IT Security Position

• Life Insurance: The coverage amount is based on two and one-half times appointment salary rounded up to the next whole thousand with a maximum coverage of $100,000 and includes the same amount of Accidental Death and Dismemberment benefits. The University currently pays the entire cost of coverage.
• Medical, Dental and Prescription Drug Coverage: The cost of coverage is shared between employees and the University. Rates are determined by participation in Wellness Program and use of tobacco products. Coverage is available on the first of the month following appointment date.
• TIAA Retirement Contributions: Contributions begin based upon the first day of employment at a contribution rate of ten (10) percent of base appointment salary paid in full by ISU. The contributions are vested immediately. There are 40 investment options from which to choose.
• TIAA Auto Enroll: New employees are automatically enrolled in a tax deferred retirement program at hire: three (3) percent is deducted before taxes for the program to facilitate retirement planning. Employees may opt out of the program within 90 days.
• Long Term Disability Coverage: Employees are eligible after three (3) years of continuous, regular employment with the University. This policy guarantees approved disabled employees a 66 2/3 percent income protection (from all sources) after 180 days of continuous total disability. Immediate participation is available for current members of a comparable group disability insurance program within 90 days prior to ISU employment and that would have provided income protection upon disability for at least five years.
• Fee Waiver Program: For the employee, spouse and dependent children: Staff may enroll in up to 18 hours of course work each academic year at a reduced rate. Spouses may enroll in 15 semester hours each academic year with 80% of qualified tuition waived. Dependent children of regular full-time staff who are full-time degree seeking undergraduate students at ISU may receive a fee waiver of 80% of qualified tuition for up to a total of ten (10) semesters.
• Sick Leave: Accrued at a rate of 12 days per fiscal year with unlimited accumulation.
• Vacation: Pay level 11 and below accrues up to 15 vacation days earned per year 1 through 4; 20 vacation days per year thereafter. Pay level 12 and above accrues 20 vacation days per year

• Voluntary Life Insurance: Additional amounts of life insurance may be purchased on employee, spouse and dependent children.
• Voluntary Vision Plan: May enroll within the first 31 days of employment date.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
The information on this description is designed to indicate the general nature and level of work performed by employees within the classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.

All employees and staff of ISU are bound by all NCAA, Missouri Valley Conference and institutional rules and regulations pertaining to intercollegiate athletics and must conduct themselves in accordance therewith. For more complete information on the duties and obligations of ISU employees and staff in this regard, employees and staff should contact the Compliance Office in the ISU Athletic Department.
No ISU employee (whether paid or a volunteer) shall knowingly influence others to furnish the NCAA or an ISU investigator/compliance officer false or misleading information concerning an individual’s involvement in or knowledge of matters relevant to a possible violation of an NCAA regulation. Failure to abide by this term of employment shall constitute unethical conduct as defined by the NCAA and may result in immediate suspension and/or termination of the employment relationship with ISU.

• Responsible for the strategic leadership of the University’s information security program.
• Provide guidance and counsel to the CIO and key members of the university leadership team, working closely with university administration, academic leaders, and the campus community in defining objectives for information security, while building relationships and goodwill.
• Work with campus leadership to oversee the formation and operations of university-wide information security resources organized toward a common cause in information security.
• Promote collaborative, empowered working environments across campus, removing barriers and realizing possibilities.
• Manage institution-wide information security governance processes, including formation of a University-Wide Information Security Advisory Committee and development of a department liaison program, to support campus-wide information security program and project priorities.
• Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire institution in support of academic, research, and administrative information systems and technology. Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
• Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level, participate in national policy and practice discussions, and communicate to campus on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
• Provide leadership philosophy for the Information Security Team as well as within the Office of Information Technology to create a strong bridge between organizations, build respect for the contributions of all and bring groups together to share information and resources and create better decisions, policies and practices for the job.
• Mentor the Information Security Team members and implement professional development plans for all members of the team.
• Represent the university on committees and boards associated with Indiana State University and in national and regional consortiums and collaborations.
• Maintain technical competencies in a rapidly changing environment in order to ensure systems are configured correctly – within industry standards for information technology security.
• Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Lead efforts to internally assess, evaluate and make recommendations to administration regarding the adequacy of the security controls for the University’s information and technology systems.
• Responsible for coordinating and tracking all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships.
• Work with university leadership, General Counsel and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements. Develop a strategy for cohesively dealing with audits, compliance checks and external assessment processes for internal / external auditors, PCI, HIPAA, FERPA and other applicable standards.
• Work closely with IT leaders, technical experts and college and other administrative leaders across campus on a wide variety of security issues that require an in-depth understanding of the IT environment in their units, as well as the research landscape and federal regulations that pertain to their unit’s research areas.
• Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
• Work with campus groups such as Academic Technology Advisory Committee, Administrative Computing Committee, department liaisons and technical organizations in Business Affairs, Academic Affairs, University Advancement and Student Affairs t to build awareness and a sense of common purpose around security.
• Pursue student security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program.
• Serve as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidents.
• Convene Security Committee consisting of General Counsel, University Communications, CIO, Vice Presidents and relevant department administrators as appropriate and provide leadership for breach response and notification actions for the University.
• Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
• Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
• Examine impacts of new technologies on Indiana State University’s overall information security.
• Perform other duties as assigned.

• Maintain technical competencies in a rapidly changing environment in order to ensure systems are configured correctly – within industry standards for information technology security.
• Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Lead efforts to internally assess, evaluate and make recommendations to administration regarding the adequacy of the security controls for the University’s information and technology systems.
• Responsible for coordinating and tracking all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope and maintain excellent relationships.
• Work with university leadership, General Counsel and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements. Develop a strategy for cohesively dealing with audits, compliance checks and external assessment processes for internal / external auditors, PCI, HIPAA, FERPA and other applicable standards.
• Work closely with IT leaders, technical experts and college and other administrative leaders across campus on a wide variety of security issues that require an in-depth understanding of the IT environment in their units, as well as the research landscape and federal regulations that pertain to their unit’s research areas.
• Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
• Work with campus groups such as Academic Technology Advisory Committee, Administrative Computing Committee, department liaisons and technical organizations in Business Affairs, Academic Affairs, University Advancement and Student Affairs t to build awareness and a sense of common purpose around security.
• Pursue student security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program.
• Serve as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidents.
• Convene Security Committee consisting of General Counsel, University Communications, CIO, Vice Presidents and relevant department administrators as appropriate and provide leadership for breach response and notification actions for the University.
• Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
• Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
• Examine impacts of new technologies on Indiana State University’s overall information security.
• Perform other duties as assigned.

• Provides security analysis and design oversight and assistance within the Office of Information Technology and the university.
• Install, configure, manage, and monitor intrusion detection/prevention systems and hardware/software firewalls.
• Conducts both proactive and reactive vulnerability and risk analyses of existing systems and implements standards and procedures to mitigate risk. Implements action plan(s) to remove vulnerabilities.
• Assists immediate supervisor in the development and maintenance of a campus wide information technology awareness and training plan.
• Drafts standards, procedural and policy documentation and provides insight into topics for campus wide security and awareness campaigns and makes recommendations for inclusion into the IT/Campus environment to senior leadership related to each of these items.
• Conduct proactive assessments on all University ERP systems including both Microsoft and Oracle database management systems.
• Installs, updates and monitors enterprise end point protection systems – end-point protection, data loss protection system such as McAfee and Splunk, and data center protection systems.
• Initiates ideas for new directions and demonstrates realistic designs for development and implementation and performs other duties as assigned.
• Performs other duties as assigned.