Information Security Officer

University of Florida

Gainesville, FL

Job Description

The University of Florida is searching for Information Security Officer. The Information Security Officer (ISO) provides strategic leadership, analysis, planning, and recommendations related to the security of the University's information assets.

The role of the ISO spans the entire University of Florida enterprise, including Direct Support Organizations and Affiliates. The ISO exercises enterprise-wide authority for compliance with University information security policies consistent with applicable industry standards and governmental regulations.

By fostering communication and leveraging relationships at all levels of the enterprise, the ISO raises the visibility of information security and compliance as an enterprise-wide activity. This position reports directly to the Vice President and Chief Information Officer. The ISO works closely with the Chief Privacy Officer, the Office of General Counsel, University Police Department, senior administrators of the University and leaders of Direct Support Organizations to support their collective and individual information security governance and oversight responsibilities.

The ISO will ensure a framework for managing risk and aligning information security strategies with the University's missions and administrative functions. The ISO will be responsible for providing information security leadership, strategy and vision.

Responsibilities:

Direct all University information security functions of risk management, training and awareness, policy development and compliance, disaster recovery and business continuity, and incident management.

Develop, evaluate and communicate short and long term information security strategies that align with established University goals. Such strategies will incorporate threat research, vulnerability assessment, risk management and incident management.

Provide information security oversight and planning for University Direct Support Organizations (DSOs).

Represent the University's information security plans to appropriate constituents.

Provide leadership for information security analysis and reporting. Ensure that all information security policies and procedures are in compliance with all regulatory requirements.

Perform information security analysis for enterprise-wide initiatives.

Using appropriate performance metrics to demonstrate the effectiveness of security strategies, the ISO advances a multilayered and adaptive approach for addressing a dynamic threat environment. By collaborating with peers within and outside the enterprise, the ISO maintains an understanding of the latest threats and security tools and techniques.

Manage a team of information security professionals responsible for:

o Risk management

o Development of policies, standards, procedures and guidelines

o Compliance with policies and standards

o Information security training and awareness program

o Incident management

o Community assistance and support with development and deployment of effective security systems, products and services

o Collaboration and coordination with IT professionals, vendors, peer institutions, consultants and others to improve the security posture of the University

o Information security and compliance research

Serve as a member of the UF IT Management Council, providing council and support to the CIO and team members.

Maintain an understanding of the latest threats and security tools and techniques.