POSITION DESCRIPTION

advertisement

POSITION DESCRIPTION

PROPOSED TITLE: Chief Information Security Officer

EXTENDED TITLE: Chief Information Security Officer

FLSA STATUS: Exempt

CATEGORY: Administrative

GRADE: E

JOB SUMMARY: Responsible for administering high level of information security analysis for El Paso

Community College. Develop security strategic planning, tactical action, and policies to defend against unauthorized disclosure, access or destruction of information.

ESSENTIAL FUNCTIONS:

YEARLY

PERCENT OF

TIME

25% 1.

Responsible for protecting the College’s information and information processing assets. Direct planning, implementation, and execution of security policies, activities, and facilities against network, systems, and applications security breaches and vulnerabilities. Review application design documents and serve as the expert advisor to development team on security techniques, compliance requirements, and industry best practices.

2.

Manage threats and incidents impacting the College’s information resources.

Participate in the development of information technology disaster recovery and business continuity planning and serve on security incident response teams.

Promote information security awareness, risk management, best practices for physical and data security regarding information technology resources, business impact and risk analysis.

3.

Manage vulnerabilities within the information processing infrastructure. Audit existing systems, and direct the creation and administration of information technology security activities and standards. Conduct periodic audits of internal network, systems applications and security controls to validate effectiveness and identify risks. Research, evaluate, and assist in recommending continuous security enhancements for the prevention, detection, containment, and correction of data and network security breaches.

4.

Assure through policy, appropriate use of the College’s information resources.

Develop goals, objectives and policies to ensure EPCC compliance with all applicable state and federal data and network security guidelines, rules, and statutes.

5.

Review security technology contracts for goods and services to ensure that data and network aspects are properly addressed. Monitor contractor and vendor performance to ensure compliance with their terms and conditions.

6.

Train employees and students to adhere to information security and privacy protection responsibilities. Keep abreast of evolving technologies to ensure appropriate security controls are implemented and maintained as College

20%

15%

15%

10%

10%

Revised: 10/15/13

Effective: 6/01/11 Page 1 of 5

processes change. Promote security awareness.

7.

Perform other duties as assigned. 5%

REPORTING RELATIONSHIP: Vice President, Information Technology/Chief Information Officer.

SUPERVISORY RESPONSIBILITIES: Direct supervision as first-line supervisor of assigned staff.

BUDGET RESPONSIBILITIES: Departmental budgets.

ESSENTIAL QUALIFICATIONS:

EDUCATION: Master’s degree in information technology, computer science, computer information systems, management information systems, business, or related field.

EXPERIENCE: Nine (9) years related work experience with direct experience in maintaining an information resources technology security program; working in business continuity and disaster recovery; and experience in planning and managing projects.

CERTIFICATION: At least one of the following major relevant certifications:

Certified Information System Security Professional (CISSP); Certified Information

System Management (CISM); Certified Information System Auditor (CISA); Certified

Protection Professional (CPP).

SPECIAL REQUIREMENTS:

Certification must be obtained within first year of employment.

SPECIAL SKILLS AND ABILITIES:

1.

Skills/Abilities :

Ability to configure, deploy and monitor security infrastructure;

Excellent understanding of process for performing security risk assessments and audits;

Knowledge of reviewing system and application specifications and making recommendations for security enhancements;

Operational knowledge of networking, operating systems, internet and data security application support;

Knowledge of hacking techniques and culture;

Knowledge of local, state, and federal laws and regulations relating to information security;

Planning, organizing and working independently, as well as within a team environment;

Presenting technical data in an understandable format to lay- and technicalaudiences;

Resolving complex security issues in diverse environments;

Maintaining an established work schedule and being on call 24 hours per day to resolve security-related problems;

Meeting deadlines, schedules, and target dates;

Supervising, leading, and delegating tasks and authority;

Effectively using interpersonal and communications skills including tact and diplomacy both verbally and in writing;

Effectively using organizational and planning skills with attention to detail and

Revised: 10/15/13

Effective: 6/01/11 Page 2 of 5

follow through;

Configuring, deploying and monitoring security infrastructure;

Performing security risk assessments and audits;

Maintaining confidentiality of work related information and materials;

Technical competence to lead the organization’s security initiatives;

Ability to work in a diverse environment and be sensitive to issues of diversity and inclusion.

