Supports Security Operations for the Ohio Technology Consortium (OH-TECH), in collaboration with the Chancellor of the Ohio Department of Higher Education (ODHE), in accordance with university policies, goals, and objectives; reporting to the Chief Information Security Officer. OH-TECH is looking for an Information Security Compliance Lead to manage policy and governance oversight activities, primarily through assessing the effectiveness of internal controls, risk management and governance for information systems in accordance with organizational objectives and regulatory requirements.
The Information Security Compliance Lead will: Review processes that support the information systems control framework; perform independent audits and multi-disciplinary review of complex and sensitive issues related to information systems across the university; perform information system audits, special investigations and consultations to management; and report findings and recommendations to leadership and the board.
The Information Security Compliance Lead provides consulting and expert guidance in organization wide efforts regarding security engineering, risk management, design, access and identity control, operational support and consultation; security operational services; set-up, verification, and audit of user access and authorizations; risk analysis and response; and input into the development of business continuity and disaster recovery procedures. Partners with stakeholders at the university or unit level to ensure systems and data are secured against a range of physical, electronic, cyber and other threats. Works with appropriate executive leaders, business partners and staff to plan and develop risk management solutions that satisfy the organization's strategic and business needs.
The Information Security Compliance Lead has an understanding of a full open source stack, the DevOps lifecycle, modern operating systems, as well as general networking knowledge. Works with the Security Team to develop best practices for the use of vulnerability management systems, automated security scanning tools, and risk assessment methodologies to identify the Threats to the organization and mitigate them.
The Information Security Compliance Lead provides security planning, assessment, risk analysis, and risk management support. Recommends solutions to develop security requirements, assess security gaps, and guide the organization in meeting the security posture requirements. Must apply existing knowledge of Information Assurance (IA) policy, procedures, and workforce structure to provide expert guidance to engineering in the design, development, and implementation of secure networking, computing, and datacenter environments.
Ideally, the Information Security Compliance Lead has experience leading and mentoring junior analysts and consultants. The Compliance Lead has an inquisitive nature, responsiveness, and excellent assessment skills. Possesses strong troubleshooting skills and the ability to work under pressure with multiple deadlines. Patience in working with non-technical end users is essential. Works in a fast paced, small business environment with our talented team.
The Information Security Compliance Lead is able to grasp new concepts, facilitate information exchanges for data gathering, and collaborate with diverse audiences. Must follow established processes where applicable and establish and execute defensible processes where none are prescribed.
Bachelor’s degree or an equivalent combination of education and experience. Experience in implementing system accreditation processes and Risk Management Frameworks (e.g. NIST-800 series, RMF, CSF, CIS-RAM, COBIT); Experience with DISA STIGs and SRGs, MITREATT&CK, vulnerability management systems, mitigation and compliance processes, and reviewing results from automated security scanning tools. One or more of the following certifications: CISSP, CISM, CISA, CRM, CRMP, PRM, FRM, CERA, CEH, GSEC.
Have a solid understanding of windows, Mac, and/or Linux operating systems; hosts, networks, security, secure application development concepts. Hands-on experience with Vulnerability Scanning Tools (e.g. Rapid7, Qualys, Nessus). Experience with Code Scanning Tools: DAST and/or SAST. Experience with firewalls, NAT, HTTP, DNS, IP and OSI Networks. Experience with core LAN/WAN network technologies. Experience leading and mentoring junior analysts and consultants.
Target Salary: $75,000.00 - $85,000.00 Annually
Job Category: Information Technology (IT)
Job Appointment (FTE%):
The Ohio State University is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation or identity, national origin, disability status, and protected veteran status.
The Ohio State University is a dynamic community of diverse resources, where opportunity thrives and where individuals transform themselves and the world. Founded in 1870, Ohio State is a world-class public research university and the leading comprehensive teaching and research institution in the state of Ohio. With more than 63,000 students (including 57,000 in Columbus), the Wexner Medical Center, 14 colleges, 80 centers and 175 majors, the university offers its students tremendous breadth and depth of opportunity in the liberal arts, the sciences and the professions.