US
0 suggestions are available, use up and down arrow to navigate them
What job do you want?

Information Security Compliance Lead job in Columbus at The Ohio State University

Create Job Alert.

Get similar jobs sent to your email

List of Jobs

Apply to this job.
Think you're the perfect candidate?
Information Security Compliance Lead at The Ohio State University

Information Security Compliance Lead

The Ohio State University Columbus, OH (On Site) Full-Time
Screen reader users may encounter difficulty with this site. For assistance with applying, please contact [ Email address blocked ] - Click here to apply to Information Security Compliance Lead. If you have questions while submitting an application, please review these frequently asked questions.

Current Employees and Students:

If you are currently employed or enrolled as a student at The Ohio State University, please log in to Workday to use the internal application process.

Welcome to The Ohio State University's career site. We invite you to apply to positions of interest. In order to ensure your application is complete, you must complete the following:

* Ensure you have all necessary documents available when starting the application process. You can review the additional job description section on postings for documents that may be required.
* Prior to submitting your application, please review and update (if necessary) the information in your candidate profile as it will transfer to your application.

Job Title:

Information Security Compliance Lead

Department:

OHTECH | Shared Infrastructure

The Information Security Compliance Lead supports security operations for the Ohio Technology Consortium (OH-TECH), in collaboration with the Chancellor of the Ohio Department of Higher Education (ODHE), in accordance with university policies, goals and objectives, reporting to the Chief Information Security Officer.

This position will coordinate policy and governance activities, primarily through assessing the effectiveness of internal controls, risk management and governance for information systems in accordance with organizational objectives and regulatory requirements.

The Information Security Compliance Lead will: Review processes that support the information systems control framework; work with the OH-TECH Security Team to develop best practices for the use of vulnerability management systems, automated security scanning tools, data loss prevention and risk assessment methodologies; perform independent audits and multi-disciplinary review of complex and sensitive issues related to information systems across the organization; develop, document and implement organizational policies related to security and information technology; perform information system audits, data classification, special investigations and consultations to management; and report findings and recommendations to leadership. The Compliance Lead will provide consulting and expert guidance in organization-wide efforts regarding security engineering, risk management, design, access and identity control, operational support and consultation; security operational services; set-up, verification, and audit of user access and authorizations; risk analysis and response; and input into the development of business continuity and disaster recovery procedures. The Compliance Lead partners with stakeholders at the university or unit level to ensure systems and data are secured against a range of physical, electronic, cyber and other threats. The position will work with appropriate leaders, business partners and staff to plan and develop risk management solutions that satisfy the organization's strategic and business needs.

The Compliance Lead has an understanding of the DevOps lifecycle and modern operating systems, as well as general networking knowledge. Works with the Security Team to develop best practices for the use of vulnerability management systems, automated security scanning tools and risk assessment methodologies to identify the threats to the organization and mitigate them.

The Compliance Lead provides security planning, assessment, risk analysis and risk management support. The position will also recommend solutions to develop security requirements, assess security gaps and guide the organization in meeting the security posture requirements. Must apply existing knowledge of information assurance policy, procedures and workforce structure to provide expert guidance to engineering in the design, development and implementation of secure networking, computing and data center environments.

The Compliance Lead will manage OH-TECH's GRC (Governance, Risk, and Compliance) system, implementing control framework changes, tracking risk assessments and interfacing with The Ohio State University Digital Security and Trust for the risk exception process. The position will create business process documentation in conjunction with internal development and management teams and will train staff on risk management processes, including State of Ohio, Ohio State and internal processes.

Ideally, the Compliance Lead has experience leading and mentoring junior analysts and consultants. The candidate should have an analytical mindset, inquisitive nature, responsiveness and excellent assessment skills. Must also possess strong troubleshooting and problem-solving skills. Must have the ability to work under pressure with multiple deadlines. Patience in working with non-technical end users is essential. Will work in a fast-paced, small business environment with our talented team.

The Compliance Lead is able to grasp new concepts, facilitate information exchanges for data gathering, and collaborate with diverse audiences. Must follow established processes where applicable and establish and execute defensible processes where none are prescribed.

The Ohio Technology Consortium (OH-TECH) is the technology and information division of the Ohio Department of Higher Education (ODHE). OH-TECH provides high-tech solutions for Ohio's higher education institutions to catalyze innovation in the modern knowledge economy. It serves as the umbrella organization for Ohio's statewide technology infrastructure organizations: the Ohio Supercomputer Center, the Ohio Academic Resources Network (OARnet) and the Ohio Library and Information Network (OhioLINK).

Because The Ohio State University serves as OH-TECH's fiscal and legal agent, OH-TECH staff enjoy the same benefits as other Ohio State employees, including participation in the Ohio Public Employees Retirement System (OPERS), the Ohio State Health Plan and more.

Required:

* Bachelor's degree or an equivalent combination of education and experience.
* 4 years of experience in implementing system accreditation processes and Risk Management Frameworks (e.g. NIST-800 series, RMF, CSF, CIS-RAM, COBIT).
* Experience with DISA STIGs and SRGs, MITRE ATT&CK, vulnerability management systems, mitigation and compliance processes, and reviewing results from automated security scanning tools.
* One or more of the following certifications: CISSP, CISM, CISA, CRM, CRMP, PRM, FRM, CERA, CEH, GSEC.

Desired:

* Have a solid understanding of Windows, Mac and/or Linux operating systems; hosts, networks, security, secure application development concepts.
* Hands-on experience with vulnerability scanning tools (e.g. Rapid7, Qualys, Nessus). Experience with code scanning tools: DAST and/or SAST.
* Experience with firewalls, NAT, HTTP, DNS, IP and OSI Networks.
* Experience with core LAN/WAN network technologies.
* Experience leading and mentoring junior analysts and consultants.

Additional Information:

Location:

Kinnear Rd, 1224 (0374)

Position Type:

Regular

Scheduled Hours:

40

Shift:

First Shift

Final candidates are subject to successful completion of a background check. A drug screen or physical may be required during the post offer process.

Thank you for your interest in positions at The Ohio State University and Wexner Medical Center. Once you have applied, the most updated information on the status of your application can be found by visiting the Candidate Home section of this site. Please view your submitted applications by logging in and reviewing your status. For answers to additional questions please review the frequently asked questions.

The Ohio State University is an equal opportunity employer.

All qualified applicants will receive consideration for employment without regard to age, ancestry, color, disability, ethnicity, gender identity or expression, genetic information, HIV/AIDS status, military status, national origin, race, religion, sex, gender, sexual orientation, pregnancy, protected veteran status, or any other basis under the law.

Applicants are encouraged to complete and submit the Equal Employment Identification form.

Recommended Skills

  • Analytical
  • Auditing
  • Business Continuity And Disaster Recovery
  • Business Processes
  • Business Requirements
  • Certified Financial Risk Management
Apply to this job.
Think you're the perfect candidate?

Help us improve CareerBuilder by providing feedback about this job:

Job ID: 2417637394

CareerBuilder TIP

For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.

By applying to a job using CareerBuilder you are agreeing to comply with and be subject to the CareerBuilder Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.