Nelnet

  • Chief Security Officer

    Job Locations US-NE-Lincoln | US-NE-Omaha | US-CO-Highlands Ranch | US-WI-Madison
    Posted Date 1 week ago(12/5/2018 3:57 PM)
    Job ID
    2018-7459
    # of Openings
    1
    Category
    Executive
  • Overview

    The Chief Information Security Officer is the top information security executive in the company and will be responsible for protecting Nelnet's IT resources and information assets at both an enterprise and business segment specific level.  This is accomplished by (i) Ensuring strategic alignment of information security with the businesses objectives; (ii) Ensuring confidentiality, integrity and availability of Nelnet's IT systems; (iii) Developing and communicating a roadmap and strategy for evolving Nelnet’s security environment; (iv) Partnering with other shared services such as information technology and developing a one team mentality bringing security and technology together. (v)Understanding and communicating legal and regulatory requirements regarding information security to Nelnet and each of its subsidiaries as it impacts each business and the enterprise; (vi) Ensuring risks associated with information security are addressed; (vi) Being a contributing member to all Nelnet teams including business development, audit, legal, risk management, other shared services, and all business segments. 

    This position will report directly to the Chief Risk Officer and will oversee and coordinate information security efforts throughout the Nelnet organization.  Indirectly this position will report into the Board Risk and Finance Committee for oversight, Nelnet’s Board of Directors, and the Chief Operations Officer on a quarterly and as needed basis.

     

    This position requires work in support of the Company’s contract with the United States Department of Education (“ED”). As such, the United States Government requires that any applicant for this position must complete United States Government security clearance. Effective June 1, 2018, ED has informed Nelnet that security clearance applications for foreign nationals are not being accepted or processed. In light of this direction from ED, Nelnet will be unable to hire applicants without United States citizenship for such positions.

    Responsibilities

    • Responsible for assessing the needs of Nelnet at all levels and crafting both an enterprise strategy and segmented strategy for each of Nelnet’s unique components
    • Lead, managing, and facilitating the overall delivery and implementation of the information security vision, strategy, and program for Nelnet
    • Serve as an expert advisor to all Nelnet associates as needed including senior executive to peers, your management team, and employees on issues of information security and data protection
    • Proactively communicate and address information security issues with the IT leadership team
    • Maintain a strong understanding of the commercial (e.g., brand reputation), legal (e.g., Data Privacy), Federal (e.g., NIST), and industry standard / operational information security risks and issues associated with Nelnet and its subsidiaries as well as partners (e.g., third-party service providers, vendors)
    • Foster and grow a culture that considers information security in day to day operations
    • Collaborate with members of IT, business units, functional teams, field personnel, internal and external audit functions, regulatory bodies and third party service providers with regards to information security priorities and assessments
    • Accountable for the logical and physical security and integrity of all IT systems, networks and data
    • Conduct periodic information security risk assessments and prepare remediation plans for addressing any issues identified
    • Develop, publish and maintain policies, procedures, standards and supporting practices that address technical and operational information security requirements
    • Assist functional teams (e.g., Legal, Accounting) in maintaining policies and procedures that include information security-related requirements (e.g., privacy) 
    • Identify leading information security practices and innovative capabilities that achieve risk mitigation through the right balance of security measures and operational flexibility
    • Coordinate with Legal, HR, and other business unit representatives in developing technology solutions to support data classification standards and data protection requirements
    • Continue to develop the security operations center to detect, prevent and remediate information security issues and/or inappropriate uses of information technology resources
    • Consolidate, standardize, and improve upon the existing information security awareness training program that caters to all levels of the organization
    • Continue to develop a data loss prevention program to protect Nelnet's information assets
    • Oversee the evaluation and selection of information security tools / services and direct the implementation of these tools / services
    • Prepare periodic reporting to management and senior leadership on the information security program and supporting activities
    • Assist with Business Continuity and Disaster Recovery plans to meet business requirements
    • Assist in the response to incidents relating to information security including internal and external parties
    • Actively participate in the budgeting process to ensure adequate funding is available and business cases are developed to support information security activities / requirements
    • Research, interpret and communicate security-related rules, regulations and laws as they apply to Nelnet's use of IT
    • Oversee, review, and address all correspondence with external agencies on matters of data security
    • Represent Nelnet at information security related events and conferences
    • Identify protection goals, objectives and metrics consistent with corporate strategic plan
    • Manage and communicate global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security. Physical protection responsibilities will include asset protection, workplace violence prevention, access control systems, video surveillance, and more. Information protection responsibilities will include network security architecture, network access and monitoring policies, employee education and awareness, and more
    • Maintain relationships with local, state and federal law enforcement and other related government agencies
    • Work with outside consultants as appropriate for independent security audits

    Qualifications

    EDUCATION:

    • Degree in Business / Computer Sciences or relevant experience
    • CISSP, CISM, CISA or CPP

    EXPERIENCE:

    • Minimum of 10+ years of experience in a combination of risk management, information security and IT roles
    • Experience in program management, comfortable communicating at various levels of technical and non-technical management
    • Demonstrated leadership ability and potential
    • Strong oral/written communication, organization, and interpersonal skills and a demonstrated effectiveness in a customer facing role
    • Experience with design principles ensuring security, including broad knowledge of information security principles (e.g., dual control, authorization, authentication, access control, confidentiality, integrity etc.).
    • Energetic, self-starter with ability to influence and motivate matrixed teams
    • Experience with ISO, SOX, PCI and NIST regulations and laws
    • Knowledge of legal and regulatory issues
    • Knowledge of information security practices (e.g. ISO 27001)
    • Leadership experience in IT Security infrastructure design and operational excellence.
    • Ability to prioritize and execute tasks in a high-pressure environment and make sound decisions in emergency situations
    • Strong customer service orientation

    COMPETENCIES – SKILLS/KNOWLEDGE/ABILITIES:

    • Must be an intelligent, articulate, consensus building, and persuasive leader who can serve as an effective member of the senior management team and communicate information security-related concepts to a broad range of technical and non-technical staff
    • Should have experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation
    • Must have strong working knowledge of pertinent law and the law enforcement community
    • Must have a solid understanding of information technology and information security
    • Experience in business consulting and/or technology professional services
    • Knowledge of current protocols and standards related IT Security services
    • Ability to present ideas in a user-friendly language
    • Highly self-motivated and directed
    • Proven analytical and problem-solving abilities

    Physical Requirements/Working Conditions:   While performing the duties of this job, the employee is required to sit and operate a computer keyboard and/or use other general office equipment on a routine basis, Moderate travel required, Lift or move up to 10 pounds. 

     

    EEO Statement

    Nelnet is an Equal Opportunity Employer, complies with Executive Order 11246, and takes affirmative action to ensure that qualified applicants are employed, and that employees are treated during employment, without regard to race, color, religion/creed, national origin, gender, or sex, marital status, age, disability, use of a guide dog or service animal, sexual orientation, military/veteran status, or any other status protected by Federal or State law or local ordinance. Qualified individuals with disabilities who require reasonable accommodations in order to apply or compete for positions at Nelnet may request such accommodations by contacting Nelnet Talent Acquisition & Recruiting.
    Nelnet is a Drug Free and Tobacco Free Workplace.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed