Job Title: Security Manager
Department: Telecommunications Services
Date: June 2006
Update: April 4, 2007
A. PURPOSE OF THE JOB:
The Information Technology Security Manager's role is to provide vision and leadership for developing and supporting security initiatives. The Information Technology Security Manager directs the planning and implementation of enterprise IT system, business operation, and facility defenses against security breaches and vulnerability issues. This individual is also responsible for administering audits of existing systems, while directing the administration of security policies, activities, and standards.
Participate as a member of the senior information technology management team in governance processes of the organization's security strategies.
Lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies.
Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders.
Develop, implement, maintain, and oversee enforcement of policies, procedures and associated plans for system security administration and user system access based on law, system policies, and industry-standard best practices.
Act as advocate and primary liaison for the university's security vision via regular written and in-person communications with the officers of the universities, department heads, and end users.
Work closely within the IT department on campus technology development to fully secure information, computer, network, and processing systems.
Manage the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
Coordinate with University Police and Safety the management and the administration of the facility's security systems and their corresponding equipment or software, including fire alarms, locks, intruder detection systems, sprinkler systems, and anti-theft measures.
Develop, track, and supervise the security services annual operating and capital budgets for purchasing, staffing, and operations.
Ensure that facilities, premises, and equipment adhere to all applicable laws, Texas A&M System polices, Department of Information Resources regulations and Texas Administrative Code.
Recommend and implement changes in security policies and practices in accordance with changes in local, TAMUS, State or federal law/policies/rules.
Creatively and independently provide resolution to security problems in a cost-effective manner.
Define and communicate university plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies.
Assess and communicate any and all security risks associated with any and all purchases or practices performed by TAMUCC.
Collaborate with IT leaders, privacy officer, and human resources to establish and maintain a system for ensuring that security and privacy policies are met.
Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
Where necessary, supervise recruitment, development, retention, and organization of security staff in accordance with TAMUCC budgetary objectives and personnel policies.
Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations.
s. Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.
1. Occasional and subordinate duties: Perform other duties as assigned.
C. KNOWLEDGE AND SKILLS:
Bachelor's degree in Computer Science, MIS, Business Administration or related area.
Master's or PhD?
. degree in Computer Science, MIS, or business administration.
Certification in CISSP.
d. At least 3 years experience as an information security professional for a state agency or large corporation.
Four (4) years experience managing and/or directing an IT and/or security operation.
Six (6) years experience working in the industry.
Ability to work with diverse populations.
Proven experience in planning, organizing, and developing IT security and facility security system technologies.
Experience in planning and executing security policies and standards development.
Excellent knowledge of technology environments, including information security, building security, and defense solutions.
In-depth knowledge of applicable laws and regulations as they relate to security.
Proven leadership ability.
Excellent written and oral communication skills.
Excellent interpersonal skills.
Strong negotiating skills, and
l. Must be able to lift 40 lbs.
D. FISCAL RESPONSIBILITY:
Incumbent has no direct fiscal responsibility but is required to evaluate systems and make recommendations to the Assistant Vice President for Technology.
E. APPLICATION OF KNOWLEDGE AND SKILLS:
The most creative aspects of the job relate duties include the development of security and technology related University Rules and Procedures and information technology security training designed for University staff, faculty, and students. The incumbent combines these efforts with other aspects of information security, such as campus wide system and network assessments, to develop a complete security framework that is being integrated into the University’s daily operations.
The most challenging part of fulfilling the duties of this position includes maintaining good communications and developing strong relationships with a wide variety of University staff and faculty. The incumbent must leverage these working relationships to help integrate information security throughout the University in a manner that strengthens departmental and University business continuity while minimizing the impact to day to day operations. These relationships are also utilized during the infrequent situations pertaining to potential or actual information security related incidents. To properly fulfill these duties the incumbent is required to maintain knowledge and training on a wide variety of system and network resources relating to security as well as day to day operations.
The incumbent has no direct supervision of University employees but must advise, mentor, and train these employees on the information security related issues.
G. EXTENT OF PUBLIC CONTACT:
The incumbent is required to interact with all members of the University community, Texas A&M University System personnel, and personnel in State regulatory agencies.
Within the University daily contact occurs with staff.
Weekly contact occurs with faculty, vendors and students.
Periodic contact occurs with senior administrative personnel.
4. Periodic contact occurs with a wide variety of non-university personnel to include a variety of vendors and personnel from other state agencies and schools.