Colgate University Chief Information Security Officer / Director of Information Security in Hamilton, New York
Job Category Professional/Administrative Position Title Chief Information Security Officer / Director of Information Security Full Time/Part Time Full Time Division Dean of the Faculty Department Information Technology Services Department Statement
Colgate University's Information Technology Services (ITS) is a dynamic organization that serves the diverse technology needs of the university community. Comprised of several functional areas - Classrooms, Digital Media & Events; Data Analytics & Decision Support; Engagement & Support; Information Security; Learning & Applied Innovation; Services & Shared Infrastructure - ITS prides itself on exceptional customer service and building collaborative relationships to meet the unique needs of our liberal arts campus.
ITS endeavors to foster an inclusive environment that values diversity, professional development, creativity, and innovation to support the growth of individuals and the organization. Under the leadership of the CIO, ITS is embarking on a strategic planning process to align services and resources with several exciting new initiatives identified in Colgate's .
Colgate University's Chief Information Security Officer/Director of Information Security is responsible for thought leadership, policy and practice development, and operational leadership around issues of data privacy and information security such as data compliance, business continuity, user awareness, incident response, operational security, etc. This position will reside in the office of the CIO and will report to the Chief Information Officer. Job title commensurate with experience. Accountabilities
The Chief Information Security Officer / Director of Information Security participates in ITS strategic planning efforts to align with Colgate University's mission, Third Century Plan, and the DEI commitment to grow and strengthen the Information Security at Colgate University.
Specific Accountabilities include but are not limited to:
Maintaining an expert level of understanding of higher ed trends and the work of faculty, students, and staff that ensures a secure technology environment that enables creativity and success.;
Maintaining a comprehensive working knowledge of federal, state, local laws and regulations, and industry standards (together in this document referred to as Laws and Regulations), where compliance requires specific data or information security policies, practices, reporting, or audits. These Laws and Regulations include, but are not limited to, HIPAA, FERPA, Higher Education Opportunity Act (HEOA), CCPA, GDPR, PCI DSS.
Maintaining and continuing growth of the University's identity and access management initiatives.
Developing detailed procedures for system access and permissions to support auditing and detection of compliance issues;
Developing effective procedures for regular system and server patches and vulnerability management, based on university best practices.
Advising on the effective use of network security equipment, including firewalls and intrusion protection systems.
Maintaining expert-level knowledge of Cloud infrastructures, including IAAS, PAAS, and SAAS, and help the University maintain a secure cloud presence.
Developing and delivering user-friendly training for end-users, data stewards, system administrators, and others as required in support of the above.
Establishing benchmarks and tracking metrics that reflect the effectiveness of University data and information security policy and practice and provide feedback for future development opportunities.
Conducting periodic security audits of the IT environment, develop reports, document results, recommend changes, supervision of implementation plans.
Lead the development, maintenance, and annual evaluation of incident response, including forensics and investigations in the event of a data breach or incident, as well as business continuity and disaster recovery plans.
Participate in University-wide working groups and committees representing and advocating for the interests of a secure and private data environment.
Represent the University as a participant of institutional security collaborations (REN-ISAC, Higher Education Information Security Council, NY 6, etc.).
Maintaining a working knowledge and technical understanding of the interrelationships and interdependencies between and among the systems, services, and products provided and supported by ITS.
Name Information Security Principles Description
Demonstrated ability to determine how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. Campus-wide expert on information security. Demonstrated ability to adapt to changing environment, evaluate risk and develop priorities. Name Platform Expertise Description
Demonstrated deep knowledge of information security combined with broad understanding of network and system administration, desktop, mobile and and enterprise environments Name Project Management Description
Demonstrated ability to provide deep functional and technical expertise within a project environment. Contributes to multiple projects simultaneously. Name Customer Service Description
Displays empathy and patience with users of all levels of sophistication. Can successfully support highest profile users on campus. Demonstrated ability to consistently follow through with solutions and information for all types of users. Demonstrated ability to diffuse the most challenging situations and remain calm and focused. Demonstrated ability to assess user sophistication and communicate (oral and written) with customers in an appropriate level of detail. Always conveys confidence to the user in ITS ability to solve issues. Name Incident Response Description
Demonstrated ability to correlate events, recognize and categorize different types of vulnerabilities and associated attacks, and perform incident handling steps. Name Security Assessment Description
Demonstrated ability to evaluate the adequacy of security designs and efficacy of security controls based on cybersecurity principles and tenets.
