Advertised Summary Job Description: Reporting to the Director of Information Security & Risk Management, the Information Security & Risk Management Manager will conduct Information Security assessments of diverse IT projects that include but are not exclusive to: Information Systems, Platforms, IT Infrastructure, and Processes to ensure compliance with established Columbia University and applicable regulatory requirements. He/she will evaluate IT assets in terms of risk to the University and recommend controls to mitigate loss of data, confidentiality, integrity and availability. The ideal candidate must be able to work independently with minimal supervision as well as be capable at conducting simultaneous Information Security assessment assignments while reporting accurate and relevant risks to the appropriate constituents. Candidates should have prior hands on knowledge of multiple platforms (e.g., Cloud, Client Server, Database, Web technology, Network, Telecommunications, ERM Systems, etc.).
CHARACTERISTIC DUTIES AND ESSENTIAL RESPONSIBILITIES:
-Performs Information Security assessments and report control issues on IT assets and processes that do not meet established University requirements. -Evaluates the adequacy of security controls implemented during various stages of IT projects. -Evaluates the adequacy of security control requirements associated with existing IT assets as well as of new IT product/system acquisitions. -Evaluates the adequacy of security control requirements associated with acquisition and use of third-party IT resources. -Performs technical testing of controls (as applicable) for assurance and validation of IT asset compliance. - Recommends solutions to mitigate risks under the established University risk management strategies. -Assists constituents with remediation planning and ensure identified control issues have been appropriately managed. -Enhances internal processes for the Information Security risk management program, as applicable. -Creates risk metrics for senior management reporting. - Performs other duties as assigned by the Director of Information Security and Risk Management. - Weekend and off-hour work may be necessary on occasion. -All other duties as assigned.
General Minimum Qualifications: -Bachelor's degree and/or its equivalent required. Advanced degree desirable. -Minimum 5-7 years' related experience.
Additional Specific Minimum Qualifications: -5+ years' of experience in Information Technology risk analysis or information security practices or IT auditing. -Working knowledge of multiple platforms (e.g., Cloud, Client Server, Database, Web technology, Network, Telecommunications, ERM Systems, etc.). -Must demonstrate a clear understanding of the risk and security controls inherent in various technologies and related security best practices. -Excellent written and verbal communication skills. -Demonstrated ability to work in a fast-paced, deadline driven environment. -Demonstrated excellence in a variety of competencies including teamwork/collaboration, analytical thinking, communication and influencing skills, and technical expertise. -Ability to work with changing priorities and with multiple projects. -Ability to be precise and attentive to detail is essential. -Ability to work with minimal supervision. -Ability to work weekend and off-hour work on occasion.
Preferred Qualifications: -Accreditation in CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), or CISSP (Certified Information Systems Security Professional).
As a member of the National Collegiate Athletic Association (NCAA) and the Council of Ivy Group Presidents (Ivy League), it is imperative that members of the Columbia University community, in all matters related to the intercollegiate athletics program, exhibit the highest professional standards and ethical behavior with regard to adherence to NCAA, Conference, University, and Department of Intercollegiate Athletics and Physical Education rules and regulations.
Columbia University is an Equal Opportunity/Affirmative Action employer.
Internal Number: 126_172718
About Columbia University
Columbia University is one of the world's most important centers of research and at the same time a distinctive and distinguished learning environment for undergraduates and graduate students in many scholarly and professional fields. The University recognizes the importance of its location in New York City and seeks to link its research and teaching to the vast resources of a great metropolis. It seeks to attract a diverse and international faculty and student body, to support research and teaching on global issues, and to create academic relationships with many countries and regions. It expects all areas of the university to advance knowledge and learning at the highest level and to convey the products of its efforts to the world.