This is a description of a Staff Position Classification. It is not an announcement of a position opening. To view descriptions of current openings, please go to UNMJobs and Search Postings to view positions that are currently accepting applications.
The following statements are intended to describe, in broad terms, the general functions and responsibility levels characteristic of positions assigned to this classification. They should not be viewed as an exhaustive list of the specific duties and prerequisites applicable to individual positions that have been so classified.
Summary
Oversees and provides operational and technical leadership in the development, implementation, and proactive management of all facets of the computer and information security effort for the University of New Mexico. As Information Security Officer, establishes the institution's overall policies and strategic plans for information security, and guides, leads, and coordinates the integration of information security strategies, programs, and initiatives across all campus locations. Reports directly to the Chief Information Officer of the University, and directly participates in overall IT governance decision making for the entire institution.
Duties and Responsibilities
Oversees the development and implementation of an effective, information security program to mitigate institutional risk, maintain continuity of operations, and safeguard the University community.
Coordinates and collaborates with institutional constituencies as appropriate to formulate, implement, and disseminate University-wide policies and standards ensuring the confidentiality, integrity, and availability of information assets.
Provide operational leadership for the development, documentation, and administration of processes to reduce information security risk, responds to incidents, and limits exposure across the University; defines and advocates best practices regarding security of data and systems.
Researches and recommends state-of-the-art information technology solutions and innovative security management techniques that effectively safeguard the institution's information assets.
Collaborates with University leadership to ensure that information security solutions effectively interface with current and emerging business and operational needs of the institution.
Establishes programs and processes that operationalize compliance with applicable laws, regulations, and guidelines, as well as creates mechanisms for preventing, detecting, and reporting compliance breaches.
Administers the day-to-day activities of the University's Information Security Office; to include operational and fiscal management, staffing, and human resources management.
Provides strategic direction, oversees, and evaluates the development and delivery of IT security and compliance awareness training programs for IT administrators and operating unit staff University-wide.
Researches, identifies, and analyzes possible information security-related risks with the potential for strategic, adverse impact on the University, and develops effective and appropriate preventive strategies consistent with sound business judgment and internal controls.
Ensures that security incidents and related ethical issues are investigated and expeditiously resolved in a fair, objective manner in alignment with the University's values and code of business conduct.
Performs miscellaneous job-related duties as assigned.
Minimum Job Requirements
Bachelor's degree; at least 8 years of experience directly related to the duties and responsibilities specified.
Completed degree(s) from an accredited institution that are above the minimum education requirement may be substituted for experience on a year for year basis.
Knowledge, Skills and Abilities Required
Thorough knowledge and strategic understanding of information security principles, practices, and requirements as they relate to a major academic research institution.
Program planning, development, implementation, and leadership skills.
Demonstrated strategic planning and policy development skills gained at a senior level.
Knowledge of organizational structure, workflow, and operating procedures.
Outstanding interpersonal skills and demonstrated ability to communicate and work effectively in business partner relationships.
Demonstrated integrity and ability to maintain principles and make appropriate decisions under ethical pressure.
Knowledge and understanding of Federal, State, and University laws, regulations, and standards pertaining to information security and privacy.
Demonstrated understanding and appreciation of business management principles and processes.
Ability to effectively explain, promote, and defend the value of security initiatives to top management.
Ability to develop successful information security solutions that are consistent with and that support institutional business strategies and practices.
Ability to anticipate need and effectively assist the organization to rapidly adjust and respond to ever-changing information security conditions and trends.
Knowledge and understanding of current and emerging technological and operational solutions in the area of information security.
Advanced analytical, evaluative, and objective critical thinking skills
Conditions of Employment
Must pass a pre-employment criminal background check.
Employees in this job title are subject to the terms and conditions of an employment contract. Employment contracts are typically subject to review and renewal on an annual basis.
Employees who provide services or work in patient care or clinical areas are required to be in compliance with the University's influenza vaccination requirement.
Working Conditions and Physical Effort
No or very limited exposure to physical risk.
No or very limited physical effort required.
Work is normally performed in a typical interior/office work environment.
The University of New Mexico provides all training required by OSHA to ensure employee safety.