2.

Equipment Used: Demonstrated proficiency using standard office software applications,

query and control languages, programming languages, and database systems.

3.

Software Used: A variety of word processing, spreadsheet, database, email and presentation software.

PHYSICAL REQUIREMENTS:

The physical demands described here are representative of those that must be met by an employee successfully perform the essential functions of this job.

While performing the duties of this job, the employee is frequently required to sit and talk or hear. The employee is occasionally required to stand; walk; use hands to feel; and reach with hands and arms; climb or balance and stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 10 pounds, frequently lift and/or move up to 25 pounds and occasionally lift and/or move up to 50 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and ability to adjust focus.

INTERPERSONAL SKILLS:

Alternative or combined skills in understanding, negotiating, selecting, developing, and motivating people are important to the highest degree due to constant interaction with other people, at any level within the organization or the community, position’s accountability for the development, motivation, assessment, and reward of employees, and to deal with irrational situations where the outcome is unpredictable.

WORKING CONDITIONS:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. The noise level in the work environment is usually moderate.

Revised: 10/15/13

Effective: 6/01/11 Page 3 of 5

POSITION TITLE:

Chief Information Security Officer

PHYSICAL REQUIREMENTS & WORKING CONDITIONS: The physical demands and work environment factors described below are representative of those that must be met by an employee to successfully perform the essential functions of this job.

PHYSICAL ACTIVITIES: Amount of Time

Stand

Walk

Sit

Use hands to finger, handle or feel

Reach with hands and arms

Climb or balance

Stoop, kneel, crouch, or crawl

Talk

Hear

Taste

Smell

WEIGHT and FORCE

DEMANDS:

None

X

X

None

Up to 10 pounds

Up to 25 pounds

Up to 50 pounds

Up to 100 pounds

More than 100 pounds

WORK ENVIRONMENT:

X

X

Wet or humid conditions(non-weather)

Work near moving mechanical parts

Work in high, precarious places

Fumes or airborne particles

Toxic or caustic chemicals

Outdoor weather conditions

Extreme cold(non-weather)

Extreme hot (non-weather)

Risk of electrical shock

Work with explosives

Risk of radiation

Vibration

VISION DEMANDS:

None

X

X

X

X

X

X

X

X

X

X

X

X

No special vision requirements

Close vision (clear vision at 20 inches or less)

Distance vision (Clear vision at 20 feet or more)

Color vision (ability to identify and distinguish colors)

Peripheral vision

Depth perception

Ability to adjust focus

Under 1/3

X

X

X

X

X

X

X

1/3 to 2/3

X

X

Amount of Time

Under 1/3 1/3 to 2/3

X

X

Amount of Time

Under 1/3 1/3 to 2/3

Required

X

X

X

X

X

X

Over 2/3

Over 2/3

X

Over 2/3

Revised: 10/15/13

Effective: 6/01/11 Page 4 of 5

NOISE LEVEL: Exposure Level

Very quiet

Quiet

Moderate

Loud

Very Loud

X

The intent of this job description is to provide a representative and level of the types of duties and responsibilities that will be required of positions given this title and shall not be construed as a declaration of the total of the specific duties and responsibilities of any particular position. Employee may be directed to perform job-related tasks other than those specifically present in this description.

I certify that I have received a copy of this job description. I have read and understand the duties and responsibilities of this position.

X

Employee Signature Date

Revised: 10/15/13

Effective: 6/01/11 Page 5 of 5

Download