Information Security Compliance Lead at The Ohio State University
Posting DateJanuary 28, 2020
Location of Position
The Ohio State University is proud to be a premier employer that provides an exceptional total rewards package including medical, dental, vision and many other “hidden” benefits. Our competitive benefits package is offered to all eligible faculty and staff in order to attract, develop and retain top performers eager to share their talent, time and success. Our benefits support your health and financial goals and include not only health insurance, but also generous state retirement, tuition assistance for our employees and their dependents, wellness initiatives, and much more. Please visit https://hr.osu.edu/benefits/ for detailed information. Be your best at The Ohio State University!
Duties and Responsibilities
Supports Security Operations for the Ohio Technology Consortium (OH-TECH), in collaboration with the Chancellor of the Ohio Department of Higher Education (ODHE), in accordance with university policies, goals, and objectives; reporting to the Chief Information Security Officer. OH-TECH is looking for an Information Security Compliance Lead to manage policy and governance oversight activities, primarily through assessing the effectiveness of internal controls, risk management and governance for information systems in accordance with organizational objectives and regulatory requirements.
The Information Security Compliance Lead will: Review processes that support the information systems control framework; perform independent audits and multi-disciplinary review of complex and sensitive issues related to information systems across the university; perform information system audits, special investigations and consultations to management; and report findings and recommendations to leadership and the board.
The Information Security Compliance Lead provides consulting and expert guidance in organization wide efforts regarding security engineering, risk management, design, access and identity control, operational support and consultation; security operational services; set-up, verification, and audit of user access and authorizations; risk analysis and response; and input into the development of business continuity and disaster recovery procedures. Partners with stakeholders at the university or unit level to ensure systems and data are secured against a range of physical, electronic, cyber and other threats. Works with appropriate executive leaders, business partners and staff to plan and develop risk management solutions that satisfy the organization’s strategic and business needs.
The Information Security Compliance Lead has an understanding of a full open source stack, the DevOps lifecycle, modern operating systems, as well as general networking knowledge. Works with the Security Team to develop best practices for the use of vulnerability management systems, automated security scanning tools, and risk assessment methodologies to identify the Threats to the organization and mitigate them.
The Information Security Compliance Lead provides security planning, assessment, risk analysis, and risk management support. Recommends solutions to develop security requirements, assess security gaps, and guide the organization in meeting the security posture requirements. Must apply existing knowledge of Information Assurance (IA) policy, procedures, and workforce structure to provide expert guidance to engineering in the design, development, and implementation of secure networking, computing, and datacenter environments.
Ideally, the Information Security Compliance Lead has experience leading and mentoring junior analysts and consultants. The Compliance Lead has an inquisitive nature, responsiveness, and excellent assessment skills. Possesses strong troubleshooting skills and the ability to work under pressure with multiple deadlines. Patience in working with non-technical end users is essential. Works in a fast paced, small business environment with our talented team.
The Information Security Compliance Lead is able to grasp new concepts, facilitate information exchanges for data gathering, and collaborate with diverse audiences. Must follow established processes where applicable and establish and execute defensible processes where none are prescribed.
- Bachelor's degree or an equivalent combination of education and experience.
- Experience in implementing system accreditation processes and Risk Management Frameworks (e.g. NIST-800 series, RMF, CSF, CIS-RAM, COBIT)
- Experience with DISA STIGs and SRGs, MITRE ATT&CK, vulnerability management systems, mitigation and compliance processes, and reviewing results from automated security scanning tools.
- One or more of the following certifications; CISSP, CISM, CISA, CRM, CRMP, PRM, FRM, CERA, CEH, GSEC.
- Have a solid understanding of windows, Mac, and/or Linux operating systems; hosts, networks, security, secure application development concepts.
- Hands-on experience with Vulnerability Scanning Tools (e.g. Rapid7, Qualys, Nessus).
- Experience with Code Scanning Tools: DAST and/or SAST.
- Experience with firewalls, NAT, HTTP, DNS, IP and OSI Networks. Experience with core LAN/WAN network technologies.
- Experience leading and mentoring junior analysts and consultants.
You Need To Know
Aside from the unparalleled benefits of working for The Ohio State University and working in the diverse, smart, safe, fun and growing city of Columbus, Ohio, this opportunity will provide exceptional rewards that arise from working for a land grant institution where you will truly feel the impact of your work. Learn more here: https://hr.osu.edu/careers/.
The Ohio State University is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation or gender identity, national origin, disability status, or protected veteran status.