The University of Rochester (UR) is recruiting an experienced leader to oversee University information security and policy in a distributed campus environment. The position reports to the Vice Provost/Chief Information Officer, along with other Directors on the University IT leadership team. With guidance from the CIO (VP/CIO), the Officer will grow the University-wide information security program, further develop security architecture guidelines and advance information security education for the institution. The successful candidate will work collaboratively with the University community to assure compliance with government, University, and other regulatory policies and laws related to information security and privacy. Responsibilities include assessing information systems and network security risk and developing strategies to reduce risk and allow for business continuity.

The Officer will manage the University's response to security threats and incidents and serve as the point of contact for internal and external communications related to information security. He/She will oversee the review of information security resources, assist with project prioritization to appropriately protect University assets and oversee security system and related implementations. In addition, the successful candidate will lead efforts to identify areas requiring policy development and recommend information security-related policies and standard practices for the enterprise.

• Leads the effort to monitor, assess, and report on risks and controls related to the University's information assets.
• Identifies information systems security requirements and practices to ensure the safety and security of the University's information assets.
• Coordinates the development of University information systems business continuity policies, plans, and procedures.
• Works with appropriate University offices to develop and administer programs to promote compliance with University information security policies and procedures.

• Provides leadership to the University's incident response program. Maintains a collaborative relationship with leaders across the University, including Medical Center information technology, Office of Counsel, University Audit and Campus Security to ensure appropriate information security incident prevention, detection and remediation.
• Oversees an information technology response team, which addresses information security related intrusions and other emergencies.
• Participates in assessment and acquisition of information security hardware and software. Assists in setting priorities for use of resources. Ensures the implementation of features and products to provide appropriate controls over University information systems and networks.
• Participates with University leadership in monitoring, assessing, and addressing violations of the institution's information technology policies.
• Acts as point of contact with internal and external organizations to respond to information security problems and intrusions as needed.

• Works with the VP/CIO and University administration to create and administer an information security education program for the entire University community. Serves as the University authority on emerging technologies related to information security.
• Ensures a high level of communication about information security issues among and across University constituencies. Organizes, convenes, and moderates committees and working groups related to the University's information security program. Provides advice, guidance, and assistance to University staff and faculty on information security matters. Where appropriate acts as the University point of contact for campus and healthcare partners, vendors, regulatory bodies, government agencies, press and other external groups for information security related efforts.

• Establishes goals and objectives in coordination with the VP/CIO and various University advisory councils
• Recommends University policies and procedures related to the use and management of data, information, and systems. Leads and collaborates with the University community to promote efficient and secure electronic commerce, services, and web technologies as they evolve.
• Demonstrates leadership in campus data integration activities, working across campus to promote secure data access and management.
• Works with the other IT Directors to leverage campus information access and services. Assists in defining strategy and implementing identity management initiatives.
• Works collaboratively with peer and University leadership to manage priorities, allocate resources efficiently, and promote organization-wide process and constituent focus.
• Supervises, coordinates and evaluates the work of information security management and staff.
• Prepares and manages departmental budgets in coordination with the VP/CIO and University IT Finance Team.
• Provides leadership and mentorship to a team that welcomes, encourages and supports individuals who desire to contribute and benefit from the various missions of the University by recruiting and including diverse perspectives in all aspects of the organization's operations.
• Benchmarks peers, keeps abreast of IT market trends related to information security and policy.
• Represents the University as an information technology leader as appropriate, at local, state, and national levels.

The position requires strong analytic skills and the ability to assess and express tradeoffs between extremes of tight control and open exchange as this applies to campus environments. It requires the ability to communicate effectively with diverse constituencies. The individual must be results-oriented and measure and document progress achieved.

Minimum requirements include:

• Excellent communication skills, demonstrated ability to successfully interface at all University levels, including executive or board level
• Strong commitment to customer service
• Demonstrated ability to develop information strategy for large, decentralized organizations and to make standards-based architecture recommendations and facilitate implementation
• Excellent management and general leadership skills, including coaching and facilitation
• High level of integrity and excellent judgment concerning security and privacy issues
• Ability to work with academic and business units to understand information security needs, make recommendations and document the business case for change where needed
• Ability to understand and implement cultural change related to technology with an awareness that developing strong security practices involves both technology and people
• Demonstrated team performance and change management skills
• Bachelor's degree in information systems or related disciplines. Master's degree in business, MIS or computer science preferred. Security certification is considered desirable.
• Ten years of progressive IT-related work experience in information systems with a focus on information security or related areas, preferably in a complex, higher education/not-for-profit IT environment
• Equivalent combinations of experience, training and/or education will be considered.

Candidates should send their resumes and reference list to University IT Director Search, University Information Technology, University of Rochester, PO Box 270020, Rochester, NY 14627-0020 or directorsearch@rochester.edu Our call for candidates is expected to continue through the end of May, 2008. Due to the large volume of expected interest in this position, phone inquiries cannot be accommodated. Interested candidates are encouraged to follow the mail/e-mail process described above.

The University of Rochester is an Equal Opportunity Employer. Women and minorities are encouraged to apply.