Compliance Initiatives Lead Specialist (AA/S - Exempt III) / ITS - Information Security California State University, San Bernardino
Job No: 500816 Work type: Staff Categories: Unit 9 - CSUEU - Technical Support Services, Administrative, Probationary, Full Time, Information Systems & Technology
California State University, San Bernardino is a preeminent center of intellectual and cultural activity in Inland Southern California. Opened in 1965 and set at the foothills of the beautiful San Bernardino Mountains, the university serves more than 20,000 students each year and graduates about 4,000 students annually. CSUSB reflects the dynamic diversity of the region and has the most diverse student population of any university in the Inland Empire. Seventy percent of those who graduate are the first in their families to do so.
At CSUSB, you can:
Build your future
Work with the best
Be your authentic self
Focus on you
Make a lasting impact
Work for a purpose that is greater than your own
Bring everything you are, become everything you want
The Identity, Security & Enterprise Technology (ISET) department of California State University San Bernardino promotes the confidentiality, privacy, availability, and integrity of information resources.
The Office of Compliance Initiatives monitors compliance with CSU and CSUSB information security policies and standards and applicable State and Federal regulatory standards, such as FERPA, HIPAA, and PCI.
The Office of Compliance Initiatives coordinates the University information security incident response and business continuity planning for the ITS division.
Under general supervision, the incumbent will independently provide leadership and lead work direction to all the employees in the information security compliance area and oversee the organizational unit operations.
The incumbent will provide the campus community with guidance and expertise on all information security and compliance policies, standards, and initiatives.
The incumbent will manage and coordinate the following compliance activities, including monitoring and tracking of access controls for university information resources, including those managed independently and those managed through the online Computerized Information Access request process, periodic information security compliance assessments of cloud services, and provider hosting, processing, transmitting, or storing university sensitive data, coordinate, monitor, validate and facilitate the process to ensure users meet university requirements and proper authorizations before granting access to campus administrative environments and analyze and generate reports as needed for the quality assurance and compliance of the computer information access workflow.
The incumbent will monitor and enforce access control processes to comply with CSU and CSUSB Information Security Policies and Standards, monitor compliance with operational security controls (vulnerability management, configuration management of computer and systems, change control of network security systems (firewalls, VPN, etc.), coordinate the annual certifications as required by the CSU CO for systems processing, storing, and transmitting sensitive data, all activities for the campus to comply with applicable regulatory requirements including FERPA, PCI-DSS, Red Flag Rules, and HIPAA, work closely with campus administrators and executive officers on information security compliance matters, provide recommendations to ensure campus remains in compliance with regulations, supervise and coordinate the campus information security awareness and training program, supervise and coordinate the business continuity and disaster recovery planning and testing for the ITS Division, coordinate and collaborate with the campus internal auditor in providing supporting documentation as needed in response to CSU and external audits of IT systems, as well as to review, develop and implement when necessary new campus policies, standards, processes and procedures to resolve compliance issues.
The incumbent will coordinate the campus information security risk assessment activities, including the sensitive data risk assessment, provide recommendations, and develop and implement risk mitigation solutions as appropriate, coordinate the information security risk assessments for third-party vendors with access to sensitive information and provide recommendations as appropriate as part of the procurement process.
The incumbent will provide guidance and recommendations to the campus Institutional Review Board in the area of information security and privacy protection, actively participate as a member of the Information Security and Emerging Technologies Subcommittee and provide recommendations and reports to the University IT Governance, and serve as a member of the Institutional Data Team Subcommittee and the Emergency Operations Command Team to provide feedback for disaster recovery/business continuity. Under the direction of CDO, the incumbent will lead the development and implementation of campus policies and standards to comply with appropriate federal, state, and CSU information Security Policies and Standards.
The incumbent will serve as one of the campus representatives on the CSU Information Security Advisory Committee since it is mostly governance and compliance, and serve as a committee member of the CSU Technology Users Group.
The incumbent will work closely with campus administrators and executive officers on the coordination for securing access and the collection, preservation, and processing of digital assets in response to internal incidents and legal requests.
The incumbent will perform other duties as assigned.
Employment Status: Full-time, 'exempt', probationary position (with the possibility of converting to permanent).
First Review Deadline: This position will remain open until filled. Applicants will be reviewed beginning June 30, 2021.
Generally, Monday through Friday from 8:00 am to 5:00 pm. Some weekends and evenings may be required.
Extensive and in-depth knowledge of and ability to apply expertise in the advanced theories, principles, methods, and practices associated with the functional specialty, program, and/or organizational unit, including applicable internal policies and procedures and pertinent laws and regulations.
