Rowan University is a public comprehensive state-designated research institution with approximately 16,000 students. Its main campus is located in Glassboro, N.J., 20 miles southeast of Philadelphia, with additional campuses in Camden and Stratford. The University comprises seven colleges and five schools: the William G. Rohrer College of Business; the Henry M. Rowan College of Engineering; the Colleges of Communication and Creative Arts, Education, Humanities and Social Sciences, Performing Arts, and Science and Mathematics; the Cooper Medical School of Rowan University; the Rowan University School of Osteopathic Medicine; the Graduate School of Biomedical Sciences; the School of Health Professions; and the School of Earth and Environment. Rowan is one of two public universities in the country to offer M.D. and D.O. medical degree programs. The institution is also home to the South Jersey Technology Park, which fosters the translation of applied research into commercial products and processes. Rowan has been recognized as one of the top 100 public universities in the nation and is ranked third among public institutions in the North by U.S. News & World Report.
? Develop, implement, and monitor a strategic, comprehensive campus-wide information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the University.
? Facilitate information security governance through implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
? Develop, publish and maintain up-to-date security policies, standards and guidelines; and oversee training and dissemination of security policies and practices.
? Create, implement and communicate a risk-based process for vendor risk management.
? Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
? Work directly with the university community to facilitate IT risk assessment and risk management processes, and work with the CIO and appropriate staff throughout the university on identifying acceptable levels of residual risk.
? Create a framework for roles and responsibilities with regard to information ownership, classification, accountability, and protection.
? Develop and enhance an information security management framework based on one of the currently accepted standards such as ISO 27001 ISM.
? Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
? Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
? Work with CIO to respond to and address risks and audit findings; define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
? Manage security incidents and events to protect IT assets, including intellectual property, regulated data, and the University?s reputation.
? Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the security program, facilitate appropriate resource allocation, and increase the maturity of the program.
? Perform related duties and fulfill responsibilities as assigned.
Requirements and Qualifications:
? Bachelor?s degree in business administration or a technology-related field, Master's degree preferred.
? Minimum of ten (10) years of experience in a combination of information security, risk management, and IT positions ? experience in a leadership role in a higher education setting is preferred. Employment history must demonstrate increasing levels of responsibility.
? Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
? Proven track record and experience developing information security policies and procedures and successfully executing programs that meet objectives of excellence in a dynamic environment.
? Must be a critical thinker with strong problem-solving skills.
? Knowledge and understanding of relevant legal and regulatory requirements including but not limited to HIPAA.
? Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment and meet overall objectives.
? Demonstrated evidence of technical and organizational ability.
? Must have practical knowledge of security systems; essential for approving/developing architecture.
? Must understand the balance of risk and usability.
? Professional security management certification, such as a Certified Information Systems, Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, are required.
? Knowledge of common information security management frameworks, such as ISO 27001, COBIT and NIST.
? High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
Rowan University values diversity and is committed to equal opportunity in employment.
All positions are contingent upon budget appropriations.