Info Security Compliance Lead

Updated: 2 days ago
Location: Columbus, OHIO
Job Type: FullTime
Deadline: 25 Oct 2020

Position Information

For security purposes, this system automatically logs you off when it senses no activity for 60 minutes. Please click either the Next button or you can go to different pages of the application by selecting the page from the dropdown menu and clicking GO button every 60 minutes in order to avoid losing your data.

Top Message Both current Ohio State employees and the general public may apply for this unclassified professional position.
Message to Applicants
Number of Positions Available 1
University Title Info Security Compliance Lead
Working Title Info Security Compliance Lead
Department Ohio Technology Consortia Srvs
Department Location Columbus
Requisition Number 461447
Summary of Duties

Supports Security Operations for the Ohio Technology Consortium (OH-TECH), in collaboration with the Chancellor of the Ohio Department of Higher Education (ODHE), in accordance with university policies, goals, and objectives; reporting to the Chief Information Security Officer. OH-TECH is looking for an Information Security Compliance Lead to coordinate policy and governance activities, primarily through assessing the effectiveness of internal controls, risk management and governance for information systems in accordance with organizational objectives and regulatory requirements.

The Information Security Compliance Lead will: Review processes that support the information systems control framework; work with the OH-TECH Security Team to develop best practices for the use of vulnerability management systems, automated security scanning tools, data loss prevention and risk assessment methodologies; perform independent audits and multi-disciplinary review of complex and sensitive issues related to information systems across the organization; develop, document, and implement organizational policies related to Security and Information Technology; perform information system audits, data classification, special investigations and consultations to management; and report findings and recommendations to leadership.

The Compliance Lead will provide consulting and expert guidance in organization wide efforts regarding security engineering, risk management, design, access and identity control, operational support and consultation; security operational services; set-up, verification, and audit of user access and authorizations; risk analysis and response; and input into the development of business continuity and disaster recovery procedures. The Compliance Lead partners with stakeholders at the university or unit level to ensure systems and data are secured against a range of physical, electronic, cyber, and other threats. The Compliance Lead will work with appropriate leaders, business partners and staff to plan and develop risk management solutions that satisfy the organization’s strategic and business needs.

The Compliance Lead has an understanding of the DevOps lifecycle, modern operating systems, as well as general networking knowledge. Works with the Security Team to develop best practices for the use of vulnerability management systems, automated security scanning tools, and risk assessment methodologies to identify the threats to the organization and mitigate them.

The Compliance Lead provides security planning, assessment, risk analysis, and risk management support. Will also recommend solutions to develop security requirements, assess security gaps, and guide the organization in meeting the security posture requirements. Must apply existing knowledge of Information Assurance policy, procedures, and workforce structure to provide expert guidance to engineering in the design, development, and implementation of secure networking, computing, and data center environments.

Ideally, the Compliance Lead has experience leading and mentoring junior analysts and consultants. Candidate should have an analytical mindset, inquisitive nature, responsiveness, and excellent assessment skills. Must also possess strong troubleshooting skills and the ability to work under pressure with multiple deadlines. Patience in working with non-technical end users is essential. Will work in a fast paced, small business environment with our talented team.

The Compliance Lead is able to grasp new concepts, facilitate information exchanges for data gathering, and collaborate with diverse audiences. Must follow established processes where applicable and establish and execute defensible processes where none are prescribed.

Additional Information for Applicants:
Pre Employment Screening Requires the successful completion of a background check.
Required Qualifications

Bachelor’s degree or an equivalent combination of education and experience. Experience in implementing system accreditation processes and Risk Management Frameworks (e.g. NIST-800 series, RMF, CSF, CIS-RAM, COBIT); Experience with DISA STIGs and SRGs, MITRE ATT&CK, vulnerability management systems, mitigation and compliance processes, and reviewing results from automated security scanning tools. One or more of the following certifications: CISSP, CISM, CISA, CRM, CRMP, PRM, FRM, CERA, CEH, GSEC.

Desired Qualifications

Have a solid understanding of windows, Mac, and/or Linux operating systems; hosts, networks, security, secure application development concepts. Hands-on experience with Vulnerability Scanning Tools (e.g. Rapid7, Qualys, Nessus). Experience with Code Scanning Tools: DAST and/or SAST. Experience with firewalls, NAT, HTTP, DNS, IP and OSI Networks. Experience with core LAN/WAN network technologies. Experience leading and mentoring junior analysts and consultants.

Target Salary $73,100.00 - $85,000.00 Annually
Job Category Information Technology (IT)
Job Appointment (FTE%)


Full/Part Time Full-time
Temporary or Regular Regular
Posting Start Date 09/26/2020
Posting End Date 10/25/2020
Dept Contact Name Gall,Kristin L
Dept Contact Phone 614/247-8036
Quick Link

View or Apply

Similar Positions