Under general direction, this position provides oversight to the Technology Compliance (TC), Business Continuity (BC) and Disaster Recovery (DR) programs and associated services.
Duties and Responsibilities
Essential Duties and Responsibilities include the following. Other duties may be assigned.
1. Acts as an independent reviewer to ensure that technology compliance issues and concerns within Loyola University Chicago are being appropriate evaluated, investigated and resolved.
2. Advise management of critical technology compliance issues that may affect clients or internal personnel.
3. Working closely with the ITS Audit Owner on audit & assessment projects, to ensure that information risks are managed and that risk assessment processes are followed.
4. Manage the day to day operations of the TC program which includes the monitoring of compliance and documentation of existing audits and assessments.
5. Assist with compliance and risk assessments to help ensure the integrity and quality of systems/applications, information assets, processes, and procedures.
6. Develop, initiate, maintain and revise policies and ongoing procedures for the general operation of the TC program and its related activities as needed.
7. Monitors and reports on the status of required steps for developing and maintaining BC and DR plans; runs and issues weekly checkpoint and status for all BC and DR plans and updates that are in process.
8. Collaborates with the University Senior Management to ensure BC and DR plans are aligned to business continuity needs.
9. Administers, monitors and maintains the TC, BC and DR management systems for all TC. BC and DR deliverables, plans and configurations;
10. Provides timely reports and communication on the TC, BC and DR programs to IT managers, university executives and governing committees.
11. Oversees and coordinates project expectations, status reporting, audit/compliance updates and all other required communications and reporting for the TC, BC and DR programs; identifies risks and issues, including potential risk mitigation options.
12. Assists with the enterprise architecture decision making process in relation to information risk management.
13. Responsible for managing relationships with business units and external clients, in matters related to technology compliance, business continuity and disaster recovery reviews. Must be able to influence and persuade individuals and/or groups to identify common ground solutions.
14. Demonstrates a commitment to Loyola’s mission and strategy by building strong client relationships and supporting the ITS core values of service excellence for university strategic initiatives and continuous development/improvement.
15. Proactively manages change through existing change management processes.
16. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.
Minimum education and/or work experience
- Bachelor’s degree or higher in Management Information Systems, Computer Science or Engineering or equivalent experience. Relevant industry experience, aptitude, and the ability to learn while applying knowledge and skill-sets is important.
- 2 years of experience in information technology including any of the following: enterprise architecture, application development, infrastructure support, database administration, risk management, information security, program/project management/consulting.
- 2 years of risk management and/or internal controls processing.
- Demonstrate an understanding of business processes, internal control risk management, IT controls, and how they interact together.
- Ability to write policy and procedural documentation as required.
- Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant controls.
- Knowledge of regulatory requirements such as FERPA, HIPAA, PCI and PIPA.
- Exposure to disaster recovery and business continuity plans and processes for an information technology or technical organization.
- Strong customer relationship, internal consulting and project management skills.
- Must have ability to work independently and in team settings.
- Must be detail oriented, results focused, possess effective written and verbal communication skills.
- Experience in Higher Education is a plus, but not required.
- Demonstrated excellent verbal, presentation, written communication and documentation skills. Effective communication skills are essential to the success of this position. Individual must be able to work effectively and appropriately with peers, staff, faculty and students.
- Core consulting skills such as business writing and presenting, and analytic comparisons.
- Communicate and present concisely and effectively based on appropriate level of management interaction.
- Great attitude and strong work ethic; Ability to work independently and in team settings; Focuses on solving conflict, not blaming; Maintains confidentiality and follows ITS and other university policies regarding data security and protection; Balances team and individual responsibilities; Contributes to building a positive team spirit; Effectively influences actions and opinions of others; Strives to continuously build knowledge and skills; Shares expertise with others; Able to communicate technical ideas and concepts to non-technical audiences; Excellent oral and written communication skills.
- Diversity – Shows respect and sensitivity for cultural differences; educates others on the value of diversity.
- Ethics – Treats people with respect; Works with integrity and ethically; handles sensitive and confidential issues and materials appropriately.
- Supports organization’s goals and values; Develops strategies to achieve organizational goals; Adapts strategy to changing conditions; Includes appropriate people in decision-making process; Strong administrative and organizational skills.
- Ability to lead cross-functional, review meetings is required.
- Requires the matrix management responsibility of project teams.
Have, or willing to obtain, CISA and CISM qualifications (training will be provided if required), ITIL Certification is a plus, but not required.
Proficient in Microsoft Applications (Project, Excel, Word, Visio, and PowerPoint).
Exposure to compliance control, disaster recover management, enterprise architecture and/or technology inventory solutions.