Position Classification Title: Privacy and IT Compliance Offc
Position Classification Code: M1093
Job Family: Information Technology
Pay Level: 13
Exempt Status: Exempt
This description is intended to describe the general nature of the work being performed. It is not intended to be a complete list of specific duties of any particular position. Duties, responsibilities and bargaining unit eligibility may vary based on the specific tasks assigned to the position.
Purpose of Classification:
Privacy and Information Technology Compliance Officer reports directly to the CIO, providing strategic direction, planning, risk analysis and IT policy, and associated support functions for NMSU IT systems. This position is responsible for leading university wide efforts including the development and implementation of policies, rules and procedures, educational outreach, technical consultation, and ongoing operations to ensure the confidentiality and integrity of the University's computing and networking resources.
Standard Duties:
Monitors compliance with federal and state privacy regulations, as well as general industry privacy standards for all entrusted data to NMSU including but not limited to restricted or sensitive information collected, used, and retained by the University. Responsible for University-wide risk assessment for information security and compliance. Monitor, develop, and implement university IT policies, rules and procedures for privacy regulations, information security, assurance, regulatory compliance, and risk management. Responsible for the support of university compliance efforts requiring IT involvement or Privacy Considerations, and for monitoring and verifying information technology internal controls for enterprise and other systems. Work with ICT technical Teams and various NMSU Officials to prioritize privacy, security initiatives and spending based on a risk management approach. Responsible for information privacy and data integrity monitoring and control. Responsible for verification of identity and access management policy compliance. Advises on IT security architecture. Responsible for risk assessments especially when relating to privacy, security of the systems, related data, and compliance as it relates to changes in legislation. In conjunction with other ICT directors, helps to develop and implement disaster recovery programs and ensure business continuity management. Oversees incident response planning as well as the investigation of security breaches, and assists with disciplinary and legal matters associated with such breaches as necessary. Oversees compliance and privacy related IT investigations, digital forensics, and eDiscovery. Works with outside consultants as appropriate for independent security audits. Serve as liaison with Audit Services. Performs miscellaneous job-related duties as assigned.
Knowledge, Skills and Abilities:
Knowledge and understanding of the Privacy and IT related laws, regulations and standards that govern information technology at a University. Knowledge and understanding of the academic and administrative functions of a major research university. Strong working knowledge of IT processes, internal controls and risk assessment. Knowledge of university related compliance requirements. Knowledge and understanding of information technology, information security, best practices, pertinent laws, current trends and developments in information technology.
Strong interpersonal, communication skills and the ability to work effectively with a wide range of constituencies in a diverse community. Understanding of the information technology environment of a research university.
Ability to foster a cooperative work environment. Ability to analyze complex problems, interpret operational needs, and develop integrated, creative solutions. Ability to prioritize among competing needs based on risk. Ability to provide guidance and leadership to professional personnel in area of expertise. Ability to understand the application of security technologies in computer and telecommunications and the needs of a complex higher education institution with multiple locations and large numbers of users. Ability to develop IT policies, rules, procedures, and strategic plans for the long-term benefit of the university with an emphasis on privacy and security to reduce risk to the university. Ability to provide effective leadership, management, and guidance. Ability to work collaboratively with functional areas across the university is essential
Minimum Qualifications:
   Education- Bachelor's degree in a related field.
   Experience- Five (5) years of experience directly related to the standard duties as outlined.
   Equivalency- None
   Departmental Requirements-
   Special Requirements-