Information Security Officer (ISO)/ IT Security and Compliance Manager

Reporting to the Chief Audit Executive, the IT Security and Compliance Manager serves as the Information Security Officer for Texas Southern University as prescribed by state policy. This role plans, coordinates and implements security measures to safeguard information resources. Reviews violations of computer security procedures and coordinates with appropriate authorities to avoid repeat violations. Develops and coordinates the implementation and testing of plans to continue or restore data processing activities in case of disaster. Coordinates with users to establish priority activities according to the importance of business. Responsibilities also include the determination of the enterprise’s information security policy and strategy. Oversees the development, implementation, and enforcement of information security standards and procedures. Ensures that all information systems are functional correctly regarding secure policy. In charge of IT risk evaluations, audits, and security incident investigations. Reports relevant information and data regarding information security to the state and oversight agencies.

Develops, implements and maintains the university’s risk management and disaster recovery programs for Information Technology, including managing the periodic testing of the disaster recovery plan designed to protect against the potential effects of disaster. Assesses and monitors IT governance, general computing controls, development and applications security awareness, controls effectiveness and maturity within an integrated framework. Identifies vulnerabilities that may cause inappropriate or accidental access, disclosure, modification or destruction of information; establishes security controls to eliminate or minimize their potential effects. Ensures the university critical or sensitive information resources are identified, all information resources are assigned ownership, and that the duties of owners are prescribed. Serves as the university’s internal and external point of contact for information security matters, and keeps management aware of legal and regulatory changes affecting information security, privacy and computer crime. Manages the development, implementation and testing of security controls and methods; directs efforts for including safeguards in the development or acquisition of automated information systems. Ensures user lists are current and auditable; oversees procedures for password control; reports to management on university’s security posture, including problem areas and recommended improvements. Ensures proper backup procedures are established and followed; establishes procedures to monitor and ensure compliance with established information security, technology and risk management policies and procedures. Coordinates with Internal Audit to develop effective automated information systems relative to information security, technology and risk management. Coordinates with programming and technical managers on matters related to the planning, development, implementation or modification of information security, technology and security risk management policies and procedures. Establishes training programs to ensure that staff are educated and aware of their roles and responsibilities in regards to information security, technology and risk management. Performs other job related duties as required.

100%

Bachelor’s Degree (B.A. or B.S.) in Information Technology, Business or closely related discipline from an accredited four-year college or university preferred.

Certifications in any combination of CISSP, CISA, CISM, CCNP preferred.

Must be proficient in the use of personal computers and Microsoft Office software such as Word, Excel, Power Point and Access. Awareness of the BANNER ERP application, Oracle based systems and platforms and infrastructure including (but not limited to): Cisco, Linux, Windows, Microsoft and related platforms.

Requires seven (7) to ten (10) years of directly related experience. Requires broad knowledge of complex systems and procedures.

Lead worker over others in similar jobs and/or provide work leadership and direction for students and/or employees.

Tasks are multiple and focus more on single processes. Work is sometimes standardized and sometimes varied. No responsibility for budget, revenues and expenditure authority.

Performs duties within scope of general University policies, procedures and objectives. Analyzes problems and performs needs assessments. Uses judgment in adapting broad guidelines to achieve desired result. Regular exercise of independent judgment within accepted practices. Makes recommendations that affect policies, procedures and practices. Refers exceptions to policy and procedures to the supervisor.

High-level contact with others in key positions. Contact usually involves several areas within the University and/or with community, government, business leaders, media and dignitaries. Typically handles highly sensitive and/or confidential information.

Anticipates customer needs and regularly motivates or influences others to deliver customer service excellence. May troubleshoot highly sensitive or confidential issues. Personally ensures problem resolution. Identifies barriers to effective customer service and sets customer service standards. Establishes a customer feedback system and holds self accountable for customer service excellence within the department or program.

Work is performed within routine office environment with no exposure to hazardous or unpleasant conditions. Physical demands are usually limited to sitting or standing in one location much of the time. Some stooping, lifting or carrying objects of light weight may be required.