Compliance, Policy and Audit

  • Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
  • Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the university’s information and technology systems.
  • Work with internal audit, State Board of Regents, Auditor General’s Office and outside consultants as appropriate on required security assessments and audits.
  • Coordinate and track all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.
  • Work with university leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements.
  • Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI, ITAR, HIPAA, and FISMA.
  • Develop the list of interested parties related to information security
  • Develop the list of requirements from interested parties
  • Remain in continuous contact with authorities and special interest groups
  • Coordinate all efforts related to personal data protection

Source :
https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
https://spaces.internet2.edu/display/2014infosecurityguide/CISO+Job+Description+Template