Director of IT Security and Compliance and Information Security Officer - 19609
Job posting number: #7072397
Posted: November 20, 2020
Application Deadline: Open Until Filled
Job DescriptionThe University of Colorado Denver | Anschutz Medical Campus is a public research university serving more than 18,000 students. We award nearly 4,000 degrees each year, including more graduate and professional degrees than any other Colorado institution. With our solid academic reputation, award-winning faculty and renowned researchers, we offer more than 140 highly rated degree programs through 13 schools and colleges. The university receives over $400 million in research awards each year. In addition to the wide array of health-related programs and facilities offered at CU Anschutz in Aurora, Colo. a significant number of undergraduate and graduate degree programs are taught at CU Denver, our comprehensive campus in the heart of downtown Denver—one of America’s most vibrant urban centers. CU Denver is located steps from the Denver Center for Performing Arts and the LoDo District affording our students, faculty and staff access to a broad array of academic, professional, community, recreational and cultural outlets.
The Office of Information Technology (OIT) works to advance the University mission by providing innovative technology solutions and services to the CU Denver and Anschutz Medical Campuses, their constituents and partners.Click here to find out more about the Office of Information Technology.Through our six core values – Service, Professionalism, Leadership, Innovation, Community, and Excellence (SPLICE) – we make a difference. Click here to find out more about OIT’s Culture.
OIT is seeking a strong leader as the Director of IT Security and Compliance and Information Security Officer (ISO) to serve as a key role in IT security and compliance leadership, working closely with senior administration, academic leaders, and the campus community.
The Director of IT Security and Compliance and Information Security Officer (ISO) position requires a strong, knowledgeable leader to provide vision, strategy, and broad-based planning for IT security, compliance and operations. The ISO reports to the CIO, is a member of the Office of Information Technology (OIT) leadership team and is an advocate for the university’s total information security and compliance needs; being responsible for the development and delivery of a comprehensive information security and compliance strategy to optimize the security and IT compliance posture of the university. The ISO, in close collaboration with the OIT Program Director for Security Operations, leads the development and implementation of a security program that leverages collaborations and campus-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risk. This position is also responsible for driving the regulatory compliance activities as they relate to Information Security.
Compliance is a key priority of OIT and the Director of IT Security and Compliance is the primary individual for ensuring compliance with applicable federal, state, and local compliance rules and regulations. Further, this position leads the security operations team in ensuring that IT Security infrastructure and devices are designed and chosen to maximize the security posture of the University while ensuring ongoing business operations. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders across the University and CU System to set the best balance between security and compliance strategies and other priorities at the campus and system level.
Jobs in this career family develop, maintain, and support computer systems, software and networks. Functions include enterprise operations, distributed computing, academic computing, research computing, computer hardware and software management, computer networking, telecommunications, systems development, database administration, server administration, website management, programming, desktop support, and help desk operations.
Directors are responsible for the ongoing leadership and oversight of a department, including the development of strategies and processes which contribute to the University and/or campus mission and accountability for services provided. Directors are responsible and accountable for the analysis of fiscal and human resources required to achieve department objectives including hiring, compensation, termination, and performance management of subordinate employees.
Examples of Work Performed
University and Program Leadership
Responsible for the strategic leadership of the University’s IT Security and Compliance program.
Responsible for the strategic leadership of the University’s security operations team.
Responsible for the strategic leadership of the University’s risk and compliance team
Lead information security planning processes to establish an inclusive and comprehensive information security and compliance program for the entire institution in support of academic, research, and administrative information technology.
Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Provide a strong leadership philosophy for the IT Security and Compliance Division to create a strong bridge between organizations, build respect for the contributions of all and bring groups together to share information and resources and create better decisions, policies and practices for the campus.
Mentor the IT Security and Compliance Division team members and implement professional development plans for all members of the team.
Policy, Compliance, Governance and Audit
Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the university's data and information technology systems.
Work closely with system-level security and compliance governance to ensure campus-level issues and needs are addressed.
Drive governance efforts to define an accountability framework providing oversight to ensure that risks are adequately mitigated. Ensure that security strategies are aligned with organizational objectives and consistent with regulations.
Work closely with IT leaders, technical experts, deans and administrative leaders across campus on a wide variety of security and compliance issues that require an in-depth understanding of the IT environment in their units, as well as the research landscape and federal regulations that pertain to their unit’s administrative, academic and research areas.
Lead the development and implementation of effective university policies, standards and procedures to help secure the university’s data and IT systems.
Work with Internal Audit, the CU Office of Information Security and outside consultants, as appropriate, on required security and compliance assessments and audits.
Coordinate and track all information technology and security related audits including scope of audits, units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.
Work with university leadership and the Office of Regulatory Compliance to build cohesive security and compliance programs for the university, to effectively address state and federal statutory and regulatory requirements, including HIPAA, FERPA, PCI and FISMA.
Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors (e.g. PCI, HIPAA, and FISMA).
In close collaboration with the Program Director of Security Operations, define and implement security strategies and technologies to ensure the security of University data and resources.
Helps protect the confidentiality, integrity and availability of university data by ensuring that SecOps systems, architecture and processes reflect industry best practices.
Security by Design: supports OIT project management, architecture review and change management processes through the integration of security and compliance requirements, standards and best practices.
Make recommendations to senior IT leadership on what strategies and technologies to implement and what strategies and technologies to avoid.
Ensure that the Security Operations Team is working to successfully implement infrastructure and devices that are highly available and reliable resulting in the successful operation of the University’s business, academic, research, and clinical enterprise.