Information Security Manager - Privacy and Risk - (2400009V)

Details

Posted: 29-Apr-24

Location: Towson, Maryland

Type: Full-time

Categories:

Information Technology
Staff/Administrative

Employment Type:

Full-time

Organization Type:

Higher Education Institution

Towson University (TU) is one of the nation’s top 100 public universities. Located north of Baltimore, TU currently enrolls over 19,000 students and is the second-largest university in the prestigious University System of Maryland.  Towson University values diversity and fosters a climate that is grounded in respect and inclusion to cultivate the intellectual and personal growth of the entire university community.

The Information Security Manager – Privacy and Risk reports directly to the CISO and is responsible for managing cybersecurity risk management and privacy staff and the associated processes and services. 

This position has a strong focus on privacy operations, information/data governance processes, and cyber-risk management to maintain the confidentiality, integrity, and availability of TU’s information assets.  The position will include a high degree of judgement in consideration of acceptable risk, residual risk, and identification of sufficient compensating controls. 

The position performs all supervisory activities associated with a management level position such as recruitment, staff development, department goals, scheduling and coverage, performance appraisals, and disciplinary actions.  Additionally, the position contributes to the architectural and strategic planning to continuously improve TU’s overall Information Security and Privacy program by addressing risk register items to reduce overall cyber-risks.  Finally, the Information Security Manager – Privacy and Risk helps to provide leadership and guidance on the topic of Information Security and Privacy, including best practices, when working with others in OTS and at the university.

Telework may be available for this position up to two days per week following the completion of 90 days of service in good standing.

 

Responsibilities and Duties

 

• Manage the planning, delivery, and support of all privacy, governance, risk, compliance processes, procedures, and technologies such as data usage requests, MPIA requests, privacy data subject access requests, and the GRC application.  
• Develop and maintain strategies for continuous improvement of privacy operations, risk management, and compliance. 
• Manage and lead a complex multidisciplinary information security and privacy group consisting of compliance, data privacy, information governance, and risk management.   
• Provide consulting and guidance for use cases related to AI technologies to ensure data protection and appropriate use. 
• Perform information security risk and privacy analysis for new products and services specifically related to business initiatives to ensure compliance and audit readiness.  Triage new product requets to determine levels of risk assessments and PIAs.   
• Provide expertise to IT and members of the University community on data privacy and information security related installations to assure compliance with standards and appropriate use policies.
• Monitor the data privacy landscape and adjust TU’s program to meet those needs.  Stay current on threats and regulations that may impact higher education by participating in information sharing communities and share insights with the information security and privacy team.
• Coordinate internal and external audits across IT, test controls, and facilitate solutions to audit findings.
• Ensure the information security privacy program is aligned with established university-wide privacy practices such as FERPA compliance. 
• Create and ensure execution of data privacy and risk management related internal controls activities designated by compliance and audit (e.g., third party risk management, sensitive data scans, reporting, sample audit tests, etc.).
• Work with the Office of General Counsel to determine incident impact related to privacy and data breach laws.
• Determines security and privacy requirements by evaluating business strategies and requirements; Research information security standards; Studies architecture/platforms; Identifies integration issues; Prepares cost estimates.
• Manage and oversee project activities including scoping, forecasting, resourcing, delivery, tracking, and review of project budgets. 
• Provide leadership support of the development and delivery of information security and privacy education and ongoing awareness initiatives.

 

Qualifications and Skills

 

• Bachelor’s degree and four or more years of related experience.
• Experience working with current data privacy laws (e.g., FERPA, GDPR, CCPA).
• Experience working with and administering governance, risk, and compliance (GRC) applications.
• Proven working experience supporting and maintaining a privacy, governance, risk, and compliance program.
• Experience managing and leading teams.
• Demonstrated ability to successfully interact with multiple stakeholders with divergent interests to obtain a set of common goals and objectives.
• Ability to influence other teams and key stakeholders.
• Ability to communicate privacy and cyber-risk in business terms.
• Strong executive report writing skills and excellent documentation and communication skills.
• Strong project management and organizational skills.    

Preferred Qualifications:

• Experience performing information security risk assessments, privacy impact assessments, and implementing effective countermeasures.
• Experience working with cybersecurity and privacy NIST frameworks.
• Experience with HIPAA and PCI-DSS.
• Industry certifications related to privacy and cybersecurity (e.g., CIPM, CDPSE, CISSP, etc.).
• Master’s degree in information security or related discipline.

 

Salary and Benefits 

Salary starting at $120K, salary commensurate on experience, and full University benefits that include 22 days of annual leave, up to 15 holidays, personal and sick days; excellent health, life, and retirement plans; and tuition remission. To learn more about our benefits, click here . TU also offers a variety of great perks and discounts, which can be found here .

This position will be open for a minimum of 14 days. For consideration, please submit a cover letter and resume with your online application. 

The safety of our students, faculty, staff, and neighbors has been our top priority and the focus of every one of our decisions since the earliest days of the COVID-19 pandemic. Therefore, the University System of Maryland (USM) has strongly encouraged full COVID vaccination and up-to-date booster shots (when eligible) for all faculty, staff, and students at all schools in the USM as both a reasonable and necessary means of protecting our health and safety.

Create a Job Alert for Similar Jobs
About Towson University
The largest comprehensive university in the Baltimore area, Towson University is nationally recognized for its excellent programs in the arts and sciences, communications, business, health professions, education, fine arts and computer information systems. Located in suburban Towson, eight miles north of Baltimore, our beautifully landscaped, 328-acre setting offers a pleasant environment for study and a diverse campus life, as well as easy access to a wealth of university and community resources. Towson University's educational experience branches out to off-campus locations throughout Maryland, including a number of online options. Our many interdisciplinary partnerships with public and private organizations throughout Maryland provide opportunities for research, internships and jobs. Towson University is a founding member of the Coalition of Urban and Metropolitan Universities (CUMU).
Connections working at Towson University
More Jobs from This Employer
https://main.hercjobs.org/jobs/20045595/information-security-manager-privacy-and-risk-2400009v
Return to Search Results