College Information Security Officer

Job DescriptionGeneral Description:
The College Information Security Officer (ISO) is responsible for the planning and administration of the colleges information security program. Specifically, this position has responsibility for implementing the policies, standards, and procedures necessary to protect the college and VCCS ITS infrastructure from external or internal threats; manage access to college and VCCS systems, and administer the college IT security operations.

Duties and Tasks:.

• Developing and maintaining information security program.
• Develop and implement an on-going risk assessment.
• Provide vision and leadership for developing and supporting privacy practices.
• Maintain and develop policies, procedures and SLAs associated with IT security program(s).
• Ensure compliance with federal, state, local, NVCC, and VCCS laws, rules, and regulations.
• Other duties as assigned.

Special Assignments

May be required to perform other duties as assigned. May be required to assist the agency or state government generally in the event of an emergency declaration by the Governor.

KSA's/Required QualificationsRequired KSAs:

• Knowledge or certification equal/equivalent to Certified Information Systems Security Professional (CISSP)
• Knowledge of components of robust security program
• Exceptional communication skills both orally and in writing
• Ability to articulate issues and persuade others to a recommended solution
• Excellent organizational skills
• Knowledge of security-related programs, including but not limited to, risk management, vulnerability management, policy and procedure development, audit/reporting, and incident response
• Ability to multi-task and work in a fast-paced environment
• Ability to lead the work of others
• Ability to develop, coach and counsel subordinate employees
• Ability to identify and resolve complex technical issues
• Some knowledge of network protocols, routing and systems operations

Minimum Qualifications:

• Extensive experience in relevant IT and industry roles.
• Extensive experience in Senior IT leadership roles, with responsibility for supervising subordinate technical staff.
• Extensive experience in information security management, security compliance or risk management.
• Extensive experience with Microsoft products.
• Extensive experience with intrusion detection and intrusion prevention systems.

Additional ConsiderationsPreferred Qualifications

• Professional certification(s) in IT Security (CISSP)
• Significant knowledge equivalent to ISACA COBIT certification