Hofstra University is a nationally ranked and recognized private university in Hempstead, N.Y. that is the only school to ever host three consecutive presidential debates (2008, 2012 and 2016). At Hofstra, students get the best of both worlds. Our campus is a leafy oasis just a quick train ride away from New York City and all its cultural, recreational and professional opportunities. We offer small classes and personal attention, with the resources, technology and facilities of a large university. Students can choose from more than 160 undergraduate program options and 165 graduate program options in the liberal arts and sciences, education, health professions and human services, the Peter S. Kalikow School of Government, Public Policy and International Affairs, the Fred DeMatteis School of Engineering and Applied Science, the Frank G. Zarb School of Business, the Lawrence Herbert School of Communication, the Maurice A. Deane School of Law, the Hofstra Northwell School of Nursing and Physician Assistant Studies, and the Donald and Barbara Zucker School of Medicine at Hofstra/Northwell. Hofstra University is a dynamic community of more than 11,000 students from around the world who are dedicated to civic engagement, academic excellence and becoming leaders in their communities and their careers. Hofstra University is an equal opportunity employer committed to fostering diversity in its faculty, administrative staff and student body. We especially encourage women, people of color, members of the LGBTQ+ community, veterans and people with disabilities to apply.
Position Title | Director of Information Security and Information Security Officer
Position Number | 896570
School/Division | ITS Information Security (division)
Full-Time or Part-Time | Full-Time
Reporting to the Chief Information Officer, the Director of Information Security and Information Security Officer (ISO) is a member of the ITS senior leadership team and works closely with the campus community, including academic and administrative departments. The ISO is an advocate for the University’s information security needs and is responsible for the development and delivery of a comprehensive information security strategy to optimize the information security posture of the University.
The ISO leads the development and implementation of a security program that leverages collaborations and campus-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risk. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities at the campus level.
Information Security Program Leadership
- Responsible for the strategic leadership of the University’s information security program.
- Provide guidance and counsel to the CIO and key members of the University’s leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security, while building relationships and goodwill.
- Manage institutional information security governance processes.
- Lead information security planning to establish an inclusive and comprehensive information security program for the entire institution in support of academic, research, and administrative information systems and technology.
- Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services, and create maturity models and a roadmap for continual program improvements.
- Stay current with information security issues and regulatory changes affecting higher education at the state, national, and global levels. Participate in policy and practice discussions and communicate to campus on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
- Provide leadership philosophy for the ITS Information Security team (currently two staff, in addition to the director), create and maintain strong working relationships with other teams, build respect for the contributions of all and bring groups together to share information and resources and create better decisions, policies, and practices for the University.
- Provide mentorship to Information Security team members and implement professional development plans for all members of the team.
- Special projects and other duties as assigned.
Policy, Compliance, and Audit
- Participate in the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the University’s information and technology systems.
- Work with Internal Audit, outside auditors, and other consultants as appropriate to complete security assessments and audits.
- Coordinate and track all information technology and security related audits including scope of audits, units involved, timelines, participants, and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation, and advocacy on audit responses.
- Work with University leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the University to effectively address applicable statutory and regulatory requirements.
Outreach, Education, and Training
- Work closely with other ITS leaders, technical experts, and academic and administrative leaders across campus on a wide variety of security issues that require an in-depth understanding of the IT environment in their units, as well as the research landscape and regulations that pertain to their unit’s research areas.
- Create education and awareness programs and advise academic and administrative units on security issues, best practices, and vulnerabilities.
- Work with campus groups to build awareness and a sense of common purpose around information security.
- Pursue student security initiatives to address unique needs in protecting identity theft, mobile social media security, and online reputation program.
Risk Management and Incident Response
- Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise.
- Develop, implement, and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
- Provide leadership, direction, and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
- Examine impacts of new technologies on the University’s overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
- Bachelor’s degree required.
- Eight years of full-time professional experience in information technology, including evidence of successful and progressively responsible roles in information security or related area (including growth in levels of responsibility, complexity of work, numbers, and sophistication of employees) related to the essential responsibilities listed.
- Demonstrated fluency in written and spoken English with the sophistication necessary to effectively communicate technical details to both technical and non-technical individuals.
- Demonstrated willingness and ability to carry out the essential responsibilities listed with humility, grace, and optimism.
- Demonstrated understanding of, sensitivity to, and respect for the academic, cultural, and social diversity in the Hofstra University community.
- Advanced degree in computer science, computer engineering, information security, or related field strongly preferred.
- One or more relevant professional certifications (e.g., CISSP, CISM/A, etc.) strongly preferred.
- Experience with state and federal information security regulatory requirements (GLBA, FERPA, HIPAA, etc.) and other compliance requirements (PCI, etc.).
- Knowledge of and experience applying industry-standard IT security frameworks (NIST, IHECF, etc.).
- Significant experience in computing and information security, network security issues, and security incident response and recovery in a higher education environment.
- Significant experience in communicating information security principles and concepts to non-technical stakeholders, and success in improving cybersecurity awareness in a higher education environment.
- Working knowledge of the information security policy and regulatory environment of information security, particularly in higher education.
- Demonstrated experience and success in advising and collaborating with key stakeholders relevant to the essential responsibilities listed, including senior leadership, Internal Audit, outside auditors, and consultants.
- Professional experience in a leadership role in a higher education institution.
Special Instructions |
Deadline | Open Until Filled
Date Posted | 12/08/2022
EEO Statement | Hofstra University is an equal opportunity employer, committed to fostering diversity in its faculty, administrative staff and student body, and encourages applications from the entire spectrum of a diverse community.