rd party products/service and new projects
• Participate in contract review and negotiations for compliance with legal and policy obligations
• Provide subject matter expertise related to information security, standards and regulatory compliance.
• Provide recommendations for security controls and ensures remediation of any deficiencies to ensure compliance with CSU, campus policy and regulatory requirements.
• Provide subject matter expertise for initiatives related to information security and regulatory compliance.
• Coordinate and align security operation practices and compliance requirements through department and campus partnerships, training, and documentation.
• Collaborate with campus IT and functional departments to assess, design, develop and implement security controls for campus systems, applications, devices, workstations, networks, for faculty staff and student environments.
• Participate as a member of the IT change control process to assess changes for IT security impact.
• Contribute to campus & CSU security & risk assessments, audits & reports.

Reporting & Communications

• Build and maintains an effective evidence and metrics-based culture to measure program and process effectiveness.
• Provide status reporting to all levels of management.
• Maintains a broad knowledge base on the latest information security issues related to job duties.
• Raises security risks to CISO, or other members of the IT&IP leadership as appropriate, using effective communication about impact, cause and remediation using campus incident procedures.
• Participates in teams and contributes to the development and maintenance of a security awareness programs for the campus community
• Participates in teams and shares knowledge with other IT&IP team members and the campus community through cross-training, presentations, etc.
• Promotes awareness of IT&IP security and compliance working with IT and campus management. Awareness and training program that focuses on the elements of the compliance program, and seeks to ensure that all appropriate employees and management are knowledgeable of, and comply with, pertinent federal and state, and CPP policies and standards.
• Demonstrates ongoing and self-motivated pursuit to enhance knowledge and skills (both technical and non-technical) through formal and informal trainings, conferences/events, informal learning plans, professional memberships, etc.

Supervision/Leadership

• Serve as a member of the IT&IP Leadership Team and contribute to regularly scheduled management meetings.
• Works in collaboration with other IT&IP leaders on the division's strategic planning initiatives, projects and related assignments.
• Supports and coordinates various campus risk and security assessments as assigned.
• Represents IT&IP in various campus committees and venues, leveraging them as additional input sources for planning and feedback.
• Works with faculty, staff and students on cyber security initiatives and partnerships (grants, cyber fair, etc.)
• Promote professional development of department staff through cross training, vendor/application specific conferences/courses.
• Lead the department in the assessment and development of procedures that reflect continuous improvement.
• Works in collaboration with other IT&IP leaders to draft and formalized CPP and IT&IP policy and procedures in a collaborative environment.

QUALIFICATIONS

• Ability to quickly and accurately aggregate, analyze, and review large volumes of technical and non-technical information to support simultaneous assessments for audits, compliance, vulnerabilities, risk analysis, incidents, investigations, etc.
• Ability to analyze complex situations such as personnel, operational, technical or security issues and to develop and work with and through others to implement corrective actions and/or mitigation strategies for university-wide success.
• Ability to interpret and evaluate data and results to develop sound conclusions and make recommendations, including new or revised guidelines, procedures, practices, and/or policy.
• Ability to understand problems from a broad, interactive perspective and discern applicable underlying principles to conceive of and develop strategic solutions;
• Ability to understand and interpret technical information and communicate technical information to vendors and end users with different levels of technical expertise.
• Familiarity with IT audit, compliance or security risk assessment, policy management, or compliance programs.
• Familiarity with regulatory requirements, standards, and guidelines such as PCI DSS, CLETS/JDIC, HIPAA, GLBA, Red Flag Rule, GDPR, FERPA, OWASP, Section 508 of the Rehabilitation Act, WCAG, WAI-ARIA, etc.
• Familiarity with control frameworks such as MITRE ATT&CK, NIST, COBIT, ISO27001, ITIL
• Demonstrated consultative, interpersonal, and communications skills required to work with diverse technical and non-technical audiences to develop and promote high-performing teams, partnerships, inclusivity, and transparency with others.
• Excellent oral and written communications skills required to communicate to technical and nontechnical audiences in a team environment including experience preparing and presenting information clearly and concisely to a wide-range constituencies, including executives.
• Demonstrated ability to offer constructive opinions and alternative solutions to a problem and be supportive of the final decision once it has been made.
• High ethical standards and business acumen.
• Ability to lead, motivate, manage, train, and develop technical and non-technical staff members.
• Familiarity with professional development and progressive discipline techniques, ability to understand and interpret complex policies and related documents in accordance with CSU and CPP policy and procedures.

