Information Security Office Position at the Rochester Institute of Technology

[Ben Woelk <fbwis () RIT EDU>]

The Rochester Institute of Technology is seeking applicants for Information Security Officer.

Here's the job description:

The Information Security Officer manages the university's information security program by developing and championing 
policy controls to avoid and/or mitigate risk to RIT's information assets in support of the mission of RIT. 
Responsibilities include development of security policies and standards, delivery of security awareness training, and 
incident response.

Given the focus in these areas, it is anticipated that the Information Security Officer will collaborate with 
operational staff across the university to identify the optimal strategy and tactics to maximize opportunities and 
avoid hazards in operating RIT's information assets.

The Information Security Officer will be responsible for the direction and supervision of the information security 
office staff.

Security Policies and Standards
*Understand how information security laws (including HIPAA, FERPA, Graham-Leach-Bliley, FISMA, identity and privacy 
laws) and accepted industry practice should be applied in higher education.
*Perform security assessments of the University's information assets and identify and prioritize security risks to the 
University's information assets.
*Develop a university-wide information security strategy to address those risks.
*Work with key stakeholders on the development, implementation and maintenance of information security policies and 
standards.
*Develop, administer, and coordinate programs to ensure compliance with information security policies and standards.
*Oversee the dissemination of policies and standards to the University community and adjust standards as necessary to 
ensure they are having the intended effects.
*Provides reports to senior executives regarding risk, the information security strategy and the effectiveness of the 
university's information security efforts.

Security Awareness
* Oversee a university-wide information security training and awareness program for employees, students, and other 
authorized users.
* Oversee the clear and concise communication of the following:  latest security and privacy legislation, threats and 
vulnerabilities, the information security strategy, recommended countermeasures, policies and procedures, alerts and 
advisories.

Incident Response
* Oversees incident response including the investigation and forensics of security breaches.
* Oversee an information security incident handling process, forensics investigation process and forensics lab.

Develop Information Security Budget request and capital project requests.  Manage approved budget.

More details are available in the position listing at 
https://sjobs.brassring.com/tgwebhost/jobdetails.aspx?jobId=1160620&PartnerId=25483&SiteId=5289

Apply at http://careers.rit.edu/staff, Position # 2220BR

Ben Woelk '07 CISSP
ISO Program Manager
Information Security Office
Rochester Institute of Technology
ROS 10-A204
151 Lomb Memorial Drive
Rochester, New York 14623
585.475.4122
585.475.7920 fax
ben.woelk () rit edu<mailto:ben.woelk () rit edu>
http://www.rit.edu/security/

Become a fan of RIT Information Security at 
http://rit.facebook.com/RITInfosec<http://rit.facebook.com/profile.php?id=6017464645>

Follow us on Twitter: http://twitter.com/RIT_InfoSec

CONFIDENTIALITY NOTE:  The information transmitted, including attachments, is intended only for the person(s) or entity 
to which it is addressed and may contain confidential and/or privileged material.  Any review, retransmission, 
dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other 
than the intended recipient is prohibited.  If you received this in error, please contact the sender and destroy any 
copies of this information.