Information Security and Data Privacy Officer

Job Summary:

The Information Security and Data Privacy Officer leads technical and administrative initiatives related to information security and data privacy at the Harvard John A. Paulson School of Engineering and Applied Sciences (SEAS). The role’s broad responsibilities include securing the SEAS computing environment, responding to security threats, and serving as a trusted advisor to faculty, staff, researchers, and students. This position helps departments and project teams comply with enterprise information security and data privacy policies and regulations and recommends strategic solutions. The role is part of SEAS Computing and reports to the Director of Operations. Responsibilities include designing and operationalizing an information security and data privacy program to protect the school’s technical infrastructure and data and working closely with the SEAS Computing Operations and Applications Development teams to maintain secure infrastructure and applications. The role raises awareness and assists in providing training on information security and data privacy and provides consultation to members of the SEAS community to understand their responsibilities, needs, and recommend strategic solutions that comply with the Harvard University Information Security Policy.

Job-Specific Responsibilities:

• Analyze and develop security posture metrics to inform the SEAS Chief Technology Officer and leadership of key information security and data privacy risks, trends, and priorities, and guide the design and implementation of programs to address them.
• Act as lead to advise on solutions that comply with applicable information security and data privacy policies and regulations for SEAS researcher security submissions (IRB, Data Safety and Data Agreements).
• Represent SEAS on university-wide information security and data privacy committees and working groups.
• Lead collaborative efforts within and across SEAS to identify data risks and recommend mitigation strategies for emerging security threats and vulnerabilities.
• In collaboration with other units such as the Harvard Libraries, act as an advisor to faculty and staff regarding secure options for records retention (referencing the Harvard General Records Schedule).
• Research and advocate for technologies and architectures that meet the school’s needs and align with university information security and data privacy policies.
• Oversee development and operationalizing of standard operating procedures related to technical infrastructure monitoring and alerting tools (Tenable, LogicMonitor, Splunk, CrowdStrike) to establish best practices for ensuring system health.
• Identify and maintain an inventory of SEAS sensitive data.
• Assess existing and proposed components of the SEAS Computing technical infrastructure for weaknesses such as applications, databases, networks, operating systems, cloud and on-prem IT infrastructure, and hardware.
• Lead the security incident response process for SEAS, working closely with the University PrivSec team and HUIT while communicating with impacted users.
• Present security requirements and guide minimum viable security specifications to SEAS Computing Operations and Application Development teams to ensure implementation of secure workflows and business processes that prevent unauthorized access, data modification, exfiltration, and loss, and ensure compliance with university information security and data privacy policies.
• Collaborate with University and SEAS partners to raise awareness, set standards, and establish information security and data privacy best practices.