The Office of the CIO (OCIO) comprises the IT Services (ITS) and Business Transformation Office (BTO). The unit is experiencing a period of exciting growth, and improvement of service delivery to UFV’s students, faculty, and staff. Reporting to the Chief Information Officer (CIO), the Information Security Architect plays a key role within the IT Services team and will be a major contributor to the unit’s growth.
The Information Security Architect is responsible for the establishment of and assessment against Information Security architecture policies, standards, and guidelines to ensure that systems are designed and built in a manner that minimizes security and compliance risk while ensuring UFV’s business needs are met.
This role will provide leadership and oversight of UFV’s Information Security Program that meets compliance with regulatory and policy requirements, aligning with and supporting the risk posture of the institution.
The Information Security Architect’s primary mandate is to protect the confidentiality, integrity, and availability of IT assets and data University wide. A large part of role requires contact with students, faculty, and staff, as well as external stakeholders.
Duties and Responsibilities
Enterprise Security Architecture:
- Technical Expertise
- Provide security architecture expertise in support of application and system development, infrastructure, and enterprise technology projects to ensure responsible risk management.
- Maintain industry expertise by tracking and understanding emerging security practices and standards
- Maintain awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensure senior management and staff are informed of any changes and updates in a timely manner.
- Serve as the senior information security resource for the University.
- Evaluate, recommend, and provide technical leadership for the implementation of security measures to protect information systems, networks, and data.
- Security Planning and Design
- Define, plan, and execute security related projects and initiatives following the information security roadmap, based upon ongoing research, and evaluation of next generation security, best practices, marketplace, and emerging threats.
- Identify required security controls and design elements for new technologies, processes, and tools that may be introduced to the UFV environment.
- Define requirements for detailed security standards and configuration baselines.
- Assess project requirements related to application, network, and infrastructure security, including assessment against UFV security policy and standards
- Direct UFV technical teams in the installation and use of Information Security software, such as firewalls, data encryption, access controls, etc.
- Execute a University wide assessment of enterprise risks, threats, security vulnerabilities, potential anomalous flows and interactions in order to develop security plans based on the University business strategies, objectives and activities.
- Present security concepts, technologies and plans to institutional stakeholders including senior leadership.
- Engage in ongoing communications with ITS teams, as well as academic and business units, to ensure University wide understanding of security goals, to solicit feedback, and to foster co-operation.
- Converse with, write reports for, and create/deliver presentations to all levels of colleagues and peer groups in ways that support problem solving and planning.
Risk Management/Reduction of Vulnerabilities:
- Conduct information security reviews of UFV’s education and business systems.
- Work with UFV’s privacy and legal offices to create and manage Privacy Impact Assessments (PIAs) as part of the review of projects for IT security risks, definition of security requirements, and evaluation of security risk and requirements for new solutions.
- Plan and perform security vulnerability scans, reviewing application and operating system access controls and analyzing physical access to the systems.
- Represent IT Services on UFV’s Emergency Operations Committee (EOC) during relevant information security and privacy events.
- Develop strategies to respond to and recover from a security breach.
- Advise the CIO on potential risks and recommend strategies to mitigate those risks.
Human Resource Management:
- Provide guidance, direction, and feedback to IT Security Analyst regarding work procedures and operational outcomes.
- Delegate responsibility and reallocate resources as needed to ensure that priorities are met for initiatives within area of responsibility and to ensure that organizational objectives and superior standards are achieved.