NMSU Logo
NEW MEXICO STATE UNIVERSITY
HUMAN RESOURCES SERVICES

POSITION CLASSIFICATION DESCRIPTION


Position Classification Title: IT Compliance Officer
Position Classification Code: M1093
Job Family: Information Technology
Pay Level: 12
Exempt Status: Exempt
This description is intended to describe the general nature of the work being performed. It is not intended to be a complete list of specific duties of any particular position. Duties, responsibilities and bargaining unit eligibility may vary based on the specific tasks assigned to the position.
Purpose of Classification:
The Information Technology Compliance Officer reports directly to the CIO, providing strategic direction, planning, risk analysis and IT policy, and associated support functions for NMSU IT systems. This position is responsible for leading university wide efforts including the development and implementation of policies and procedures, educational outreach, technical consultation, and ongoing operations to ensure the confidentiality and integrity of the University's computing and networking resources.
Standard Duties:
Responsible for University-wide risk assessment for information security and compliance. Monitor, develop, and implement university IT policies and procedures, information security, assurance, regulatory compliance, and risk management. Responsible for the support of university compliance efforts requiring IT involvement, and for information technology internal controls for enterprise and other systems. Work with others to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Responsible for information privacy and data integrity monitoring and control. Responsible for identity and access management policy and compliance. Advises on IT security architecture. Responsible for risk assessments especially when relating to security of the systems, related data, and compliance as it relates to changes in legislation. May develop and implement disaster recovery programs and ensure business continuity management. Oversees incident response planning as well as the investigation of security breaches, and assists with disciplinary and legal matters associated with such breaches as necessary. Oversees IT investigations, digital forensics, and eDiscovery. Works with outside consultants as appropriate for independent security audits. Serve as liaison with Audit Services.Performs miscellaneous job-related duties as assigned.
Knowledge, Skills and Abilities:
Knowledge and understanding of the academic and administrative functions of a major research university. Strong working knowledge of IT processes, internal controls and risk assessment. Knowledge of university related compliance requirements. Knowledge and understanding of information technology, information security, best practices, pertinent laws, current trends and developments in information technology.
Strong interpersonal and communication skills and the ability to work effectively with a wide range of constituencies in a diverse community. Understanding of the information technology environment of a research university.
Ability to foster a cooperative work environment. Ability to analyze complex problems, interpret operational needs, and develop integrated, creative solutions. Ability to prioritize among competing needs based on risk. Ability to provide guidance and leadership to professional personnel in area of expertise. Ability to understand the application of security technologies in computer and telecommunications and the needs of a complex higher education institution with multiple locations and large numbers of users. Ability to develop IT policies and strategic plans for the long-term benefit of the university with an emphasis on security. Ability to provide effective leadership, management, and guidance. Ability to work collaboratively with functional areas across the university is essential.
Minimum Qualifications:
   Education- Bachelor's degree in a related field.
   Experience- Five (5) years of experience directly related to the standard duties as outlined.
   Equivalency- None
   Certifications/License-
   Departmental Requirements-
   Special Requirements-