- Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the university’s information and technology systems.
- Work with internal audit, State Board of Regents, Auditor General’s Office and outside consultants as appropriate on required security assessments and audits.
- Coordinate and track all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.
- Work with university leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements.
- Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI, ITAR, HIPAA, and FISMA.
- Develop the list of interested parties related to information security
- Develop the list of requirements from interested parties
- Remain in continuous contact with authorities and special interest groups
- Coordinate all efforts related to personal data protection