$200K - $250K(Ladders Estimates)
Primary Purpose:Assists in the development, implementation, and management of an information security program for the university to include the development and management of information security policies, procedures, and technical systems in order to maintain the confidentiality, integrity, and availability of NSU's organizational information systems. Essential Job Functions:1. Cultivates, reviews, and interprets new sources of information on current and emerging laws, rules, regulations, and industry practice relating to Information Technology (IT) security.
2. Researches applicable hardware and software in Information Technology Security.
3. Develops and maintains a cost-effective Information Technology security program for the University including policies, procedures, guidelines, awareness and training, to support the overall security and integrity of the University's electronic information, information systems, and information networks.
4. Works with Information Technology infrastructure owners and under the authority of the Chief Information Officer and his/her designee, implements the Information Technology security program.
5. Develops, implements, and provides training policies, standards, guidelines, and security monitoring processes in relation to general control, security programs, and privacy regulations.
6. Serves as the Deputy HIPAA Security Officer to oversee implementation of HIPAA security regulations and to provide ongoing compliance monitoring and education on HIPAA security.
7. Prepares and maintains the University-wide Information Technology security plan to ensure compliance with regulations.
8. Provides guidance and direction for the physical and logical protection of Information Technology resources to other functional areas of the University infrastructure.
9. Establishes a reporting process to ensure that management is kept appraised of the effectiveness of Information Technology security and problem resolution.
10. Complies with all Federal, State, and University policies.
11. Acts as internal consultant to other members of the organization on matters related to information security, policy, and privacy issues.
12. Performs other duties as assigned or required. Marginal Job Functions:This position requires the availability to travel, and worknights/weekends as needed. Required Knowledge, Skills and Abilities:1. Knowledge of physical and logical information security systems.
2. Strong technical and maintenance skills (application and operating system hardening, vulnerability assessments, security audits, TCP/IP, intrusion detection systems, firewalls, virus systems, security log management systems, identity and access management systems, etc.).
3. Ability to maintain confidentiality, a high degree of integrity, and trust along with the ability to work independently and as a team contributor with internal and external stakeholders in a diverse environment.
4. Ability to weigh business risks and enforce appropriate information security measures.
5. In-depth knowledge of the HIPAA Security Rule, PCI-DSS, NIST, and other information security regulatory requirements.
6. Demonstrated understanding of supported system architectures and evolving technology.
7. Working knowledge of and experience in the policy and regulatory environment of information security, especially in higher education is desirable.
8. Excellent project management, written and oral communications skills desired.
9. Proficiency with Windows (Server 2008 and above. Win7, Win8) and UNIX / Linux operating systems as well as MS SQL and Oracle database systems.
10. Outstanding interpersonal and communication skills.
11. Financial analysis and budget planning. Job Description Job Requirements Required Certifications/Licensures:CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) certification. Required EducationBachelor's Degree Major (if required):Information Technology, Clinical Informatics, or related field Required Experience:1. Minimum of five (5) years of management experience, including experience directing teams of over four (4) individuals.
2. Minimum of eight (8) years of progressively responsible experience related to information security. Preferred Qualifications:1. Masters in Computer Science, Information Systems, or a closely related field.
2. Ability to resolve complex technical issues.
3. Network and security certifications (CCNA, CCNP, GSEC, or other vendor specific certifications).
4. HIPAA Certified Security Compliance Specialist or higher certification.
5. Experience in network security implementation, configuration, and troubleshooting.
6. Certified HIPAA Professional or equivalent certification.
Valid Through: 2019-10-15