|
University of Houston Job Description |
| Mgr, Security & Disaster Recov | |||||||||||||
|
|||||||||||||
| This position may be security sensitive requiring a criminal history investigation of the final candidate. | |||||||||||||
| Summary | |||||||||||||
| Serves as the Information Security Officer for the University of Houston as prescribed by state policy. Plans, coordinates and implements security measures to safeguard information resources. Reviews violations of computer security procedures and coordinates with appropriate authorities to avoid repeat violations. Develops and coordinates the implementation and testing of plans to continue or restore data processing activities in case of disaster. Coordinates with users to establish priority activities according to the importance of business. | |||||||||||||
| Job Duties | |||||||||||||
| 1. Serves as Information Security Officer for the University of Houston as prescribed by state policy. Directs and oversees the University's information resource protection programs in accordance with state policies, procedures and guidelines.
2. Develops, implements and maintains the university's risk management and disaster recovery programs for Information Technology, including managing the periodic testing of the disaster recovery plan designed to protect against the potential effects of disaster. 3. Identifies vulnerabilities that may cause inappropriate or accidental access, disclosure, modification or destruction of information; establishes security controls to eliminate or minimize their potential effects. 4. Ensures the university critical or sensitive information resources are identified, all information resources are assigned ownership, and that the duties of owners are prescribed. 5. Serves as the university's internal and external point of contact for information security matters, and keeps management aware of legal and regulatory changes affecting information security, privacy and computer crime. 6. Manages the development, implementation and testing of security controls and methods; directs efforts for including sageguards in the development or acquisition of automated information systems. 7. Ensures user lists are current and auditable; oversees procedures for password control; reports to management on university's security posture, including problem areas and recommended improvements. 8. Ensures proper backup procedures are established and followed; establishes procedures to monitor and ensure compliance with established security and risk management policies and procedures. 9. Coordinates with Internal Audit to define their role in automated information systems planning, development, implementation, operations and modifications relative to information security and risk management. 10. Coordinates with programming and technical managers on matters related to the planning, development, implementation or modification of information security and security risk management policies and procedures. 11. Establishes training programs to ensure that staff are educated and aware of their roles and responsibilities in regards to information security and risk management. 12. Performs other job-related duties as assigned. |
|||||||||||||
| Job Requirements | |||||||||||||
| Education | |||||||||||||
| Requires a thorough understanding of both theoretical and practical aspects of an analytical, technical or professional discipline; or the basic knowledge of more than one professional discipline. Knowledge of the discipline is normally obtained through a formal, directly job-related 4 year degree from a college or university or an equivalent in-depth specialized training program that is directly related to the type of work being performed. | |||||||||||||
| Experience | |||||||||||||
| Requires a minimum of five (5) years of directly job-related experience. | |||||||||||||
| Certification/Licensing | |||||||||||||
| Requires professional licensing, certification or registration directly related to the job, as specified on the job posting details. | |||||||||||||
| Work Complexity | |||||||||||||
| Requires a broad knowledge of principles and practices within a professional field. Work is very nonstandardized and widely varied, involving many complex and significant variables. | |||||||||||||
| Change in Knowledge | |||||||||||||
| The knowledge and/or technology used in the job changes frequently, requiring frequent study and training. Job may require recertification or continuing education. | |||||||||||||
| Problem Solving | |||||||||||||
| Requires in-depth analysis to interpret and evaluate obscure/vague information in the development of new solutions for complex technical and/or managerial problems. Exercises discretion and independent judgment in comparing and recommending numerous solutions. Problems may be atypical within the unit. Analytical ability and inductive thinking are required in extensively adapting policies, procedures and methods to fit unusual or complex situation. | |||||||||||||
| Impact of Decisions | |||||||||||||
| Inside Department | Major. | ||||||||||||
| Outside Department | Major. | ||||||||||||
| Outside University | Moderate. | ||||||||||||
| Judgment | |||||||||||||
| Activities and decisions are varied in nature, requiring the solving of both common and unusual problems. The job's manager is consulted for clarification of policies only where needed. | |||||||||||||
| Supervision | |||||||||||||
| Involves scheduling, supervision and evaluation of work as a manager or equivalent. Acts as focal point for recommending hiring/termination decisions, performance management, salary increases and disciplinary actions and/or budget management. Responsibility of this job can include a large functional department or a smaller diverse area. | |||||||||||||
| Customer Service | |||||||||||||
| Internal Service | Evaluates/recommends modifications to services or processes | ||||||||||||
| External Service | Acts as the customer's primary point of contact | ||||||||||||
| Environmental Conditions | |||||||||||||
| Working conditions | Work is normally performed in a typical interior work environment which does not subject the employee to any unpleasant elements. | ||||||||||||
| Physical Effort | Position is physically comfortable; individual has discretion about walking, standing, etc. | ||||||||||||
| Physical Risk | Work environment involves minimal exposure to physical risks. | ||||||||||||
| The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. | |||||||||||||
| Last updated: 09-23-1998 | |||||||||||||