Information Security Manager

Job Summary:

The Information Security Manager is a member of the IT leadership team and will lead information security, cybersecurity, and IT risk management programs based on industry-accepted information security and risk management frameworks. The Information Security Manager is responsible for designing, implementing, operating, and maintaining an information security framework, processes, and systems. The Information Security Manager will guide FNU's information security program and support the IT leadership team in developing and implementing appropriate security controls for enterprise applications and infrastructure. The Information Security Manager will also coordinate and guide cybersecurity and incident response activities.

Duties and Responsibilities:

• Plan and conduct information security risk assessments to proactively identify, mitigate, and reduce risk to the organization.

• Provide leadership in establishing IT policies, guidelines, standards, processes, procedures, best practices

• Guide the development and implementation of appropriate security controls for information technology applications and infrastructure

• Proactive identification of risks and protecting FNU information, applications, and infrastructure from external/internal threats and implement processes which help manage and reduce the overall risk impact to the enterprise

• Manage the design, implementation and management of appropriate processes and controls which help assure that information created, acquired or maintained by FNU and its authorized users, is used in accordance with its intended purpose

• Develop, implement, and test incident response plans

• Coordinate incident response activities

• Review third party contracts for compliance with security requirements and recommending appropriate language, as necessary

• Providing guidance and recommendations to help FNU comply with regulatory requirements (e.g. FERPA, GLBA, HIPAA, and PCI-DSS)

• Preparing reports that identify technical and procedural findings, and providing recommended remediation strategies and solutions

• Communicating risk posture, security metrics, and security issues to leadership

• Collaborating with technical and non-technical teams to analyze and recommend actions related to compliance, vulnerabilities, and control weaknesses

• Providing security requirements to be included in statements of work and other appropriate procurement documents

• Develop methods to monitor and measure risk, compliance, and assurance efforts

• Ensure that risk management processes are followed and documented

• Promoting security awareness across the organization

• Provide service to the University through activities such as involvement in FNU shared governance (e.g. committees, workgroups), FNU sponsored activities (e.g. charity drives, community-outreach activities), and/or service to the profession (e.g. presentations, professional organization committee work).

• Adhere to the elements of the Culture of Caring

• Other duties as assigned.

Required Skills/Abilities

• Primarily days; 8:00 AM – 5:00 PM. However, this position may require additional time during evenings, weekends, and holidays to accomplish work goals

• Strong technical knowledge of information security, risk management, compliance, and incident response activities

• Advanced knowledge of NIST CSF, GLBA, PCI, COBIT, ITIL, and risk management frameworks including NIST SP 800-30,NIST SP 800-39 preferred

• Demonstrated ability to lead and perform risk assessment/management activities

• Strong analytical skills and the ability to resolve complex problems

• Ability to work independently

• Strong interpersonal and communication skills and ability to effectively communicate with management, staff and regulatory agencies

• Policy and procedure development

Education and Experience:

• Associate degree and 10+ years of related higher education IT experience, with at least 2 years in an Information Security, IT Audit, Cybersecurity or similar role.

• Relevant certifications within two years of hire (e.g. CISSP, CISM, CISA)

Physical Requirements:

• Should be able to stand/sit for long periods of time.

• Must maintain a valid driver’s license and reliable mode of transportation in order to attend work-related meetings and events off-site.

Reporting Relationship:

Reports directly to the Director of IT

Work Location:

Eligible for hybrid telecommuting agreement after 30 days of employment.

Versailles, KY