The Office of Information Services Central Administration is seeking a Governance, Risk, and Compliance Manager. This is a full-time (1.0 FTE), 12-month, fixed term professional faculty position. Reappointment is at the discretion of the Chief Information Security Officer.
Reporting to the Chief Information Security Officer, the Governance, Risk, and Compliance Manager is responsible for assessing and documenting OSU’s compliance and risk posture as they relate to its information assets. This position provides highly skilled technical and information security expertise for the development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise, to assess the security of information assets deployed at and by the university.
The Governance, Risk, and Compliance Manager works in the Information Services (IS) Office of Information Security unit. This position reviews and assesses the risk and compliance status of OSU Information Systems and programs and participates in strategic planning efforts as part of the OIS Management team.
50% Risk Assessment
Lead the development and implementation of OSU’s information security risk management function within the Office of Information Security to ensure information security risks are identified and monitored.
Assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the university’s information and technology systems.
Review security of vendor systems hosting OSU data, ensuring that security controls and practices are sufficient.
30% Policy and Compliance
Lead the university-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
Develop and implement effective and reasonable procedures and practices to secure sensitive and confidential data and ensure information security and compliance with relevant legislation and legal interpretation.
Execute strategy for dealing with increasing number of compliance checks and external assessment processes for compliance such as PCIDSS, ITAR, NIST 800-171 and FISMA.
Serves as Data Protection Officer (DPO) [reporting to Chief Compliance Officer for these duties]: inform and advise the University of their obligations pursuant to the European Union’s General Data Protection Regulation (EU-GDPR) and other Union or Member State data protection provisions, monitor compliance with the EU-GDPR and other Union or Member State data protection provisions, provide advice on EU-GDPR data protection impact assessments and monitor its performance, cooperate with the EU-GDPR supervisory authority, act as the contact point for the EU-GDPR supervisory authority on issues relating to processing and any other relevant matter, and have due regard to the risk associated with processing operations.
10% Coordinate External Security Assessments
Work with consultants as necessary on required security assessments.
Coordinate and track all information technology and security related assessments including scope, colleges/units involved, timelines, auditing agencies and outcomes. Work with assessors as appropriate to keep focus in scope, maintain excellent relationships with external entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on responses.
10% Outreach and Awareness
Interacts in both oral and written communications with all levels of System staff including Computer center staff, developers and other ITS staff, campus technical staff, general counsel, auditors, and all System staff and students and technology vendors and contractors, in matters related to information.
Ability to develop security standards and guidelines based on best practices and industry standards.
Experience in common security standards and regulations relating to a higher education environment.
Skills in documenting risk and compliance activities.
Ability to facilitate cross-functional teams to implement security controls and initiatives
A demonstrable commitment to promoting and enhancing diversity.
This position is designated as a critical or security-sensitive position; therefore, the incumbent must successfully complete a criminal history check and be determined to be position qualified as per OSU Standard 576-055-0000 et seq.
Advanced degree, preferably in computer science or related field.
Information security experience in higher education or government.
Experience preforming information security audits or risk assessments.
Familiarity with security auditing processes.
Understanding of policy development and dissemination.
Internal Number: PO2347UF
About Oregon State University
Oregon State University (OSU) is a leading international public research institution grounded in the Land Grant tradition of bringing research and teaching to bear on the most pressing challenges facing Oregon and the world today. Founded in 1868, OSU is one of only two universities in the United States to have Land Grant, Sea Grant, Space Grant and Sun Grant designations. Oregon State is also the only university in Oregon to hold both the Carnegie Foundation’s top designation for research institutions and its prestigious Community Engagement classification. Oregon State’s faculty are global leaders in their fields, advancing the science of earth ecosystems, improving human health and wellness, promoting social progress and serving as an engine for economic growth. With $309 million in external research funding in the 2015 fiscal year, Oregon State’s impact reaches across the state and beyond. Oregon State, with 11 colleges, 15 Agricultural Experiment Stations, 35 county Extension offices, the Hatfield Marine Science Center in Newport, Oregon and OSU-Cascades in Bend, Oregon has a presence in every one of Oregon’s 36 counties, with a statewide economic footprint of $2.23 billion. O...SU is the state’s largest university, with annual revenues of $1.13 billion, and is home to more than 30,000 students from all 50 states and more than 90 nations, and the University of Choice for high-achieving students.
The University launched Phase I of the Strategic Plan for the 21st Century in 2004 as a foundation for advancing the University to be among the top Land Grant universities in the nation. The first two phases of the plan guided a decade of transformational progress. In 2014, the University launched Phase III to build upon ten years of momentum and to affirm the campus’ commitment to the University’s mission, vision and three strategic goals:
??Provide a transformative educational experience for all learners;
??Demonstrate leadership in research, scholarship and creativity while enhancing preeminence in the three signature areas of distinction: Advancing the Science of Sustainable Earth Ecosystems, Improving Human Health and Wellness, and Promoting Economic Growth and Social Progress; and,
??Strengthen Oregon State’s impact and reach throughout Oregon and beyond.