Director
- University of Maryland
- Location: College Park, Maryland
- Category: Admin-Other Administrative Positions
- Posting Date: 08/05/2022
- Application Deadline: Open until filled
Job Description
Position Number:
800009Title:
Chief Information Security Officer/Chief Privacy OfficerFunctional Title:
DirectorCategory Status:
33-Exempt RegularApplicant Search Category:
StaffUnit:
USMO-All University System of Maryland Office UnitsCampus/College Information:
The University System of Maryland Office (USMO), led by Chancellor Jay A. Perman, is the staff to the Board of Regents. Staff members advocate on behalf of the 12 USM institutions, facilitate collaboration and efficiencies among the institutions, and provide information about the system to the public. With leadership from the USM Board of Regents and Chancellor Perman, the USMO coordinates academic programs, assists with long-range planning and resource management, facilitates private fund raising, and provides financial stewardship.
Background Checks
Offers of employment are contingent on completion of a background check. Information reported by the background check will not automatically disqualify you from employment.
Vaccine Protocol
The University of Maryland has made the safety of our students, faculty and staff, and our surrounding communities a top priority. As part of that commitment, the University System of Maryland (USM) recently announced that students, faculty, and staff on USM campuses this fall, including UMD, are required to be vaccinated against COVID. As a prospective and/or a new employee at UMD, you will be required to comply with the University’s vaccination protocol. Proof of full vaccination will be required before the start of employment in order to work at any University of Maryland location. Prospective or new employees may seek a medical or religious exemption to the vaccination requirement at return.umd.edu and must have an approved exemption prior to the start of their employment. Failure to provide proof of vaccination or to obtain approval for a medical or religious exemption will result in the offer of employment being rescinded.
Position Summary/Purpose of Position:
Position Summary/Purpose of Position: This position is located in Adelphi, MD, with the option to telework part of the week. The Chief Information Security Officer/Chief Privacy Officer provides leadership for the University System of Maryland (USM) information security and privacy programs to ensure USM and institution level programs continue to adapt and address the enterprise risk inherent in information security and privacy.
Responsibilities
Leads Systemwide discussions regarding current state of information security on campus and generally:
Leads Systemwide discussions regarding current state of information security on campus and generally:
- Continues to evolve the USM IT Security Standard toward NIST compatibility.
- Develops baseline information security practices and frameworks.
- Evaluates new/evolving information security requirements (e.g., CMMC, GLBA, etc.) and the USM’s readiness.
- Consults with institutions on information security and privacy gap identification in all segments including research.
- Develops a maturity model template and evaluation procedures for institutions to self-assess risk posture and opportunities for individual and collaborative improvement, bringing to bear USMO resources as available.
- Partners with other established entities (e.g., MEEC, MDREN, Judiciary, DoIT, Office of Attorney General, etc.) to bring outsourced contracting assistance to bear and assist in managing those contracts. Coordinate with appropriate audit entities (e.g., OLA, USM IA, CLA, etc.) on matters relating to past, current and future audits.
Assists institutional information security and privacy personnel with interpretation and application of policies, laws, and standards.
- Coordinates with appropriate stakeholders on the implementation of the Maryland Public Higher Education Privacy Law (e.g., general counsels, privacy officers, …, etc.).
- Coordinates with appropriate audit entities (e.g., OLA, USM IA, CLA, etc.) on matters relating to past, current and future audits.
- Coordinates with USM institutions, the USMO, the BOR, and external entities on any security incidents or breaches
- Provides Operational advice to the USM, Board of Regents, institutional general counsels, Office of Attorney General and all USM stakeholders on information security, privacy, and information technology topics. This includes contract and other formal agreement review for sufficiency relative to IT security and data privacy.
Develops strategic and tactical workplans for short- and long-term activities.
- Leads the USM IT Security Council and Information Privacy Implementation Teams and developing touchpoints with other established constituents (e.g., ITCC, ERP PMs, other institutional leadership councils, etc.).
- Monitors the current and evolving information security and privacy industry and legal trends.
- Provides strategic and operational advice and counsel on matters relative to information security and privacy.
- Helps institutions develop information security and privacy roadmaps to administer programs and new technologies.
- Assists in the management of USM and institutional risk.
- Assists the USM and institutions as needed with enterprise crisis management programs.
- Coordinates across the USM and State of Maryland on any cyber insurance needs.
Monitors information and technology related legislation:
- Evaluates and develops draft USM testimony relative to information and technology related legislation.
- Coordinates with institutions and USMO Legislative Affairs team on submittal/presentation of testimony as appropriate.
- Communicates with bill sponsors and executive agencies as applicable.
Updates Board of Regents, USMO and Institutional leadership on ad-hoc information security and privacy matters.
Minimum Qualifications:
Education: Bachelor’s degree.
Experience: 10 years of progressive experience in enterprise technology services.
Knowledge, Skills, and Abilities:
- Knowledge of best practice information security and privacy operations.
- Knowledge of federal and other standards, pertinent to USM, relative to ITSEC and DP.
- Knowledge of FERPA, PCI, HIPAA, GLBA and other standards, laws and regulations impacting higher education.
- Understanding of technology landscape and state of play in ITSEC and DP hardware, software, and services.
- Ability to help institutions develop controls appropriate for their campus and in alignment with applicable standards/guidelines.
- Ability to lead and manage technical teams.
- Remains calm and is able to manage conflict.
- Elicits collaborative input and can facilitate consensus.
- Strong consultative, customer-oriented and collaborative approach to issue identification and resolution.
- Flexible, adaptable, and able to sustain momentum; effective and enthusiastic demeanor while conditions and organizational structures may be ambiguous and fluid.
- Strong interpersonal skills and experience working with multiple internal and external constituencies; able to gain community respect and possesses good relationship-building skills.
- Exceptional communications capabilities, including leveraging other people’s knowledge and ideas, giving presentations, and speaking publicly.
- Skill in monitoring the performance of outside contractors and scope of work.
- Ability to work collaboratively with legal professionals inside and outside of the USM.
- Ability to work with governmental bodies on regulatory and legislative matters.
- Ability to provide interpretation of regulations and laws as it relates to operational implementation.
- Ability to manage legal teams to achieve USM and institutional goals.
Preferences:
Preferred Education: Juris doctor degree.
Preferred Experience: Specific experience in networking and/or experience in higher education.
Preferred Knowledge, Skills, and Abilities:
- Familiarity with the legislative process and providing written and oral testimony to legislators.
- Strong working knowledge of higher education business processes, financial issues, and education industry.
- Knowledge of national and international education policy, regulations, and law.
- Experience with institutional research programs on issues of research security compliance, research information governance and negotiation of research agreements.
Additional Information:
Resumes will be reviewed until the position is filled. Applicants must combine all application materials (cover letter, resume and list of three references with contact information) into one PDF or Microsoft word document to the following email address: hr-ciso@usmd.edu.
Job Risks
Not Applicable to This PositionPosting Date:
08/02/2022Open Until Filled
YesBest Consideration Date
08/15/2022Diversity Statement:
The University System of Maryland is an equal opportunity, affirmative action employer without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin or ancestry, marital status, veteran status, physical or mental disability unrelated to an individual’s ability to perform the job, in accordance with applicable law. As required by the 1986 Immigration Act, applicants should be prepared to present acceptable documentation showing their identities, their U.S. citizenship or alien status, and their authorization to work in the United States.