Information Security and Data Privacy Officer

Job Description

Job Summary:

The Information Security and Data Privacy Officer leads technical and administrative initiatives related to information security and data privacy at the Harvard John A. Paulson School of Engineering and Applied Sciences (SEAS). The role’s broad responsibilities include securing the SEAS computing environment, responding to security threats, and serving as a trusted advisor to faculty, staff, researchers, and students. This position helps departments and project teams comply with enterprise information security and data privacy policies and regulations and recommends strategic solutions. The role is part of SEAS Computing and reports to the Director of Operations. Responsibilities include designing and operationalizing an information security and data privacy program to protect the school’s technical infrastructure and data and working closely with the SEAS Computing Operations and Applications Development teams to maintain secure infrastructure and applications. The role raises awareness and assists in providing training on information security and data privacy and provides consultation to members of the SEAS community to understand their responsibilities, needs, and recommend strategic solutions that comply with the Harvard University Information Security Policy. 

Job-Specific Responsibilities:

• Analyze and develop security posture metrics to inform the SEAS Chief Technology Officer and leadership of key information security and data privacy risks, trends, and priorities, and guide the design and implementation of programs to address them.
• Act as lead to advise on solutions that comply with applicable information security and data privacy policies and regulations for SEAS researcher security submissions (IRB, Data Safety and Data Agreements).
• Represent SEAS on university-wide information security and data privacy committees and working groups.
• Lead collaborative efforts within and across SEAS to identify data risks and recommend mitigation strategies for emerging security threats and vulnerabilities.
• In collaboration with other units such as the Harvard Libraries, act as an advisor to faculty and staff regarding secure options for records retention (referencing the Harvard General Records Schedule).
• Research and advocate for technologies and architectures that meet the school’s needs and align with university information security and data privacy policies.
• Oversee development and operationalizing of standard operating procedures related to technical infrastructure monitoring and alerting tools (Tenable, LogicMonitor, Splunk, CrowdStrike) to establish best practices for ensuring system health.
• Identify and maintain an inventory of SEAS sensitive data.
• Assess existing and proposed components of the SEAS Computing technical infrastructure for weaknesses such as applications, databases, networks, operating systems, cloud and on-prem IT infrastructure, and hardware.
• Lead the security incident response process for SEAS, working closely with the University PrivSec team and HUIT while communicating with impacted users.
• Present security requirements and guide minimum viable security specifications to SEAS Computing Operations and Application Development teams to ensure implementation of secure workflows and business processes that prevent unauthorized access, data modification, exfiltration, and loss, and ensure compliance with university information security and data privacy policies.
• Collaborate with University and SEAS partners to raise awareness, set standards, and establish information security and data privacy best practices.

Working Conditions:

Work is performed in an office environment.

Physical Requirements:

There are no significant physical requirements for this role.

Qualifications

Basic Qualifications:

Minimum of seven years’ post-secondary education or relevant work experience

Additional Qualifications and Skills:

• Demonstrated professionalism and works well within a team environment.
• Excellent verbal and written communication skills.
• Strong organizational skills and attention to detail.
• Demonstrated team performance skills, service mindset approach, and the ability to act as a trusted advisor.
• Knowledge of Microsoft Office Suite and/or Google Workspace.
• Deep understanding of applied cybersecurity and a familiarity with applied privacy.
• Familiarity with information security concepts, relevant tools, and standards.
• Knowledge of advanced information security principles.
• Demonstrated experience with systems and data query tools.
• Working knowledge of Linux and Windows system administration.
• Demonstrated proficiency in networking concepts.

Certificates and Licenses:

• Completion of Harvard IT Academy Information Security Foundations course (or external equivalent) preferred.
• IT Security Certification preferred, e.g. CISSP, CISA/CISM, and/or GIAC.

Additional Information

• Standard Hours/Schedule: 35 standard hours per week
• Visa Sponsorship Information: Harvard University is unable to provide visa sponsorship for this position.
• Pre-Employment Screening: Identity and Education
• Other Information:
  • Applicants should submit a cover letter and resume to be considered for this position

Work Format Details

This position has been determined by school or unit leaders that some of the duties and responsibilities can be effectively performed at a non-Harvard location. The work schedule and location will be set by the department at its discretion and based upon operational needs. When not working at a Harvard or Harvard-designated location, employees in hybrid positions must work in a Harvard registered state in compliance with the University’s Policy on Employment Outside of Massachusetts. Additional details will be discussed during the interview process. Certain visa types and funding sources may limit work location. Individuals must meet work location sponsorship requirements prior to employment.

Salary Grade and Ranges

This position is salary grade level 059. Please visit  Harvard's Salary Ranges  to view the corresponding salary range and related information. 

Benefits

Harvard offers a comprehensive benefits package that is designed to support a healthy work-life balance and your physical, mental and financial wellbeing. Because here, you are what matters. Our benefits include, but are not limited to: 

• Generous paid time off including parental leave 
• Medical, dental, and vision health insurance coverage starting on day one 
• Retirement plans with university contributions 
• Wellbeing and mental health resources 
• Support for families and caregivers 
• Professional development opportunities including tuition assistance and reimbursement 
• Commuter benefits, discounts and campus perks 

Learn more about these and additional benefits on our Benefits & Wellbeing Page. 

EEO/Non-Discrimination Commitment Statement

Harvard University is committed to equal opportunity and non-discrimination. We seek talent from all parts of society and the world, and we strive to ensure everyone at Harvard thrives. Our differences help our community advance Harvard's academic purposes.

Harvard has an equal employment opportunity policy that outlines our commitment to prohibiting discrimination on the basis of race, ethnicity, color, national origin, sex, sexual orientation, gender identity, veteran status, religion, disability, or any other characteristic protected by law or identified in the university's non-discrimination policy. Harvard's equal employment opportunity policy and non-discrimination policy help all community members participate fully in work and campus life free from harassment and discrimination.