University of Colorado Director of IT Security & Compliance in Denver, Colorado
University of Colorado Denver l Anschutz Medical Campus
Office of Information Technology
Director of IT Security & Compliance
Position #002307 – Requisition #18991
* Applications are accepted electronically ONLY at www.cu.edu/cu-careers
- The University of Colorado Anschutz Medical Campus seeks individuals with demonstrated commitment to creating an inclusive learning and working environment. We value the ability to engage effectively with students, faculty and staff of diverse backgrounds.
The Office of Information Technology has an opening for a full-time University Staff (unclassified) Director of IT Security & Compliance position.
The University of Colorado Anschutz Medical Campus is a public education, clinical and research facility serving 4,500 students, and a world-class medical destination at the forefront of life-changing science, medicine, and healthcare. CU Anschutz offers more than 42 highly rated degree programs through 6 schools and colleges, and receives over $500 million in research awards each year. We are the single largest health professions education provider in Colorado, awarding nearly 1,450 degrees annually. Powered by our award-winning faculty, renowned researchers and a reputation for academic excellence, the CU Anschutz Medical Campus drives innovation from the classroom to the laboratory to the delivery of unparalleled patient care. Read CU Anschutz Quick Facts here at http://www.ucdenver.edu/about/WhoWeAre/Documents/CUAnschutz_facts.pdf .
The Office of Information Technology works to advance the University mission by providing innovative technology solutions and services to the CU Denver | Anschutz Medical Campuses, their constituents and partners. Click here to find out more about the Office of Information Technology. at https://youtu.be/K0_WJy6RdFU
Through our six core values, Service, Professionalism, Leadership, Innovation, Community, and Excellence (SPLICE), we make a difference. Click here to find out more about OIT’s Culture at https://www1.ucdenver.edu/offices/office-of-information-technology/our-culture
Nature of Work
The Director of IT Security and Compliance and Information Security Officer (ISO) position requires a strong, knowledgeable leader to provide vision, strategy, and broad-based planning for IT security, compliance and operations. The ISO reports to the CIO, is a member of the CIO leadership team and serves a key role in IT security and compliance leadership, working closely with senior administration, academic leaders, and the campus community. The ISO is an advocate for the university’s total information security and compliance needs and is responsible for the development and delivery of a comprehensive information security and compliance strategy to optimize the security and IT compliance posture of the university. The ISO leads the development and implementation of a security program that leverages collaborations and campus-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risk. This position is also responsible for driving the regulatory compliance activities as they relate to Information Security. Compliance is a key priority of OIT and the Director of IT Security and Compliance is the primary individual for ensuring compliance with applicable federal, state, and local compliance rules and regulations. Further, this position leads the security operations team in ensuring that IT Security infrastructure and devices are designed and chosen to maximize the security posture of the University while ensuring ongoing business operations. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders across the University and CU System to set the best balance between security and compliance strategies and other priorities at the campus and system level.
Jobs in this career family develop, maintain, and support computer systems, software and networks. Functions include enterprise operations, distributed computing, academic computing, research computing, computer hardware and software management, computer networking, telecommunications, systems development, database administration, server administration, website management, programming, desktop support, and help desk operations.
Directors are responsible for the ongoing leadership and oversight of a department, including the development of strategies and processes which contribute to the University and/or campus mission and accountability for services provided. Directors are responsible and accountable for the analysis of fiscal and human resources required to achieve department objectives including hiring, compensation, termination, and performance management of subordinate employees.
Examples of Work Performed
University and Program Leadership
Responsible for the strategic leadership of the University’s IT Security and Compliance program.
Responsible for the strategic leadership of the University’s security operations team.
Responsible for the strategic leadership of the University’s risk and compliance team
Lead information security planning processes to establish an inclusive and comprehensive information security and compliance program for the entire institution in support of academic, research, and administrative information technology.
Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Provide a strong leadership philosophy for the IT Security and Compliance Division to create a strong bridge between organizations, build respect for the contributions of all and bring groups together to share information and resources and create better decisions, policies and practices for the campus.
Mentor the IT Security and Compliance Division team members and implement professional development plans for all members of the team.
Perform special projects and other duties as assigned.
Policy, Compliance and Audit
Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the university's data and information technology systems.
Work closely with IT leaders, technical experts, deans and administrative leaders across campus on a wide variety of security and compliance issues that require an in-depth understanding of the IT environment in their units, as well as the research landscape and federal regulations that pertain to their unit’s administrative, academic and research areas.
Lead the development and implementation of effective university policies, standards and procedures to help secure the university’s data and IT systems.
Work with Internal Audit, the CU Office of Information Security and outside consultants, as appropriate, on required security and compliance assessments and audits.
Coordinate and track all information technology and security related audits including scope of audits, units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.
Work with university leadership and the Office of Regulatory Compliance to build cohesive security and compliance programs for the university, to effectively address state and federal statutory and regulatory requirements, including HIPAA, FERPA, PCI and FISMA.
Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors (e.g. PCI, HIPAA, and FISMA).
