Information Security Program Manager
Be a part of an exciting and growing team at Oregon State
University! Located in Corvallis, Oregon, Oregon State is a
large public Land Grant university committed to excellence and
making a difference in Oregon and the world.
We are looking to fill the Information Security Program Manager
position in the Office of Information Security. This role
will assist the Chief Information Security Officer to develop and
implement a comprehensive information security program for Oregon
State University. The person filling this position will work
with researchers, administrators, students and faculty to help
craft programs, training and awareness initiatives and deliver on
security projects to address information security risks. We
are looking for a person who is excited about working with a
diverse community and is committed to the mission of Oregon State
40% Information Security Program
- Coordinate implementation of information security programs and
initiatives within the OSU community. Support major security
product implementation for University IT/Information Services and
OSU business units and stakeholders, support information security
awareness training and events, and support information security
- Facilitate information security discussions with people from
across the OSU community including University Information
Technology service providers, research faculty, business unit
leaders, as well as College and University administration and
leadership to determine program needs and discover service gaps and
- Provide consultative security expertise as required to OSU
business units for departmental projects such as cloud services,
instructional technology or research activities to aid in
successful protection of the confidentiality, integrity and
availability of OSU data and systems.
- Assist in developing a program and implementation plan to
achieve OSU Target Information Security Risk Profile.
- Manage the Cybersecurity Training and Awareness portfolio for
the Office of Information Security.
30% Institutional and Business Risk:
- Collaborate and coordinate with OSU business entities and
stakeholders to determine institutional and departmental
information security risks and needs. Define the risks found in a
large complex land grant research university environment, where
activities include the conduct of original research, development of
intellectual property, and delivery of innovative teaching and
learning delivery methods. Ensure the maintenance of sensitive
regulated data and information technology operations, such as
provisioning an award winning campus-wide WiFi network.
- Develop information security requirements and business cases
that address identified risks and gaps that meet institutional risk
appetite. Assist in determining budget and resource needs to
provide new capabilities. Develop non-material solutions as
appropriate to address risks and gaps.
25% Disaster Recovery and Business Continuity
- Support disaster recovery planning, and the development of
processes and procedures to ensure critical systems and data can
recover from information security events, such as ransomware
attacks, breaches and natural or man-made disasters.
5%—Other Duties as Assigned.
- A bachelor’s degree in a related field or 5 years of related
experience is required.
- Ability to facilitate cross-functional teams to determine risk
and coordinate information security initiatives.
- Strong communication and writing skills, independent problem
solving abilities, and the ability to be self-directing.
- Ability to perform project management and business analyst
- Ability to develop standards and guidelines based on best
practices and industry standards.
- Ability to travel to OSU locations across the state of Oregon
and occasional travel to regional and national conferences—travel
is 10% or less.
- A demonstrable commitment to promoting and enhancing
- This position is designated as a critical or security-sensitive
position; therefore, the incumbent must successfully complete a
Criminal History Check and be determined to be position qualified
as per OSU Standard 576-055-0000 et seq. Incumbents are required to
self-report convictions and those in Youth Programs may have
additional Criminal History Checks every 24 months.
- This position requires driving a university vehicle or a
personal vehicle on behalf of the university; therefore, the
incumbent must successfully complete a motor vehicle history check,
possess and maintain a current, valid driver’s license in their
state of residence, be determined to be position qualified and
self-report convictions as per University Policy 05-030.
- Advanced degree, preferably in computer science or related
- Experience with the National Institute of Standards and
Technology Cybersecurity Framework (NIST CSF).
- Information security experience in higher education or
- PMP or similar certification.
- CISSP, CISM, CRISC, or similar certification.
- Experience in planning disaster recovery or business continuity
- Experience in information security workforce development
- Working knowledge of common security standards and regulations
relating to a higher education environment.
- Knowledge of information security training and awareness
To apply for this position apply on the OSU Jobs
Location/Region: Corvallis, OR (97331)