Security Manager/Director

This position is eligible for health, dental, life insurance and other benefits through Chicago State University. Click here for a complete list of benefits: https://csu.edu/humanresources/benefits.htm

Chicago State University ( CSU), is the oldest public university in the Chicago metropolitan area. Chicago State University is Illinois' only four-year U.S. Department of Education-designated Predominantly Black Institution ( PBI). CSU serves over 1,500 undergraduate students and nearly 900 graduate students. The university is a nationally accredited university with five colleges in Arts and Sciences, Business, Education, Health Sciences and Pharmacy and proudly supports a diverse and non-traditional student population that hails from 28 countries and 36 states.

Discover the latest advancements and milestones achieved by CSU in our Annual Report: https://www.csu.edu/president/annual_report.htm.

The Office of Information Security has both an internal and external focus and serves as a primary decision maker in the Office of Information Security. This position will fill in as the primary information security ( INFOSEC) decision maker when the CISO is unavailable. The Office of Information Security owns and is accountable for team management, and maintenance and growth of information security processes and procedures. The Office of Information Security is responsible for hiring and firing decisions as well as creating and enforcing staff performance improvement plans.

This position is a hands-on position, as such the Office of Information Security will provide oversight of all aspects of INFOSEC operations including development, recording and analysis of key performance metrics to ensure continuous improvement of INFOSEC processes. The Office of Information Security also coordinates development and implementation of control standards and initiatives throughout the University to increase security. The Office of Information Security is responsible for investigating, directing, and overseeing investigations related to security breaches, misuse of state resources and or possible violations of law such as HIPAA, FERPA, copyright, and PCI regulatory violations. The Office of Information Security will collaborate with federal, state, and local law enforcement when required. Additionally, the Office of Information Security will assist Human Resources, General Counsel, and Ethics Officers as it relates to investigations or matters filed with external agencies.

Because of his/her broad-ranging responsibilities, the Office of Information Security has an expectation of extended availability that transcends normal business hours. They are experts in INFOSEC processes and procedures. They work with little administrative direction and may provide coaching and mentoring to colleagues and lower-level employees within this series. They participate in long-range planning and may manage departmental projects within divisional guidelines and structure.

Ensure team members log all relevant incident or request details in appropriate systems according to information security processes and DoIT ITSM processes.

Evaluates team status updates and makes strategic decisions around the work to be done

Uses knowledge and experience to provide first-line investigation and diagnosis and, whenever possible, resolves incidents and fulfills requests when first contacted.

Research security trends and tools to ensure team stays current in knowledge and skills.

Ensure incidents and requests are escalated as appropriate due to need, complexity, risk or general discretion

Coaches, mentors, and provides inspiration for team to improve performance and technical knowledge

Resolves conflict to improve interpersonal connections and professional relationships Creates and enforces staff performance improvement plans

Ensure team members develop strong knowledge in NIST and CIS security frameworks to design and implement controls and procedures for security and ease of audit.

Establishes goals and metrics, and evaluates results to measure progress of goals

Research and stay current on regulations to stay current in knowledge and skills Determines and develops processes to meet regulatory, risk, and audits requirements.

Designs Controls to meet business needs in accordance with business risk levels and regulations that map to NIST and/or CIS security frameworks

Understands security compliance regulations and works with cross functional teams on security tools implementation for compliance (i.e. PCI, GLBA, HIPAA, FERPA, etc.).

Collaborate with business units on implementing updated regulatory changes

Participates in regulatory advisory committees as an information security leader to educate the University community and IT resources on INFOSEC principles

Leads annual regulatory compliance efforts across business units.

Research security trends and tools to ensure security processes are kept current and map to NIST and/or CIS security frameworks

Propose and develop new information security procedures or process improvements, automation processes wherever possible, and implementing documentation to support reporting and audits.

Collaborates with other units and participates on projects to continuously improve integration of information security with business and IT practices.

Collaborate with federal, state, and local law enforcement when required

Assist Human Resources, General Counsel, and Ethics Officers as it relates to investigations or matters filed with external agencies.

Creates and tracks KPI's for forms, incidents, requests, security tools, and processes

CREDENTIALS TO BE VERIFIED BY PLACEMENT OFFICER

1. Any one or any combination totaling two (2) years (24months) from the following categories:

A. College coursework which includes Information Technology (IT), IT systems, or a closely related discipline, as measured by the following conversion table or its proportional equivalent:

* 30 semester hours equals one (1) year (12 months)

* Associate's Degree (60 semester hours) equals eighteen months (18 months)

* 90 semester hours equals two (2) years (24 months)

* Bachelor's Degree (120 semester hours) equals three (3) years (36 months)

B. Work experience in IT-related functions, such as hardware/software support, programming, network design, network engineering, IT systems integration, or closely related field.

3. Based on position requirements, additional education, training, and/or work experience in the area of specialization inherent to the position may be required.

1. Bachelor's Degree and two years of work experience in a related field or Associate's degree and three years of work experience in a related field or Five years of work experience in a related field.

2. One year of supervisory experience
A. Note: As required by the position to be filled, education, training and /or work experience in the area of specialization inherent in the position may be required in meeting credential requirements #1 and #2 above

Excellent oral and written communications skills
Knowledge of the systems and operations used within the areas and departments of responsibility
Ability to oversee and coordinate activities of assigned staff
Ability to effectively communicate with other colleagues, supervisors, administrative staff, and other campus/agency units
Ability to identify and resolve technical and personnel problems
Ability to effectively communicate and professionally interact with all staff levels