Job Title: Director, Risk & Compliance & Privacy
Location: Tallahassee, FL
Regular/Temporary: Regular
Full/Part Time: Full-Time
Job ID: 60169
Department
This position is within FSU's Department of Information Technology Services (ITS)
Responsibilities
The FSU Information Security and Privacy Office (ISPO) strives to establish and offer agile, effective, and efficient cybersecurity solutions to safeguard Florida State University data and information while providing confidence to students, faculty, staff, alums, benefactors, and partners that the University is protecting the confidentiality, integrity, and availability of FSU information technology resources and information. ISPO is charged with developing and administering the information security and privacy strategy to protect the University's information resources. ISPO consists of three main organizational areas that implement this strategy: Enterprise Security Architecture, Security Programs and Operations, and Privacy, Risk, and Compliance. Enterprise Security Architecture is responsible for establishing security architecture, designing defense-in depth, implementing standards based on NIST SP 800-53 Rev 4, establishing baseline configurations, providing security consulting, and managing security projects. Security Programs and Operations manages, performs, and monitors the Security Operations Center, email security, Intrusion Detection, and Prevention Systems, incident management, vulnerability management, investigations, forensics, malware, phishing, and security alerts. Privacy, Risk, and Compliance are responsible for oversight of privacy, including compliance with HIPAA, GDPR, FERPA, and other regulations, enterprise disaster recovery, NIST SP 800 .1 71 Rev 2 Research Compliance, audit remediation, security and privacy education, Payment Card Industry compliance, and an IT risk management program based on a modified SANS Top 20 approach, third party risk management, development and maintenance of a risk register and remediation efforts prioritized following a risk-based approach
Responsible for the operational management and administrative direction of risk management, compliance with state, federal and international laws, university policies, Board of Governors regulations, and university privacy functions. Directs and provides strategic planning oversight to the following operational units within the Information Security and Privacy Office: Risk Assessments and Mitigation, Privacy Assessments and Mitigation, Disaster Recovery, Cybersecurity, Privacy, Risk Management and Compliance Training, Research Grand Compliance, Internal and External Audit Coordination and Remediation, and Payment Card Industry Compliance. Provides guidance and regular reporting to the Chief Information Security Officer with the development and 2 implementation of a risk management, compliance and privacy program that leverages collaborations and campus-wide resources, facilitates governance, leadership on strategic direction and resource investments, and designs appropriate policies to manage risk management, compliance and privacy.
Aligns Risk Management, Compliance and Privacy to meet the University's academic and business needs, formulating and administering the annual operating organization budget, ensures appropriate expenditure of all funds allocated for department administration, integrating, and managing resources and technology. Provides oversight and technical expertise to develop, implement and maintain an Risk Management, Compliance and Privacy program to protect the confidentiality, integrity and availability of university resources and data in accordance with FSU policy, state, federal and international laws as applicable.
Provides leadership and direction in policy development, implementation, and maintenance of organizational Risk Management, Compliance, and Privacy policies and procedures in coordination with appropriate administrative or executive offices including the Office of General Counsel, Office of Compliance and Ethics, Office of Inspector General Services. Gathers direct input from operational units in developing appropriate policies and procedures. Researches, integrates, and recommends changes to reports, policies, charters, and other documentation supporting the Risk Management, Compliance and Privacy programs. Develops, implements and performs controls to manage risk and assess the strengths of the controls. Is the primary architect of roadmaps to improve risk profile for cybersecurity at the university.
Manages the Risk Management and Compliance programs partnering with university stakeholders to assess, identify and assist in the remediation of the potential risks that may hinder the reputation, safety, security, and financial prosperity of the university. Provides regular reporting of key performance indicators of the risk management program, audit remediation activities and risk scorecard for university units. Collaborates with internal stakeholders to identify, evaluate, mitigate and monitor the university's risks, building relationships across the university for the purposes of conducting interviews, performing risk assessments, contractual reviews, contractual negotiation, scenario analyses, and identifying and tracking risk responses, risk indicators, metrics, and dashboards. Clearly defines and articulates roles, responsibilities, and accountability for all stakeholders.
Partners across university units to direct, establish and coordinate delivery of information privacy training and orientation to employees, volunteers, medical and professional staff, contractors, alliances, business associates, and other appropriate third parties.
Researches and maintains current knowledge of applicable federal and state privacy laws and accreditation standards, and monitors advancements in information privacy technologies to ensure organizational adaptation and compliance. Regularly conveys knowledge and standards updates to information privacy operational units for appropriate application. Coordinates the development of an effective operational framework that involves staff providing information privacy services in academic and administrative units as appropriate.
Performs duties in compliance with ITS policies, guidelines, and processes pertaining to support requests, work orders, project management, change management, and incident management. Appropriately utilizes associated tools in accordance with ITS standards.
Qualifications
Master's degree and five years of experience related to technology services or a Bachelor's degree and seven years of related experience. Two years of experience must be in a supervisory role.
Preferred Qualifications
Juris Doctorate
University Information
One of the nation's elite research universities, Florida State University preserves, expands, and disseminates knowledge in the sciences, technology, arts, humanities, and professions, while embracing a philosophy of learning strongly rooted in the traditions of the liberal arts and critical thinking. Founded in 1851, Florida State University is the oldest continuous site of higher education in Florida. FSU is a community steeped in tradition that fosters research and encourages creativity. At FSU, there's the excitement of being part of a vibrant academic and professional community, surrounded by people whose ideas are shaping tomorrow's news.
Learn more about our university and campuses.
FSU Total Rewards
FSU offers a robust Total Rewards package. Visit our website to learn more about our Compensation, Benefits, Wellness, Recognition, and Employee Development programs.
Use our interactive tool to calculate Total Compensation options based on potential salary, benefits and retirement contributions, earned leave, and other employment-related perks.
How To Apply
If qualified and interested in a specific job opening as advertised, apply to Florida State University at . If you are a current FSU employee, apply via myFSU > Self Service.
Applicants are required to complete the online application with all applicable information. Applications must include all work history up to ten years, and education details even if attaching a resume.
Considerations
This is an A&P position.
This position requires successful completion of a criminal history background check .
This position is open until filled
Equal Employment Opportunity
FSU is an Equal Employment Opportunity Employer.