The Director, Information Security and Compliance (Information Security Officer) is responsible for the overall administration of the Office of Information Security and Compliance and is responsible for achieving the goals and objectives critical to the department. The director will provide direction to a team of information security and compliance staff to ensure that proper controls are in place to minimize cyber security risks and will be responsible for incident response. Routinely monitor and secure campus systems and information assets. Create risk-based processes for assessment and mitigation of information security risks and compliance. Advise the Chief Information Officer (CIO) on information security trends and potential impacts to the university. Direct and coordinate efforts between information security, risk management and/or other Information Technology Services (ITS) and campus departments to adopt appropriate security controls. Lead the compliance initiative team to ensure that policies and compliance are enforced. Establish, manage, and oversee adoption of information security policies, standards, and procedures. Serve on ITS leadership team.
Responsibilities include, but are not limited to:
Information Security and Compliance Management
- Provide leadership and direction to a team of information security staff to ensure that proper controls are in place to minimize cyber security risks. Routinely monitor and secure campus systems and information assets.
- Create risk-based process for assessment and mitigation of information security risks and compliance.
- Provide leadership on incident response including but not limited to communication, technical analysis, containment and recovery.
- Advise the Chief Information Officer (CIO) on information security trends and potential impacts to the university.
- Direct and coordinate efforts between information security, risk management and/or other ITS and campus departments to adopt appropriate security controls.
- Lead the compliance initiative team to ensure that policies and compliance are enforced.
- Establish, manage, and oversee adoption of information security policies, standards, and procedures.
- Serve on ITS leadership team.
- Represent CSUSB on systemwide committee such as ISAC.
- Represent Information Security on campus committee such as Institution Review Board.
Identity Management and System Integration
- Lead and provide direction to a team to administer, maintain, monitor, troubleshoot, and continuously enhance directory services and account provisioning and de-provisioning processes.
- Collaborate with and assist ITS and campus departments to ensure appropriate and optimal integration and security of application, data, infrastructure, and architecture.
- Manage information security focused projects, collaborating and coordinating with ITS management and campus technicians to plan, and implement controls as it relates to access management and/or data security.
- Provide expertise to campuswide or systemwide projects as it relates to all aspect of information security.
- Collaborate with Internal Auditor, Chancellor’s Office, and other departments on audit response or project management.
- Develop organizational visions and operational plans.
- Coordinate with campus partners to ensure responsiveness to needs, functions, processes, and systems.
- Direct governance activities related to information security by co-chairing ISET sub-committee.
- Review, update, and test disaster recovery and business continuity plan on a regular basis.
- Other classification-related duties as assigned.
Required Application Materials:
All applicants must submit:
- A current resume or curriculum vitae.
- Diversity Statement – may include your interpretation of diversity, inclusion, gender equity and must include specific examples of how your educational and/or professional experiences, background/philosophy has prepared you for this role at California State University, San Bernardino (maximum 250 words).
Minimum Qualifications: Required Education and Experience
- Bachelor's degree and five to eight (5-8) years of professional and supervisory experience.
- In-depth knowledge of computer hardware, software, and network security issues and approaches.
- Knowledge of IT governance and operations.
- Knowledge of laws and regulations including but not limited to: Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability Accountability Act (HIPAA), Gramm-Leach-Bliley (GLB) Act, General Data Protection Regulation (GDPR).
- Knowledge and understanding of higher education, governmental agency or corporate/industry information security, governance, risk and compliance practices and standards.
- Ability to maintain security documentation and manuals.
- Exceptional verbal and written communications and the ability to communicate effectively with people at varying levels of technical fluency.
- Experience reviewing and monitoring third-party vendor contracts for appropriate data security/privacy considerations preferred.
- Demonstrated skill at administering complex security controls and configurations to computer hardware, software, and networks.
- Understanding of network/host firewalls, application gateways/proxies, anti-malware, patch management, disk encryption, centralized configuration, log management, or system hardening practices, etc.
- 5+ years of experience in the relevant fields supporting various operating systems such as Windows and/or Linux.
- Experience supporting multi-tiered systems with web, application, and/or database tiers.
- Experience supporting public cloud services such as Amazon Web Services or Microsoft Azure.
- Experience supporting directory services.
- Experience with configuration management tools such as Ansible, Terraform, or others.
- At least one industry certification (e.g. CISA, CRISC, CISSP) is highly desired.
- Experience with a compliance framework such as ISO 27K, HIPAA, PCI, or NIST 800-171 is highly desired.
- Experience in project management is preferred.
- Experience in a university setting is preferred.