Name Personal Accountability for Results Description
Takes responsibility for decisions, performance, and outcomes; behaves in a responsible manner with a positive attitude; shows self-awareness and openness to feedback. Name Effective Communication Description
Demonstrates effective written and oral communication skills; shares information and seeks input from others; adapts communication to diverse audiences; protects private and confidential information. Name Problem Solving and Decision Making Description
Analyzes and prioritizes situations to identify and solve problems; generates solutions to improve efficiency and quality; involves others in solving problems and making decisions; factors organizational goals into decisions; makes clear, transparent, and timely decisions. Name Change Management Description
Responds positively to changing university initiatives and readily adapts behavior to maintain effective performance; understands the long-term direction of the university and can relate this to the departmental area; adapts to new methodologies; identifies and acts on areas where change is appropriate. Name Leadership and Teamwork Description
Applies skills and knowledge to provide a climate to achieve departmental and organizational success; balances individual and department goals; helps others perform at their best; builds productive relationships to enhance individual and organizational effectiveness; treats others with respect; resolves conflicts among team members. Name Creativity and Innovation Description
Generates, explores, encourages, and implements innovative ways of creating strategic value for the university, division, department, and individual level; critically assesses the effectiveness of new initiatives. Name Diversity and Inclusion Description
Demonstrates respect for people and their differences; understands the benefits of a diverse workforce; earns the trust and respect of others; includes and welcomes others; works to understand the perspective of others; promotes opportunities to experience diversity within our community.
Professional Experience/ Qualifications
Professional experience and a record of success in the accountabilities of the position.
Technical proficiency in enterprise systems and infrastructure sufficient to credibly work with technical staff to implement security policies and practices.
Excellent communication skills.
Ability to work both independently and within a team. Willing to collaborate, share ideas openly, and learn.
Must be capable of working tactfully and collegially with a diverse group of faculty, staff, and students on a regular basis. Preferred Qualifications
Experience in a higher education setting.
One or more applicable Information Security certifications such as Certified Information Systems Security Professional (CISSP). Education
A minimum of a Bachelor's Degree in Information Technology, or a related degree preferred, or a combination of education and experience from which comparable skills are attained. Certifications Physical Requirements
Ability to be on-call nights and weekends. Other Information
Colgate is committed to attracting and retaining a diverse faculty, staff, and student population.
We strive to be an inclusive community - one that embraces and values diversity (in the broadest sense possible) in an environment of mutual respect, communication, and engagement. A variety of cultures and perspectives enriches the quality of campus life, and the opportunity to share different views and experiences is at the core of Colgate's educational enterprise.
These differences can include but are not limited to: race; ethnicity; gender and gender expression; sexual orientation; socioeconomic status; geographic background; national origin; culture; age; mental, cognitive, and physical abilities; religious beliefs; and political beliefs.
As a result, we ask all candidates seeking consideration for the Chief Information Security Officer / Director of Information Security position to submit a diversity statement with their application materials.
To learn more about Colgate's DEI plan visit
Requisition Number 2020S049Posting Temporary No Work Schedule Job Open Date 10/13/2020 Job Close Date Open Until Filled Yes Special Instructions Summary EEO Statement
It is the policy of Colgate University not to discriminate against any employee or applicant for employment on the basis of their race, color, creed, religion, age, sex, pregnancy, national origin, marital status, disability, protected Veterans status, sexual orientation, gender identity or expression, genetic information, being or having been victims of domestic violence or stalking, familial status, or any other categories covered by law. Colgate is an Equal Opportunity/Affirmative Action employer. Candidates from historically underrepresented groups, women, persons with disabilities, and protected veterans are encouraged to apply. Clery Act
CAMPUS CRIME REPORTING AND STATISTICS
The Campus Safety Department will provide upon request a copy of Colgate's Annual Security and Fire Safety Report. This report includes statistics as reported to the United States Department of Education for the previous three years concerning reported: 1. crimes that occurred on-campus; in certain off-campus buildings or property owned or controlled by Colgate University; and on public property within, or immediately adjacent to and accessible from, the campus and 2. fires that occurred in student housing facilities. The report also includes institutional policies concerning campus security and fire safety, such as policies concerning sexual assault, life safety systems, and other related matters. To obtain a copy, contact the Campus Safety Compliance Manager via e-mail at . You may also access the report from the Campus Safety web page at: .
It is the policy of Colgate University not to discriminate against any employee or applicant for employment on the basis of their race, color, creed, religion, age, sex, pregnancy, national origin, marital status, disability, protected Veterans status, sexual orientation and gender identity and expression, genetic information, victims of domestic violence and stalking, familial status, and all other categories covered by recruitment, hiring, upgrading, promotion, transfer, demotion, layoff, recall, termination, rates of pay or other forms of compensation and selection for training at all levels of the employment. Colgate University is an Equal Opportunity Employer, Minorities/Females/Persons with Disabilities/Protected Veterans.