Department: Educational and Community Supports
Appointment Type and Duration: Funding Contingent (Faculty, Research OAs), Ongoing
Salary: Commensurate with experience
Compensation Band: OS-OA08-Fiscal Year 2024-2025
FTE: 1.0
Application Review Begins
September 12, 2024; position open until filled
Special Instructions to Applicants
To be considered for this position, please submit a complete application. Complete applications must include the online application, a cover letter and resume that address how you meet the minimum and preferred qualifications, as well as professional competencies.
Department Summary
PBISApps, a multidisciplinary team within the Educational and Community Supports (ECS) research unit in the University of Oregon’s College of Education, is a leader in providing practical solutions for common education problems. We enable educators to use student behavioral data in schools all over the United States and in over 10 countries worldwide. Our work at PBISApps translates cutting-edge research into real-world solutions through an equity-focused educational service mission, sophisticated software and database architectures, and development tools used by an active and enthusiastic base of over 20,000 schools. Our solutions save educators time and keep them focused on supporting students. PBISApps has a continued commitment to using data-based decision-making to improve student outcomes and make systems more effective, efficient, and equitable. We offer a flexible, supportive family-friendly work environment focused on a work-life balance in a stimulating academic setting.
At ECS, our teams value the contribution that diversity brings to our work and culture. Understanding and learning from our differences gives us unique opportunities to improve our products and services.
Position Summary
As a member of the ECS IT Group, this position helps to deliver, secure, and support next-generation solutions that integrate disparate data sources into intuitive reporting engines, making teachers, staff, and school administrators more effective at addressing problems in the classroom, on the bus, and on the playground.
The IT Security Manager will be responsible for drafting and refining security policies and practices at ECS and ensuring that they comply with University, State, and Federal requirements. They will regularly interface with University Information Security Office personnel to actively improve ECS security practices, leverage University resources effectively, and assist University staff with any incidents or investigations that may impact ECS.
The position will also be responsible for day-to-day management of security operations including reviewing and assessing security implementations, understanding and evaluating potential risks, and recommending and guiding projects for overall security improvements. In addition, they will monitor for possible security incidents, investigate identified problems, and provide active leadership in incident response. They analyze, diagnose, and address issues as they arise before they become critical.
Additionally, the IT Security Manager will work to educate ECS staff on effective security practices. They will interface regularly with IT operational staff, software developers, researchers, and others to inform and improve the overall security posture of the organization.
The IT Security Manager will have strong analytical skills, clear communication skills, maintain strong attention to detail, and be a creative problem-solver.
The IT Security Manager is a member of the ECS IT Leadership Team and reports directly to the Director of Application Development. The position is eligible for fully remote or hybrid work.
Minimum Requirements
• Bachelor’s degree from an accredited college or university or equivalent skills and experience.
• Five years of experience working in an IT position with significant information security responsibilities; this may include responsibilities as a security manager, professional or as an IT administrator (e.g. network, systems, application, or cloud administrator) with significant experience implementing or supporting security controls. An advanced degree (Master's) may be substituted for one year of experience.
• Expertise in two or more of the following IT Security domains: Data Security, Digital Forensics, Incident Response and Analysis, IT Systems and Operations, Network Security, Systems and Applications Security, Vulnerability Management, Penetration Testing, or Cloud Security.
Professional Competencies
• Ability to work effectively with students, faculty, staff, and others of diverse backgrounds.
• Ability to problem solve.
• Strong analytical abilities.
• Excellent communication skills, including the ability to explain technical concepts to audiences with a wide range of technical skills.
• Ability to work independently as well as in a team-oriented, collaborative environment.
Preferred Qualifications
• Bachelor’s degree in Computer Science, Information Technology/Systems, Information Security or relevant field.
• Demonstrated familiarity working with a Security and Information Event Management product.
• Demonstrated experience developing and implementing operational security policies and procedures.
• Demonstrated familiarity with information security event triage.
• Demonstrated familiarity with enterprise information security forensic tools.
• Experience performing vulnerability scans in a professional environment.
• Three years of experience in an academic campus IT environment.
• Experience performing malware analysis.
• Working knowledge of laws, regulations and standards affecting information technology security in a higher education environment, including, but not limited to, PCI-DSS, HIPAA, HEOA, FERPA, DMCA and GDPR.
• Understanding of the NIST Cybersecurity Framework, especially the NIST 800-171 standards and controls.
• Certification in or progress toward an information security management discipline (e.g. CISM, CASP, CISSP, S-ISME, NCSC, GSTRT, EXIN ISM, S-CISO or CCISO).
FLSA Exempt: Yes
All offers of employment are contingent upon successful completion of a background check.
The University of Oregon is proud to offer a robust benefits package to eligible employees, including health insurance, retirement plans, and paid time off. For more information about benefits, visit https://hr.uoregon.edu/about-benefits.
The University of Oregon is an equal opportunity, affirmative action institution committed to cultural diversity and compliance with the ADA. The University encourages all qualified individuals to apply and does not discriminate on the basis of any protected status, including veteran and disability status. The University is committed to providing reasonable accommodations to applicants and employees with disabilities. To request an accommodation in connection with the application process, please contact us at uocareers@uoregon.edu or 541-346-5112.
UO prohibits discrimination on the basis of race, color, religion, national origin, sex, sexual orientation, gender identity, gender expression, pregnancy (including pregnancy-related conditions), age, physical or mental disability, genetic information (including family medical history), ancestry, familial status, citizenship, service in the uniformed services (as defined in federal and state law), veteran status, expunged juvenile record, and/or the use of leave protected by state or federal law in all programs, activities and employment practices as required by Title IX, other applicable laws, and policies. Retaliation is prohibited by UO policy. Questions may be referred to the Office of Investigations and Civil Rights Compliance. Contact information, related policies, and complaint procedures are listed here.
In compliance with federal law, the University of Oregon prepares an annual report on campus security and fire safety programs and services. The Annual Campus Security and Fire Safety Report is available online at https://clery.uoregon.edu/annual-campus-security-and-fire-safety-report.