- Experience working with computing systems, including deployment, configuration, and troubleshooting of compute nodes, management nodes, networking switches, and storage systems is preferred but not required.
- Intermediate skill level in Shell, Perl, Python, or similar scripting languages is preferred but not required.
- Industry certification such as Linux, AWS, Azure is preferred but not required.
Compensation and Benefits:
Anticipated Hiring Range: $115,000 - $125,000 annually (salary is commensurate upon years of experience)
Classification Salary Range: $54,996 - $176,556 annually
The salary offered will take into account internal equity and experience among other factors.
The CSU system provides a comprehensive benefit package that includes medical, dental and vision plans, membership in the California Public Employees Retirement System (CalPERS), sick and vacation time, and 14 paid holidays a year. Eligible employees are also able to participate in the fee waiver education program. A summary of benefit information can be found here.
Work status: Full-time/Exempt/At-will
Academic year schedule: Monday through Friday (8:00 am – 5:00 pm), some evenings/weekends.
Summer schedule: Monday through Thursday (7:00 am - 5:30 pm), some evenings/weekends.
This is a full-time management (MPP) position. MPP employees serve at the pleasure of the campus President. MPPs do not serve a probationary period and never receive permanent status.
This position is a "designated position" in the California State University's Conflict of Interest Code. The successful candidate accepting this position is required to file Conflict of Interest forms subject to the regulations of the Fair Political Practices Commission.
MPP: First considerations will be given to candidates who apply by Wednesday, November 29, 2023 and will continue until the position is filled; however, the position may close when an adequate number of qualified applications are received.
As of January 1, 2022, the CSU Out-of-State Employment Policy prohibits the hiring of employees to perform CSU-related work outside the state of California.
California State University, San Bernardino in not a sponsoring agency for staff or management positions (i.e. H1-B Visas).
Conditions of Employment
Satisfactory completion of a background check (including a criminal records check) is required for employment. CSU will make a conditional offer of employment, which may be rescinded if the background check reveals disqualifying information, and/or it is discovered that the candidate knowingly withheld or falsified information. Failure to satisfactorily complete the background check may affect the continued employment of a current CSU employee who was conditionally offered the position.
Drivers License Check
Possession of a valid Driver's License is required. Employees in this position will be enrolled in the Department of Motor Vehicles (DMV) Government Employer Pull Notice Program which confirms possession of a valid driver's license and reflects driving record.
The person holding this position is considered a `mandated reporter' under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 as a condition of employment.
CSUSB hires only individuals lawfully authorized to work in the United States. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire. See Form I-9 Acceptable Documents at https://www.uscis.gov/i-9-central/form-i-9-acceptable-documents.
Statement of Commitment to Diversity
In our commitment to the furthering of knowledge and fulfilling our educational mission, California State University, San Bernardino seeks a campus climate that welcomes, celebrates, and promotes respect for the entire variety of human experience. We welcome people from all backgrounds, and we seek to include knowledge and values from many cultures in the curriculum and extra-curricular life of the campus community. We will create, promote, and maintain activities and programs that further our understanding of individual and group diversity. We will also develop and communicate policies and promote values that discourage intolerance and discrimination.
California State University, San Bernardino is proud to be an Affirmative Action/Equal Opportunity Employer. We recruit, hire, train, and administer all personnel actions without regard to race, ethnicity, religion, color, caste, national origin, ancestry, age, sex, gender, gender identity, gender expression, sexual orientation, socioeconomic status, genetic information, medical condition, disability, marital status, protected military or veteran status, or any other status protected by applicable law. This position adheres to CSU policies against Sex Discrimination, Sexual Harassment, and Sexual Violence, including Domestic Violence, Dating Violence, and Stalking. This requires completion of Sexual Violence Prevention Training within 6 months of assuming employment and on a two-year basis thereafter. (Executive Order 1096) For more information about Diversity & Inclusion at CSUSB, please visit https://www.csusb.edu/human-resources/diversity-inclusion
We provide reasonable accommodations to applicants and employees with disabilities. Applicants with questions about access or requiring a reasonable accommodation for any part of the application or hiring process should contact Nora Jean Fernandez, ADA Manager at Nora.Fernandez@csusb.edu
CSUSB is a smoke and tobacco-free campus. See policy at https://calstate.policystat.com/policy/6591951/latest/.
In compliance with state and federal crime awareness and campus security legislation, including The Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act, California Education Code section 67380, and the Higher Education Opportunity Act (HEOA), the Cal State San Bernardino Annual Security and Fire Safety Report is available at: https://www.csusb.edu/clery-act