Manager of IT Governance, Risk, & Compliance

Posting Details

Working Title Manager of IT Governance, Risk, & Compliance

Position Number 01153A

Department INFORMATION TECHNOLOGY SERV-ACAD

Location Norfolk, VA

Type of Position Classified

Type of Job Full Time

EEO Category B Professionals

Job Description

To provide IT Compliance/Audit, Risk Management, Controls mapping and operational information security support, and to support the University Information Security Office Program to advance in principle, policy and practice. To provide awareness and training to ITS and departmental stakeholders who have responsibilities for systems and applications.

Type of Recruitment

Knowledge, skills and abilities

Comprehensive understanding of cloud computing security configurations, preferably with experience in AWS , GCP , and/or Microsoft Azure. Thorough understanding of IT security and privacy frameworks, standards and regulations, including ISO27001, NIST , HIPAA HITRUST , PCI – DSS , GLBA , DMCA , and export control laws. Considerable knowledge in cybersecurity in one or more roles, including security analyst, compliance and regulations, risk management or audit.

Strong analytical, organizational, and problem-solving skills. Proven written and oral communications skills. Strong project leadership skills with both legacy and emerging technologies to assess and manage business risk and enforce security controls. Proven project management, multitasking, and organizational skills. Demonstrated ability to integrate cybersecurity into business processes. High level of integrity and trustworthiness, with the confidence to represent the organization and security leadership professionally. Ability to work effectively with diverse teams and promote a positive enterprise-wide security culture. Ability to maintain credibility with the team and external stakeholders through sustained industry knowledge. Efficient self-starter requiring minimal supervision.

Special licenses, registration or certification

None.

Education or training

None.

Level and type of experience

Considerable experience with information security, risk analysis, audit, privacy, compliance or related fields.Considerable experience with security architecture and implementation of technical controls. Working management experience, including leading and developing technical teams.

Additional Considerations (supplemental knowledge, skills, abilities, education, experience, licensure, certification)

Basic understanding of service design, delivery concepts and control frameworks. Familiarity with IT Continuity of Operations and Disaster Recovery planning. Familiarity with security analysis tasks such as network security monitoring, incident investigation and handling, vulnerability scanning, penetration testing, and forensics. Forward thinking with strong business acumen and flexibility.

Some experience working in a higher-education information security, compliance or audit office.

Some experience with IT risk assessment and risk management processes such as OCTAVE , Binary Risk Management, or NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems. Security or Assurance certification such as CISSP , CRISC , CGEIT , CCSK .

Project Management ( PMP ) andor Service Management ( ITIL ) certification(s).

Conditions of Employment

This position is designated as sensitive. A fingerprint-based criminal history check will be required of the final candidate.

This is a remote position working a traditional 40-hour week.

This is an open until filled recruitment. This recruitment may close after the five-day required posting period when a suitable pool of applicants has been generated.

Annual Salary/Hourly Rate Salary commensurate with education and experience

Posting Detail Information

Job Requisition Number S02788

Job Open To General Public

Open Date 10/14/2024

Close Date 10/18/2024

Open Until Filled No

Special Instructions Summary

Complete the full application and include a resume.

Criminal Background Check The final candidate is required to complete a criminal history check.

College Home Page

Department Home Page

Equity Statement

It is the policy of Old Dominion University to provide equal employment, educational and social opportunities for all persons, without regard to race (or traits historically associated with race including hair texture, hair type, and protective hairstyles such as braids, locks, and twists), color, religion, sex or gender (including pregnancy, childbirth, or related medical conditions), national origin, gender identity or expression, age, veteran status, disability, political affiliation, sexual orientation or genetic information. Individuals from minoritized communities, women, veterans and individuals with disabilities are encouraged to apply.

Reasonable Accommodation Request

If you are an individual with a disability and require reasonable accommodation, please contact the Office of Institutional Equity & Diversity at (757) 683-3141.

Alternative Hiring Process

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth’s Alternative Hiring Process.

To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly called a Certificate of Disability) provided by the Department for Aging & Rehabilitative Services ( DARS ), or the Department for the Blind & Vision Impaired ( DBVI ). Service-Connected Veterans may also apply via the AHP if they also provide an AHP Letter.

To request an AHP Letter, use this link: https://www.dars.virginia.gov/drs/cpid/PWContact.aspx or call DARS at 800-552-5019, or DBVI at 800-622-2155.

Pay Transparency Nondiscrimination Provision

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or © consistent with contractor’s legal duty to furnish information.

Supplemental Questions

Required fields are indicated with an asterisk ().

Applicant Documents

Required Documents

Resume

Optional Documents

Yellow Layoff Form

Blue Layoff Card

AHP Letter