Oversee the IT Security Operations Team in the successful implementation of security strategies and technologies to ensure the security of University data and resources.
Ensure that infrastructure supporting the security posture of the campus is modern and up-to-date.
Make recommendations to senior IT leadership on what strategies and technologies to implement and what strategies and technologies to avoid.
Ensure that the Security Operations Team is working to successfully implement infrastructure and devices that are highly available and reliable resulting in the successful operation of the University’s business, academic, research, and clinical enterprise.
Outreach, Education and Training
Create and maintain a security and compliance awareness program, and advise operating units at all levels on security issues and best practices.
Work with campus groups such as LAN Admins, the Office of Regulatory Compliance, application developers, sys admins, and other technical and non-technical groups to build awareness and a sense of common purpose around security.
Risk Management and Incident Response
Develop, implement, document and administer a security incident response process and team.
Ensure the successful operation of the University’s security infrastructure and devices while balancing the security and business needs of the University.
Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene the Incident Response Team as needed, or requested, in addressing and investigating security incidences that arise.
Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
Coordinate the development of information security policies, standards, and procedures. Work with key IT Offices, data custodians, and governance groups in the development of such polices. Ensure the university policies support compliance with external requirements. Oversee the dissemination of policies, standards and procedures to the university community.
Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and policies.
Examine impacts of new technologies on the university’s overall information security posture. Establish processes to review implementation of new technologies to ensure security and compliance.
Coordinate the development and delivery of education and training programs on information security and privacy matters for employees, other authorized users, and students.
Salary and Benefits:
The salary range for this position has been established at $120,000-$140,000 and is commensurate with skills and experience.
Your total compensation goes beyond the number on your paycheck. The University of Colorado provides generous leave, health plans and retirement contributions that add to your bottom line.
Benefits: https://www.cu.edu/employee-services/benefits at https://www.cu.edu/employee-services/benefits-wellness
Total Compensation Calculator: http://www.cu.edu/node/153125
Diversity and Equity:
The University will provide reasonable accommodations to applicants with disabilities throughout the employment application process. To request an accommodation pursuant to the Americans with Disabilities Act, please contact the Human Resources ADA Coordinator at firstname.lastname@example.org.
The University of Colorado Denver | Anschutz Medical Campus is committed to recruiting and supporting a diverse student body, faculty and administrative staff. The university strives to promote a culture of inclusiveness, respect, communication and understanding. We encourage applications from women, ethnic minorities, persons with disabilities and all veterans. The University of Colorado is committed to diversity and equality in education and employment.
The University of Colorado Denver | Anschutz Medical Campus is dedicated to ensuring a safe and secure environment for our faculty, staff, students and visitors. To assist in achieving that goal, we conduct background investigations for all prospective employees.
Conditions of Employment:
Must be willing and able to travel between campuses (Denver Campus and Anschutz Medical Campus)
PLEASE NOTE: Candidates will be responsible for travel expenses related to the interview process and any relocation expenses, if applicable.
Parking expenses for employees are not covered by the university. To review parking options please visit the link below and select your appropriate campus:
Facilities Management Permit Parking at http://www.ucdenver.edu/about/departments/FacilitiesManagement/ParkingMaps/Parking/Pages/PermitParking.aspx
7 years total experience with information security and compliance
5 years in an information security and compliance leadership role
Demonstrated ability to implement general security concepts and methods such as vulnerability and risk management, incident response, policy creation, and enterprise security strategies.
Deep experience with information security regulatory and compliance management.
Experience developing and administering information security standards, guidelines and best practices.
Demonstrated working knowledge with documented training and/or certification in IT Security and Compliance, including HIPAA and PCI.
Ability to manage multiple projects or priorities with complex contracts and relationships.
Demonstrated ability to foster participation of others and to work effectively and collaboratively with faculty, senior administrators, and staff.
Demonstrated experience advancing diversity and the creation of inclusive work environments.
Demonstrated ability to lead a security operations team.
Deep understanding of the operation of security devices such as firewalls, Intrusion Prevention/Detection Systems, web security appliances, etc.
Knowledge, Skills, and Abilities
Excellent leadership and management abilities with strong written and oral communication skills.
Working knowledge of a broad range of information technology services and systems.
Knowledge of security best practices and how to apply them in a complex, distributed environment.
Ability to work collaboratively with diverse groups of people and a broad range of constituencies.
Broad understanding of networking concepts in support of security operations.
Job: Information Technology
Primary Location: Denver
Job Category Information Technology
Department U0001 -- DENVER & ANSCHUTZ MED CAMPUS
Posting Date Aug 11, 2020
Unposting Date Ongoing
Posting Contact Name OIT Human Resources
Posting Contact Email mailto:ucd-oit.HumanResources@ucdenver.edu
Posting Number 00002307
Req ID: 18991
The University of Colorado does not discriminate on the basis of race, color, national origin, sex, age, pregnancy, disability, creed, religion, sexual orientation, gender identity, gender expression, veteran status, political affiliation, or political philosophy. All qualified individuals are encouraged to apply.