Position Number: 003302
Department: Office of OneIT (Adm)
Employment Type: Permanent - Full-time
Months Per Year: 12
Essential Duties and Responsibilities:
The Information Security Compliance Manager must be able to direct and administer IS Compliance at UNC Charlotte campus-wide; serve as the University's PCI - DSS Compliance Officer, working with the Bursar's Office and OneIT Enterprise Infrastructure to ensure a secure PCI environment; conduct audits for compliance routinely and as appropriate; work closely with OneIT leadership and Legal Affairs for campus-wide policy proposals, management and compliance decisions; provide substantive professional advice on PCI - DSS and IS compliance issues and use independent judgment and discretion to make decisions that impact business needs and client productivity campus-wide; communicate articulately/effectively with a variety of staff at all levels of the University community; must be able to apply critical thinking and sound judgment to independently recognize and resolve IS compliance issues at UNC Charlotte; ability to be self-initiating in approaching work duties to independently review, evaluate and recognize matters of significance and implement actions accordingly to mitigate; must be familiar with a wide range of IT services provided at UNC Charlotte and able to anticipate potential IS compliance issues associated with each.
- Educate the university community on information security and privacy responsibilities.
- Lead university-wide IT security risk assessments.
- Serve as the university compliance officer with respect to PCI - DSS policies and regulations.
- Coordinate and manage the development of standards and guidelines to support information security compliance.
- Work with the CISO on high-severity security incidents and those involving compliance issues.
- Create and maintain the university's information security training and awareness campaigns.
- Assist the CISO with internal and state audits.
Minimum Experience / Education:
- Bachelor's degree plus;
- 3-5 years of relevant work experience; or the
- Equivalent combination of education and work experience.
Preferred Education Skills and Experience:
- Hands on information security related experience
- Experience working within a Higher Education environment
- Experience working within an enterprise security compliance program
- Knowledge of PCI - DSS , FERPA , HIPAA , ISO27002, CMMC and NIST standards