Manager, Information Security, and Identity Operations
Grant Title:
N/A
Job Description Summary / TWC Summary:
The role of the Manager of Information Security is to drive the implementation of security strategy, mitigate emerging threats and vulnerabilities, and providing protection for our organization's interests. You will lead the Operational Security team to align security and technology solutions with business objectives. Collaborate with and inform members of the campus' information security program, including developing and implementing security standards, conduct risk assessments, and gather and report on security performance metrics. Guide a team of talented security analysts, empowering them to achieve their goals and support their professional growth. As a member of the OIT department this position strives to ensure consistency in communications, actions, and alignment to the strategic plan of the university. This position is also responsible for supporting the mission of the university by delivering technology, services, solutions and guidance to the students, faculty, staff, and the community in a professional, exemplary, service oriented collaborative manner.
Essential Duties Summary:
1. Strategic Support:
Develop a SecOps program of security and identity, addressing risks and business requirements.
Focus on automation and orchestration to ensure system agility and security.
Develop budget projections aligned with short- and long-term goals for business growth.
Create and manage strategic and operational SecOps KPI analytics.
2. Policy and Compliance Management:
Monitor and report on compliance with security policies and enforce policies within the IT department.
Propose changes to existing policies and procedures for operational efficiency and regulatory compliance.
Manage staff of information security and identity management professionals, fostering growth and versatility.
3. Security and Identity Liaison:
Assist resource owners and IT staff in understanding and responding to audit risks.
Provide communication, awareness, and training for various stakeholders.
Establish mutually acceptable contracts and service-level agreements with vendors and internal departments.
4. Information Asset Management:
Work with stakeholders to classify data and systems within a control framework implementation.
Participate in information security and identity and access management governance processes.
Define metrics and reporting strategies to communicate successes and progress in the security and identity program.
5. Architecture/Engineering Support:
Consult with IT and campus staff to incorporate security and identity management into hardware, application, and software evaluation, selection, installation, and configuration.
Recommend and coordinate the implementation of technical controls to enforce policies.
Research, evaluate, and plan the implementation of new hardware or software, considering its impact on the existing environment.
6. Operational Support:
Coordinate with the Information Security Leadership and report on technical aspects of security and identity management.
Manage outsourced vendors' compliance with service-level agreements.
Oversee security related change management, incident management, knowledge management and SecOps controls and testing procedures.
KEY RESPONSIBILITIES AND PERFORMANCE STANDARDS:All Information Technology staff - regardless of their unique position - are expected to perform their assigned duties in a manner consistent with professional standards, with full awareness of responsibilities toward managing personal and institutional data, with priority regard to delivering customer service, with an understanding of the 24/7 nature of IT and the responsibilities that create for them as individuals, and in a constructive and effective collaboration with colleagues.
% FTE:
1.0
Hiring Range:
Commensurate with experience.
Education:
Bachelor's degree in information systems or related field, or equivalent work experience.
Master's degree in information security, or related field preferred.
Required Licensing/Certification:
Certifications for this role include CISSP, CISM, and CPP; possessing all three would be ideal.
Knowledge, Skills, and Abilities:
Work planning and delivery management of information security program.
Ability to think critically and analytically to identify, analyze, and resolve complex problems and security-related issues within the organization's IT environment.
Proficiency in employing a systematic approach to break down problems and develop effective solutions.
Demonstrated understanding of high-level policies, regulations, and industry best practices related to information security and the ability to apply them to daily responsibilities.
Familiarity with relevant frameworks and standards such as NIST, ISO, or CIS Controls.
Proven ability to work proactively and independently, taking ownership of assigned tasks and projects related to security operations.
Capacity to identify potential risks and vulnerabilities, anticipate security needs, and implement proactive measures to mitigate them.
Ability to exercise sound judgment and make informed decisions based on available information and established security protocols.
Capability to assess risks and prioritize actions to ensure the protection of sensitive data and systems.
Excellent verbal, written, and interpersonal communication skills, enabling clear and concise communication with various stakeholders including IT teams, management, and business personnel.
Proficiency in translating technical security concepts into understandable terms for non-technical audiences.
Work Experience:
Eight (8) years of progressive IT experience, including at least five (5) years in information security or identity management, with two (2) years in a managerial or supervisory role.
A solid understanding of industry-standard security frameworks and requirements to include TX-RAMP, NIST, COBIT and GLBA.
Experience leading and mentoring security teams, a solid grasp of IT risk management principles, and a proven history of implementing and maintaining security controls.
Working/Environmental Conditions:
Routine office environment.
Sitting or standing in one location much of the time.
Some stooping, lifting, or carrying objects light weight may be required.
Use of video display terminal.
UA EEO Statement:
It is the policy of Texas Southern University to provide a work environment that is free from discrimination for all persons regardless of race, color, religion, sex, age, national origin, individuals with disability, sexual orientation, or protected veteran status in its programs, activities, admissions or employment policies. This policy of equal opportunity is strictly observed in all University employment-related activities such as advertising, recruiting, interviewing, testing, employment training, compensation, promotion, termination, and employment benefits. This policy expressly prohibits harassment and discrimination in employment based on race, color, religion, gender, gender identity, genetic history, national origin, individuals with disability, age, citizenship status, or protected veteran status. This policy shall be adhered to in accordance with the provisions of all applicable federal, state and local laws, including, but not limited to, Title VII of the Civil Rights Act.
