At the University of Minnesota, we are dedicated to changing lives through education, research, and outreach. The University Information Security department (UIS) offers an environment of trust, collaboration, and mission-focused work. We seek an individual who will be responsible for increasing the University community’s knowledge of their information security responsibilities by maintaining the University’s robust information security policies and by expanding our information security awareness and education efforts.
We Offer:
University paid contribution (10% of your salary) to your retirement account - vested immediately.
22 paid vacation days per year, in addition to sick leave and 11 paid holidays.
Reduced tuition opportunities covering 75% - 100% of eligible tuition.
Excellent and affordable health care benefits.
Wellness program with the opportunity to earn lower health care rates.
Free disability insurance.
Annual merit increase program.
Job Responsibilities:
Research best practices, identify gaps and areas for improvement, and develop and maintain the University’s information security policies.
Lead security awareness and education efforts through the development of content for educational programs and tracking of participation in security education.
Collaborate with the Office of General Counsel, Privacy Officers, Diversity Community of Practice, and the broad University community on policy updates and comprehensive review of our information security policies.
Work closely with the University policy office to ensure University policy requirements are met.
Provide consultation with University community members to improve their knowledge of information security policy.
Maintain the University’s GRC solution with updates to the information security policies and standards.
Maintain strong knowledge of security-related regulations and standards (e.g. HIPAA, PCI DSS, and NIST) and security control structures (e.g. ISO 27001/27002).
Work closely with IT Communications and subject matter experts to maintain the Information Security web content and manage information security awareness content within a learning management system (LMS).
Required Qualifications:
Bachelor’s degree and 2 years of relevant work experience or a comparable combination of education, training, and experience.
Minimum of 2 years of demonstrated experience in one or more of the following:
Regulatory compliance
Policy development
Risk assessment or information technology audit
Technical writing and documentation, including writing for a less technical audience
Experience with training and/or awareness program
Strong analytical and problem-solving skills.
Excellent communication (oral, written, presentation), interpersonal, and consultative skills.
Preferred Qualification:
Demonstrated experience in one or more of the following:
Information Security training and/or awareness program
Working with information security regulatory frameworks (eg. ISO 27001/27002, NIST)
Designing, recommending, and/or implementing information security controls
The University of Minnesota is an Equal Opportunity Educator and Employer.
The University of Minnesota, founded in the belief that all people are enriched by understanding, is dedicated to the advancement of learning and the search for truth; to the sharing of this knowledge through education for a diverse community; and to the application of this knowledge to benefit the people of the state, the nation, and the world.