Preferred Qualifications

• Master's degree in Instructional Technology, Information Technology, Computer Science, Business Administration, or related discipline.
• Relevant IT professional certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or other Information Security / IT audit certification (e.g., CISA); Program Management Professional (PMP), ITIL Foundations, AWS/ Azure certifications
• Demonstrated experience with information technology risk, security, and/or privacy within a large-scale IT organization.
• Prior management experience within a comprehensive or large university environment, preferably a California State University campus or a University of California campus, in a technology-related environment.
• Demonstrated experience with the full implementation of large-scale projects.
• Demonstrated ability to work proactively and creatively in a fast-paced and ever-changing environment.
• Ability to work collaboratively in an environment with multiple and diverse priorities, basing decisions on sound judgment and discretion for confidentiality.
• Expertise in critical support services, complex applications support, and excellent customer service.
• System administrative experience in computing platforms running Windows-based and Linux based operating systems;
• Experience in managing and/or securing systems and infrastructure in an IaaS cloud platform such as Amazon AWS or Azure;
• Knowledge of modern programming languages, including PowerShell, ASPX, VBScript, SQL, Shell Scripts, Perl, Knowledge of networking technologies, including TCP/IP, DNS, DHCP, routing and firewall configuration and operation
• Ability to debug complex technical problems with modern computer operating systems, applications, and networks.
• Demonstrated progressive experience leading or managing information technology professionals to accomplish department and/or organizational objectives with a proven commitment to promoting and maintaining a service-oriented culture position.

Equity, Diversity, and Inclusion

At Cal Poly Pomona, we are committed to the urgent and ongoing work of creating and sustaining an inclusive campus where all students, faculty, and staff are welcomed and respected and can flourish to achieve their dreams of success. We believe diversity strengthens community. Cal Poly Pomona proudly holds designations as both a Hispanic-Serving Institution (HSI) and an Asian American and Native American Pacific Islander-Serving Institution (AANAPISI). In 2022, the campus launched the Black Thriving Initiative recognizing that Cal Poly Pomona’s future as a university must be linked to the success of its Black community. More information about our campus initiatives can be found on the Office of Inclusive Excellence’s website.

Equity, Diversity, and Inclusion

At Cal Poly Pomona, we are committed to the urgent and ongoing work of creating and sustaining an inclusive campus where all students, faculty, and staff are welcomed, respected and can flourish to achieve their dreams of success.

We believe diversity strengthens community. Cal Poly Pomona proudly holds designations as both a Hispanic-Serving Institution (HSI) and an Asian American and Native American Pacific Islander-Serving Institution (AANAPISI). In 2022, the campus launched the Black Thriving Initiative recognizing that Cal Poly Pomona’s future as a university must be linked to the success of its Black community.

More information about our campus initiatives can be found on the Office of Inclusive Excellence’s website .

Out of State Work

The California State University (CSU) system is a network of twenty-three public universities providing access to a quality education through the support of California taxpayers. Part of CSU’s mission is to prepare educated, responsible individuals to contribute to California’s schools, economy, culture, and future. As an agency of the State of California, the CSU’s business operations almost exclusively reside within California. The CSU Out-of-State Employment Policy prohibits hiring employees to perform CSU-related work outside California. For more information, go to https://calstate.policystat.com/policy/10899725/latest/ .

Background Check

Cal Poly Pomona will make a conditional offer of employment to final job candidates, pending the satisfactory completion of a background check (including a criminal records check). The conditional offer of employment may be rescinded if the background check reveals disqualifying information, and/or it is discovered that the candidate knowingly withheld or falsified information. In determining the suitability of the candidate for the position, Cal Poly Pomona will give an individualized assessment to any information that the applicant submits for consideration regarding the criminal conviction history such as the nature, gravity and recency of the conviction, the candidate’s conduct, performance or rehabilitation efforts since the conviction and the nature of the job applied for. For more information, go to https://calstate.policystat.com/policy/13813878/latest/ .

Employment Eligibility Verification

Cal Poly Pomona hires only individuals lawfully authorized to work in the United States. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire. For more information, go to https://www.uscis.gov/i-9-central/form-i-9-acceptable-documents .

Conflict of Interest

This position is a “designated position” in the California State University’s Conflict of Interest Code. The successful candidate accepting this position is required to file financial interest disclosure forms subject to state regulations. For more information, go to https://www.cpp.edu/eoda-hr/departments/hrpar/coi.shtml .

Advertised: Jul 05 2024 Pacific Daylight Time
Applications close:

Closing Date/Time:

Pomona, California 91768 United States View Map