Reporting to the Vice President of Information Technology, the Information Security Specialist is responsible for managing information security strategies, planning, and policies, and developing and maintaining data security programs for the College. The Information Security Specialist helps ensure protection of institutional data and assets, leads cybersecurity risk management practices, and assesses vulnerability status to continuously monitor and enhance the College’s information security protocols. The incumbent must have a strong understanding of data protection practices, related regulations, and security infrastructure, and will help ensure adherence to appropriate controls and regulatory compliance, as well as regularly conduct user training programs and awareness campaigns to promote a culture of information security and privacy aware environment.
Essential functions – 90 %
Develop and maintain a comprehensive information security and privacy standards and system security frameworks, and implement policies and processes to enhance controls and reduce risk across the College.
Working with VP of IT, develop responses to requests for information that include, but are not limited to, institutional audits, insurance renewals, and official agencies.
Assess and evaluate compliance against information security policies and standards, proactively identifying non-conforming areas, assessing risk, enforcing set policies, and providing risk response strategies as appropriate to balance compliance and innovation. Recommend and implement compliance measures that mitigate risks and maximize access to education.
Advise IT management in future state problems, challenges, and industry trends and regulations in cyber security controls and data protection, and work collaboratively to enhance capabilities and processes.
Monitor regulatory and legislative landscape, and recommend change requirements to maintain compliance. Stay current on industry trends around cyber risk and data protection practices. Assist IT management with compliance regulations that include, but are not limited to, FERPA, PCI, GLBA, GDPR, and PIPL.
Working closely with IT, help analyze and investigate known and emerging threats to determine risks, address risk response strategies, and recommend proactive cyber risk management programs that contribute to a secure and resilient infrastructure.
Prepare reporting and/or dashboards as appropriate on security compliance, cyber risks, and incident management. Document research and analysis encompassing historical trend, current state, and predictive analysis.
Create and deliver data security training programs to maximize protection for the College and to increase user awareness and knowledge about information security.
Regularly conduct information security awareness campaigns and training for faculty, staff, and students that include best practices on data privacy and security principles.
Create and maintain business continuity plans, and other applicable recovery plans. Help organize contingency plans and coordinate scheduling of periodic tests. Collaborate and coordinate the business continuity plans across College departments and maintain up-to-date plans.
Help assess role-based access, including physical/facilities control systems and access levels through periodic reviews, in addition to technical and administrative control measures.
Help assess equipment protection of College properties to ensure compliance to data protection and system security policies.
Support IT staff in the evaluation of solutions, development of procedures, and testing of data protection measures.
Non-essential functions – 10 %
Lead or participate in committees as assigned
Other duties as assigned
Bachelor’s Degree in Information Security, Cybersecurity, Computer Science, Information Systems, or a related field
Security Certification such as CISSP, CISM, CISA, and PCIP
5 years of information security experience in an enterprise setting
Strong knowledge of data protection regulations such as FERPA, PCI, GLBA, GDPR, and PIPL
Strong knowledge with security incident response practices
Strong knowledge of data security of ERP systems, and security practices and advancement of related auxiliary systems
Experience with compliance controls through control implementations and process design
Knowledge of vulnerability scans and penetration tests, and intrusion detection methodologies
Knowledge of firewalls, cryptography, identity and access management systems, directory services, SSO, and secure web and application development with strong understanding of security industry and best practices in network, application, database, and hardware platforms
Knowledge of application security and database technologies used to store enterprise information, directory services, and information systems auditing
Strong verbal and written communication skills in both business and technical subject areas with ability to effectively communicate complex information to diverse audiences
Strong research and analytical skills with proven ability to anticipate, measure, and plan for emerging risks to meet anticipated needs
Strong organizational and collaborative skills with ability to manage multiple projects, facilitate discussions, and recommend solutions
Experience with complex project or program management
Experience developing and conducting security campaigns and training programs
Ability to work outside of normal business hours
Ability to work independently as a self-starter
A commitment to DEIAB and culture, and the ability to establish and maintain effective working relationships within ArtCenter’s diverse communities
Experience in higher education
Cyber incident response management experience
Regulatory experience and/or background in compliance and controls
Art Center College of Design is an international center for art and design education located in the hills above the Rose Bowl in Pasadena, California. We are an independent, nonprofit, four-year college with an 80-year history of educating aspiring artists and designers in a variety of creative fields.
Art Center offers a full benefits package of medical, dental, vision, LTD and life insurance plans. There is a generous leave time benefit in addition to paid time off between Christmas and New Year’s Day. Additional benefits include a retirement savings plan, tuition remission, and flextime options.