Information Security Officer - Loyola University Chicago

[Jim Sibenaller <Jsibena () LUC EDU>]

All,
 
Loyola University Chicago has an immediate opening for an Information
Security Officer due to the departure of the current incumbent to
another University.
 
Applicants with qualified skills and interest should utilize the
following link to apply. 
www.careers.luc.edu/applicants/Central?quickFind=52305 
 
==========================================================================


Job Title:       Information Security Officer
Reports To:    Director Enterprise Architecture & PMO
Department:  Information Technology Services
Division:         Enterprise Architecture & PMO
Campus:         Lake Shore, Chicago IL
 
Summary:
The Information Technology Services division at Loyola University
Chicago seeks an Information Security Officer to own and manage the
information security program at Loyola.
 
This position works closely with clients to fully understand their
requirements and define expectations. 
Essential Duties and Responsibilities include the following. Other
duties may be assigned.


 
1.      Develop and implement plans to ensure institutional compliance
with applicable laws, regulations and requirements, such as: FERPA
(Family Educational Rights and Privacy Act), GLBA (Graham-Leach-Bliley
Act), HIPAA (Health Insurance Portability and Accountability Act),
PCI-DSS (Payment Card Industry Data Security Standard), DMCA (Digital
Millennium Copyright Act), and the Illinois Personal Information
Protection Act.
2.      Develop and promulgate institutional and divisional Information
Security policies, procedures, standards and guidelines based on
knowledge of best practices and compliance requirements, as well as
institutional business objectives.
3.      Coordinate response to any information security incidents.
4.      Maintain and remain current regarding information security
threats and vulnerabilities, as well as the best practices and
technologies used to mitigate them.
5.      Establish relevant security metrics.
6.      Facilitate the process for working with end users and various
resources to ensure security expectations and controls can be met. Must
be able to influence and persuade individuals and/or groups to identify
common ground solutions. 
7.      Identifies, assesses and works with the appropriate teams to
mitigate known information security risks. 
8.      Create, manage and keep “ever-green” the information security
program.
9.      Regularly communicate in writing and in-person to end users and
resource contributors about the state of information security, security
expectations and on-going information risk status. 
10.  Demonstrate a commitment to Loyola’s mission and strategy by
supporting the ITS core values of service excellence for university
strategic initiatives and continuous development/improvement.
11.  Proactively manages change through existing change management
processes.
12.  Leads University-wide information security committee.
13.  Other duties, responsibilities, and qualifications may be required
and/or assigned as necessary.   
 
Qualifications: 
To perform this job successfully, an individual must be able to perform
each essential duty satisfactorily. The requirements listed below are
representative of the knowledge, skill, and/or ability required.
Reasonable accommodations may be made to enable individuals with
disabilities to perform the essential functions.
 
Education/Experience: 

·         Bachelor’s degree in Management Information Systems, Computer
Science or Engineering or equivalent experience.  Relevant industry
experience, aptitude, and the ability to learn while applying knowledge
and skill-sets is important.
·         At least 5 years of experience in information security and/or
network/security management.
·         Proven experience in managing information security
personnel.
·         Familiarity with regulatory compliance, such as FERPA, GLBA,
HIPAA, PCI DSS, DMCA, Illinois Personal Information Protection Act, and
similar regulation
s.
·         Familiarity with security concepts such as defense-in-depth,
the principle of least privilege, access controls, risk management, and
mitigating controls required.
·         Experience in Higher Education is a plus, but not required.
·         Experience with IT frameworks such as the ISO 27000 series a
plus, but not required
Language Ability: 
·         Excellent communication (oral, written, presentation),
interpersonal and consultative skills to work effectively with vendors,
clients, peers, and ITS management and staff.
·         Core consulting skills such as business writing, presenting,
and analytic comparisons.
·         Ability to communicate technical concepts and solutions to
both technical and non-technical audiences.
Computation Ability: 
·         Strong analytical and problem solving skills. 
Reasoning Ability: 
·         Must be detail oriented, results focused, and be able to
support change management initiatives. 
·         Synthesizes complex or diverse information; Generates
creative solutions; Identifies and resolves problems in a timely manner;
Gathers and analyzes information skillfully; Develops alternative
solutions; Works well in both group and individual problem solving
situations. Looks for ways to improve and promote quality; Responds
promptly to customer needs; Solicits customer feedback to improve
service; Responds to requests for service and assistance.
Computer Skills: 
·         Proficient in Microsoft Applications (Excel, Word,
PowerPoint, Visio and Project). 
Certificates and Licenses: 
·         CISSP certification required
·         GIAC certification a plus, but not required
Interpersonal: 
·         Great attitude and strong work ethic; Ability to work
independently and in team settings; Focuses on solving conflict, not
blaming; Maintains confidentiality and follows ITS and other university
policies regarding data security and protection; Balances team and
individual responsibilities; Contributes to building a positive team
spirit; Effectively influences actions and opinions of others; Strives
to continuously build knowledge and skills; Shares expertise with
others.
·         Collaborates information security concepts with both
technical and non-technical individuals; Possesses the ability to
explain and gain concurrence on information security concepts.
·         Diversity- Shows respect and sensitivity for cultural
differences; educates others on the value of diversity. 
·         Ethics- Treats people with respect; Works with integrity and
ethically; handles sensitive and confidential issues and materials
appropriately.
Organizational Skills: 
·         Supports organization's goals and values; Develops strategies
to achieve organizational goals; Adapts strategy to changing conditions;
Includes appropriate people in decision-making process; Strong
administrative and organizational skills.
Supervisory Responsibilities: 
·         Direct report ownership of 2 staff members within the
security area, additional consultants and student workers as required by
project/work load.
·         Requires the matrix management responsibility of project
teams.  
 

Jim Sibenaller
Director, Enterprise Architecture & PMO
Information Technology Services
LoyolaUniversity Chicago
W: 773-508-7665
M: 847-828-5222