Laws and regulations are highly complex and require substantial judgment and discretion in interpreting and applying them to the specialty or program area.
Incumbents at this level often may have certification in a specialty area.
Substantial and broad knowledge of public and private entities including their organizational and operating structures, internal systems, and functional areas, as well as the impact of critical external entities on an organization.
Ability to integrate and apply this knowledge to anticipate problems and assess the impact of proposed solutions on various organizational areas.
Extensive and in-depth knowledge in project management including research and analytical methodologies.
Ability to interpret and integrate complex data and information to formulate appropriate courses of action which have a broad and far-reaching impact.
Ability to understand and analyze complex problems from a future-oriented and broad interactive perspective and readily develop proactive solutions that integrate strategic goals into tactical operations.
Ability to effectively use applicable information systems and applications in analysis, research, and reporting activities and projects.
Ability to effectively communicate with and influence high-level and diverse contacts inside and outside of the CSU system.
Ability to effectively use all communication methods and formats and to use expertise, as well as persuasion and negotiation skills, to build consensus to achieve short and long-term goals and objectives.
Education and Experience
Bachelor's degree and/or the equivalent training and administrative work experience involving study, analysis, and/or evaluation leading to the development or improvement of administrative policies, procedures, practices, or programs, PLUS four (4) to six (6) years of related experience.
Demonstrated experience in working with a team and promoting a collaborative, pleasant working environment across the campus.
Strong oral and written communication skills.
Demonstrate knowledge in project management including research and analytical methodologies.
Anticipated Hiring Range: $5,908- $6,347 monthly
Classification Range: $5,908- $11,481 monthly
Statement of Commitment to Diversity
In our commitment to furthering knowledge and fulfilling our educational mission, California State University, San Bernardino seeks a campus climate that welcomes, celebrates, and promotes respect for the entire variety of human experience. In our commitment to diversity, we welcome people from all backgrounds, and we seek to include knowledge and values from many cultures in the curriculum and extra-curricular life of the campus community. Our commitment to work toward an environment that values diversity requires that we create, promote, and maintain activities and programs that further our understanding of individual and group diversity. We will also develop and communicate policies and promote values that discourage intolerance and discrimination.
The concept and dimensions of diversity are to be advanced and incorporated into every aspect of university activity, including student life, the curriculum, teaching, programs, staffing, personnel training practices, research, community services, events, and all other areas of university endeavor.
Dimensions of diversity shall include but are not limited to, the following: race, ethnicity, religious belief, sexual orientation, sex, gender identity, gender expression, ability, socioeconomic status, cultural orientation, national origin, and age.
The implementation of the Commitment to Diversity will rest with the university. The president, in addition to a personal commitment and involvement, may use the University Diversity Committee, campus administrators, faculty, staff, and students as well as other members of the campus community to effectively implement the philosophy and intent of this statement.
A background check (including a criminal records check) must be completed satisfactorily before any candidate can be offered a position with the CSU. Failure to satisfactorily complete the background check may affect the application status of applicants or the continued employment of current CSU employees who apply for the position.
The person holding this position is considered a `mandated reporter' under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements outlined in CSU Executive Order 1083 as a condition of employment.
California State University, San Bernardino is an Affirmative Action/Equal Opportunity Employer. We consider qualified applicants for employment without regard to race, religion, color, national origin, ancestry, age, sex, gender, gender identity, gender expression, sexual orientation, genetic information, medical condition, disability, marital status, or protected veteran status.
This position may be 'Designated' under California State University's Conflict of Interest Code. This would require the filing of a Statement of Economic Interest on an annual basis and the completion of training within 6 months of assuming office and every 2 years thereafter. Visit the Human Resources Conflict of Interest webpage link for additional information: http://hrd.csusb.edu/conflictInterest.html
This position adheres to CSU policies against Sex Discrimination, Sexual Harassment, and Sexual Violence, including Domestic Violence, Dating Violence, and Stalking. This requires completion of Sexual Violence Prevention Training within 6 months of assuming employment and on a two-year basis thereafter. (Executive Order 1096)
California State University, San Bernardino offers a challenging and innovative academic environment. The university seeks to provide a supportive and welcoming social and physical setting where students, faculty and staff feel they belong and can excel. The university provides students the opportunity to engage in the life of the campus, interact with others of diverse backgrounds and cultures, as well as participate in activities that encourage growth, curiosity and scholarly fulfillment. Through its branch campus in Palm Desert, the university mission extends to the Coachella Valley.