Rutgers, The State University of New Jersey, is seeking an Information Security Risk Manager for OIT-IT Health Services. This position reports to the Information Security Officer, The Information Security (IS) Risk Manager is responsible for managing the IT Risk Management Program, conducting IS Risk Assessments, security evaluation activities, and preparing remediation reports.
Among the key duties of this position are the following:
Responsible for identifying, documenting and improving the security controls of across a range of diverse applications, systems, network configurations and processes to effectively reduce the level of IT risk.
Responsible for the development of IT security standards and best practices
Leads and manages GRC tools, which includes recommending potential IT security controls and design solutions.
Manages, conducts and documents various risk assessment procedures
Monitors risk and ensure proper documentation with pertinent regulatory requirements is produced, maintained and updated by the responsible parties.
Analyzes and benchmark IT security practices of similar institutions and monitor the legal and regulatory environment that require changes to IT security practices
Minimum Education and Experience:
A Bachelor's degree is required, preferably in Computer Science, Information Systems, Management Information Systems or a related field.
Also, a minimum of five (5) years of experience in Information Security.
Required Knowledge, Skills, and Abilities:
Knowledge of HIPAA, regulations and frameworks such as NIST, ISO27001-2 and working knowledge in performing information security assessments.
Possess excellent interpersonal, technical, communication and influencing skills, with the ability to collaborate effectively across a variety of disciplines and levels inside and outside the organization.
Ability to effectively analyze, document and communicate information security technical concepts to different users bases, including students, faculty, staff and systems technical personnel.
CISSP, CISM certification desired
Seven years working experience in medium to large companies specifically managing IT security projects.
Minimum of Five (5) years of experience performing Information Security assessments with pertinent regulatory requirements.
Demonstrate knowledge and understanding multiple frameworks such ISO 27001 HITRUST.
Extensive knowledge of information technology security architectures and design solutions.
Extensive knowledge of security standards, procedures and policies pertaining to data access and information systems.
Excellent working knowledge of general audit principles, security administration processes and frameworks, metrics collection and reporting.
Knowledge of network, web technology, encryption, virtual private networks, internal, extranet, security, cloud, computing (firewalls, remote access) and security management.
Posting Number: 19ST3210
Location: Rutgers University-Newark
Internal Number: 95348
About Rutgers University
Rutgers, The State University of New Jersey, is a leading national public research university and the state's preeminent, comprehensive public institution of higher education. Rutgers is dedicated to teaching that meets the highest standards of excellence; to conducting research that breaks new ground; and to turning knowledge into solutions for local, national, and global communities. As it was at our founding in 1766, the heart of our mission is preparing students to become productive members of society and good citizens of the world. Rutgers teaches across the full educational spectrum: preschool to precollege; undergraduate to graduate and postdoctoral; and continuing education for professional and personal advancement. Rutgers is New Jersey's land-grant institution and one of the nation's foremost research universities, and as such, we educate, make discoveries, serve as an engine of economic growth, and generate ideas for improving people's lives.