Information Security Officer

Job Level
Senior position
Job Category
C Level
  • Technology
  • Information Technology
Job Status
Areas of Responsibility
  • Information Technology
  • Security

Job Description
Essential Duties and Responsibilities

  • Responsible for developing and maintaining the enterprise information security planning and programs and to ensure information assets and technologies are protected. Build sound business relationships across the enterprise to enable a strong understanding and close alignment with business needs, direction, and business approved risks. Design and implement ongoing safeguard programs and solutions, monitor and test those programs and recommend measures for program compliance.

  • Assist in the design of security controls (security countermeasures), how they are positioned, and how they relate to the overall information technology architecture. Liaise with enterprise architects to ensure that information security architecture standards, policies, and procedures are available and enacted consistently across application development projects and programs. Liaise with the relevant parties to ensure that appropriate controls are implemented to prevent recurrence of information security incidents. Collaboratively engage with other IS functions, business representatives and Agrilife Chief Information Officers to facilitate a globally standardized approach and governance structure to information security and risk. Collaborate with enterprise architects to define physical, virtual, and logical information security architecture specifications. Coordinate the review of the data security requirements, specifications, and, if applicable, third-party risk assessment of any new computer applications or services that receive, maintain, and/or share confidential data.

  • Directs staff in identifying, developing, implementing and maintaining processes across the organization to assess and prevent information and IT risks. Review the institutions inventory of information systems and related ownership and responsibilities. Via facilitation ensure annual information security risk assessments are performed and documented by information-owners. Ensure that key risk issues are understood, communicated, and tracked on the risk register. Verify that security requirements are identified and risk mitigation plans are developed and contractually agreed and obligated prior to the purchase of information technology hardware, software, and systems development services for any new high impact computer applications or computer applications that receive, maintain, and/or share confidential data.

  • Direct the development and maintenance of information security policies and procedures, and the institution's information security risks. Develop and recommend policies and establish procedures and practices, in cooperation with the institution Information Resources Manager, information-owners and custodians, necessary to ensure the security of information and information resources. Work with the business and technical resources to ensure that controls are utilized to address all applicable requirements. With the approval of the institution head, issue exceptions to information security requirements or controls. Ensure that all IT and information security programs are in compliance with federal and state laws, regulation and Texas A&M System's standard industry practices, rules, regulations, policies and procedures

  • Manage the creation and production of business and IT metrics relating to information risk initiatives. Utilize the metrics to prioritize key initiatives and respond to negative trends. Annually, report, to the institution heads the status and effectiveness of security controls. Inform the parties in the event of noncompliance.

  • Works with the Information Security Operations Center to ensure responsive detection, containment, and remediation of IT threats. Oversee the Computer Security Incident Response Team's responses to incidents. Establish appropriate standards and controls, manage security technologies.

  • Servers as a member of the Texas A&M University System Information Security Officers Working Group and works with the System Chief Information Security Officer to keep current on System IT security initiatives.

  • Train and oversee personnel with significant responsibilities for information security. Provide guidance and assistance to senior officials, information owners, information custodians, and end users concerning their responsibilities. Create, manage, deliver, and review information security awareness training.

  • Supervise, coach, mentor, and develop senior information security staff. Oversee and guide the management of core information security risk and compliance resources and services.

  • Monitor legal and regulatory changes at system, federal and state levels that could impact business and/or security operations and ensure that all information security and compliance standards and controls are implemented appropriately.

  • Understand potential and emerging information security threats, vulnerabilities, and control techniques and communicate this information to appropriate team members throughout the institutions on a timely basis.

  • Serve as the official Information Security Officer of record with the Texas Department of Information Resources for Texas A&M AgriLife Research, Texas A&M AgriLife Extension, Texas A&M Forest Service, and the Texas A&M Veterinary Diagnostic Laboratory.

  • Participate in professional development and regular training sessions to keep current on information security best practices.

This document represents the major duties, responsibilities, and authorities of this job, and is not intended to be a complete list of all tasks and functions. Other duties may be assigned.

Additional Responsibilities
Officially represent all AgriLife Institutions at all applicable committees within the Texas A&M System. (e.g. Information Security Officer Committee)

Minimum Requirements
Education - Bachelor's degree or an equivalent combination of training and experience
Experience - Minimum Five years (eight years preferred) of progressive information technology leadership experience in IT operations/infrastructure management including five years' management of enterprise-level infrastructure operations.
Knowledge of - Must possess a working understanding of issues, technologies and solutions relating to identity and access management, information security operations (i.e., controls, incident response, computer forensics, and event monitoring), information assurance (i.e., data stewardship, policies, procedures, and regulations), security awareness, and risk management methodologies. Understanding of the enterprise information security architecture discipline, processes, concepts, and best practices. Knowledge of technological trends and developments in the area of information security and risk management.  Knowledge of firewalls, anti-virus, intrusion detection/intrusion prevention systems, virtual private networks, remote access systems, network zoning, centralized monitoring, and application scanning. Knowledge of information security and risk control frameworks such as COBiT, ISO 27001, ITIL, and ISO 31000. Knowledge of business continuity and IT disaster recovery frameworks such as ISO 22301 and ISO 27031.
Ability to - Ability to multitask and work cooperatively with others. Oral and written communication skills. Demonstrated ability to successfully manage risk, change, and innovation. Must be able to work in a collaborative team environment.
Required Licenses and Certifications: Valid Texas driver's license or must acquire one within 30 days of employment.
Preferred Licenses and Certifications:   CISSP, CISM, GSEC, CompTIA Security+, CEH
Physical Requirements - None.

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Supervision of Others
This position generally supervises employees.

Instructions to Applicants: Applications received by Texas A&M AgriLife, must either have all job application data entered or a resume attached. Failure to provide all job application data or a complete resume could result in an invalid submission and a rejected application. We encourage all applicants to upload a resume or use a LinkedIn profile to pre-populate the online application.

All positions are security-sensitive. Applicants are subject to a criminal history investigation, and employment is contingent upon the institution's verification of credentials and/or other information required by the institution's procedures, including the completion of the criminal history check.

Equal Opportunity/Affirmative Action/Veterans/Disability Employer committed to diversity.