Information Technology (IT) is the unified IT organization that supports the vision, values, mission, and goals of the University by providing IT infrastructure, systems, administrative applications, academic resources and related services to faculty, students and staff. Embracing DU’s Impact 2025, the division aligns IT resources with University and unit strategic goals and operational plans, providing service in the spirit of “One DU”.
The Information Security Department of University Technology Services ensures that adequate controls are in place to protect the confidentiality, integrity, and availability of institutional IT systems and the data they process, transmit, and store. The department establishes a framework of policies and procedures consistent with government-wide laws and regulations, ensures systems are categorized and assessed for risk of harm, conducts periodic monitoring of control effectiveness, monitors tracking and completion of corrective actions, and trains personnel with IT security responsibilities.
Under the general direction of the Vice Chancellor/CIO, the Chief Information Security Officer (CISO) is responsible for the development and delivery of a comprehensive information security and privacy program for the University of Denver. The scope of this program is university wide, and includes information in electronic, print and other formats. The purposes of this program include assurance that information created, acquired or maintained by DU, and its authorized users, is used in accordance with its intended purpose; protection of institutional information and its infrastructure from external or internal threats; and assurance that the institution complies with statutory and regulatory requirements regarding information access, security and privacy. The CISO helps inform and provide strategic guidance and direction around information security to the CIO, members of the institutional senior management team, the Board of Trustees and the DU community.
- Coordinate the development of institutional information security policies, standards and procedures. Work with key IT offices, data custodians and governance groups in the development of such policies. Ensure that university policies support compliance with external requirements. Oversee the dissemination of policies, standards and procedures to the university community.
- Coordinate the development and delivery of an education and training program on information security and privacy matters for employees, other authorized users, and students.
- Serve as the university compliance officer with respect to DU, state and federal information security policies and regulations. Work with the campus designated FERPA, Records Access and HIPAA privacy officers on compliance issues as necessary. Prepare and submit required reports to external agencies.
- Develop and implement an incident Reporting and Response System to address DU security incidents (breaches), respond to alleged policy violations, or complaints from external parties. Serve as the official campus contact point for information security, privacy and copyright infringement incidents, including relationships with law enforcement entities.
- Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation and oversee vulnerability testing.
- Act as the CIO’s designee representing DU on Information-Security matters; serve as the campus contact point for external auditors and agencies, survey requests, on security/privacy matters.
- Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the institution and its mission.
- Supervises Information Security team
- Other duties as assigned
Knowledge, Skills, and Abilities
- Ability to work collaboratively and build consensus with a broad range of constituencies.
- Comprehensive understanding of information security administration, architecture, process, procedures, controls, and how they are implemented into policy and practices.
- Information security knowledge and skills across policies and procedures, security information systems and applications, security awareness, and compliance requirements.
- Direct experience with security tools such as firewalls, traffic shapers, intrusion detection systems, packet analyzers, network and application scanners, and security information and event management solutions.
- Fluent in spoken and written English. Ability to write clear, concise instructions and policy documents. Must be able to interface and coordinate with all levels of the institution.
- Strong deductive reasoning skills. Ability to draw conclusions from careful analysis of data. Ability to discern and communicate the impact and repercussions of policy and/or technology decisions.
- Understanding of relevant Federal and State regulations, accreditation and certification information, and security and privacy standards applicable to the University.
- Strong interpersonal, listening, change agent, educator and risk management consulting skills.
- Ability to work independently, develop well-documented business cases and cost-benefit analyses with challenging deadlines, and to continuously monitor multiple information security program activities.
- Ability to manage, monitor and control multiple projects with a variety of priorities, stakeholders, and requirements.
- Demonstrated ability to interpret and communicate technical security concepts to a broad range of technical and non-technical audiences.
- Ability to articulate and present information and key issues to leadership in ways that can be understood - providing proper perspective for risk-based decisions.
- Ability to cooperate with and be sensitive to the needs of others and exercise tact and diplomacy with a wide variety of personalities under stressful situations.
- Ability to effectively work with and manage third party providers, partners, and internal providers that perform information security assessments and functions.
- A demonstrated ability to work with diverse groups of people is required.
- Bachelor’s degree or equivalent combination of education or work experience (Veterans with equivalent combination of military certification/education and experience may substitute for the degree qualification).
- 7 years of information security and technology experience focused on information security, systems administration, network administration, and application administration.
- Working knowledge and experience in the policy and regulatory environment of information security.
- Proven experience in policy development, program administration and compliance/incidence response activities.
- Advanced degree in computer science, information technology, or related field.
- CISSP, CISM, GIAC, or equivalent certifications.
- Direct experience implementing and managing information security solutions. Broad experience in information security, compliance, and controls. Work experience in a university environment.
- Experience in developing and administering an enterprise information security program in a higher education environment.
8am - 4:30pm; evenings and weekends as needed
For best consideration, please submit your application materials by 4:00 p.m. (MST) on December 27, 2021.
Candidates must apply online through jobs.du.edu to be considered. Only applications submitted online will be accepted.
Salary Grade Number:
The salary grade for the position is 17.
The salary range for this position is $190,000 - $210,000.
The University of Denver has provided a compensation range that represents its good faith estimate of what the University may pay for the position at the time of posting. The University may ultimately pay more or less than the posted compensation range. The salary offered to the selected candidate will be determined based on factors such as the qualifications of the selected candidate, departmental budget availability, internal salary equity considerations, and available market information, but not based on a candidate’s sex or any other protected status.
The University of Denver offers excellent benefits, including medical, dental, retirement, paid time off, tuition benefit and ECO pass. The University of Denver is a private institution that empowers students who want to make a difference. Learn more about the University of Denver.
Please include the following documents with your application:
2. Cover Letter
The University of Denver is an equal opportunity employer. The University of Denver prohibits discrimination on the basis of race, color, national origin, age (40 years and over in the employment context), religion, disability, sexual orientation, gender identity, gender expression, genetic information, marital status, veterans status, and any other class of individuals protected from discrimination under federal, state, or local law, regulation, or ordinance in any of the university's educational programs and activities, and in the employment (including application for employment) and admissions (including application for admission) context, as required by Title IX of the Education Amendments of 1972; Title III of the Americans with Disabilities Act of 1990, as amended in 2008; Section 504 of the Rehabilitation Act of 1973; Title VI and VII of the Civil Rights Act of 1964; the Age Discrimination Act of 1975; the Age Discrimination in Employment Act of 1967; and any other federal, state, and local laws, regulations, or ordinances that prohibit discrimination, harassment, and/or retaliation. For the university's complete Non-Discrimination Statement, please see non‑discrimination‑statement.
All offers of employment are contingent upon satisfactory completion of a criminal history background check.