Chief Information Security Officer

Department: Information Technology

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Michigan Technological University is an Equal Opportunity Educational Institution/Equal Opportunity Employer that provides equal opportunity for all, including protected veterans and individuals with disabilities.

If you require any auxiliary aids, services, or other accommodations to apply for employment, or for an interview, at Michigan Technological University, please notify the Human Resources office at 906-487-2280 or humanresources@mtu.edu.

Responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the university.

1. Act as the primary security architect for the university's technology resources.
2. Lead incident response teams and forensic investigations related to the university’s technology resources.
3. Monitor the university's technology resources for attacks.
4. Work with information technology staff to educate them on security risks and train them in assessment and response techniques.
5. Provide reports as directed or requested to keep executive management and external agencies informed of security incidents.
6. Work with the Office of Risk Management and General Counsel as needed to resolve difficult legal security issues.
7. Develop, implement, and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
8. Perform vulnerability assessments on the university’s resources and evaluate the risk.
9. Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
10. Keep abreast of security incidents and act as primary control point during significant information security incidents.
11. Act as liaison with law enforcement agencies, government agencies, and the court system, when dealing with security incidents.
12. Provide leadership, direction, and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
13. Examine impacts of new technologies on the Institution’s overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
14. Direct the preparation of short- and long-term strategic and operating plans pertaining to the university's information security program.
15. Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
16. Support the vision of the university when developing and enforcing security protocols.
17. Represent the university on committees and boards associated with the information security and in national and regional consortiums and collaborations.
18. Encourage continuous improvement practices among employees. Commit to applying continuous improvement strategies to strategic goals and leadership skills.
19. Ensure compliance with all applicable university, state, and federal regulations.
20. Apply safety-related knowledge, skills, and practices to everyday work.
21. Supervisory Responsibilities: Functional supervision may be exercised over staff and student assistants.

• Ability to obtain a U.S. Department of Defense security clearance, which requires United States citizenship. May not possess dual citizenship.
• Bachelor’s degree in computer security, computer science, computer engineering or related field, or an equivalent combination of education and professional experience from which comparable knowledge and abilities can be acquired.

• Five years of experience in information security, information technology or other fields related to IT security and risk management.
• Professional experience working with networking technologies and protocols.
• Professional experience working with network firewalls and intrusion detection or prevention systems.
• Professional experience with strong analytical and working knowledge of regulatory rules, frameworks, and controls including but not limited to HIPAA, HITECH, GLBA, PCI-DSS, and RFRs.
• Experience designing and implementing controls related to NIST-800 series, DFARS, HIPAA, PCI-DSS, or similar standard.

• Master’s degree in computer security, computer science, computer engineering or related field.
• Certification related to security and information response such as CISSP or GIAC.
• Professional experience in a higher education environment.

• Demonstrate ability to advise senior management and governing board on enterprise-level security risks.
• Excellent oral and written communication skills including the ability to communicate complex security issues to any faculty, staff, supervisors and/or university officials.
• Knowledge and ability to educate and train faculty, staff, and students.
• Effectively collaborate with others to achieve goals.
• Strong creative, innovative, strategic, and visionary qualities.
• Strong prioritization, time management and multitasking skills.
• Skill in organizing resources and establishing priorities while working in a fast-paced environment.
• Lead and manage a team of security professionals.
• Demonstrated ability to effectively design and implement complex systems.
• Working knowledge of databases and applications.
• Knowledge of at least one programming or scripting language.
• Strong ability to exhibit good judgment.
• Strong ethical behavior with the ability to remain independent and maintain confidentiality.
• Demonstrated ability to assess and mitigate risk.
• Experience in security analysis.
• Experience leading incident response teams or forensic investigations.
• Knowledge and understanding of emerging technologies such as virtualized systems and networks, next-generation firewalls, and honeypots.
• Highly developed analytical and problem-solving skills.
• Ability to resolve a magnitude of diverse, complex, and ambiguous issues/situations.
• Demonstrate ability to communicate effectively across cultural boundaries and work harmoniously with diverse groups of students, faculty, and staff.
• Demonstrate commitment to a culture of safety by having established safety as a key professional value and essential component of daily practice.
• Demonstrate understanding of the organizational roles and responsibilities for safety among management, supervisors, and employees.

The work environment and/or physical demands described here are representative of those an employee may encounter while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

Work will be done in an office environment where noise levels are usually low to moderate.

Frequent repetitive hand/wrist motions and finger manipulation.

Every employee at Michigan Technological University will receive the following 4 required trainings; additional training may be required by the department.

Required University Training:

• Employee Safety Overview
• Anti-Harassment, Discrimination, Retaliation Training
• Annual Data Security Training
• Annual Title IX Training

Background Check:

Offers of employment are contingent upon and not considered finalized until the required background check has been performed and the results received and assessed.

Other Conditions of Employment:

The successful applicant will be responsible for ensuring eligibility for employment in the United States on or before the effective date of the appointment. Visa sponsorship is unavailable at this time. This is not an E-Verified Position.

Michigan Technological University is an Equal Opportunity Educational Institution/Equal Opportunity Employer that provides equal opportunity for all, including protected veterans and individuals with disabilities.

1.00

Exempt

Negotiable.

Chief Information Officer

Internal & External Posting

Please provide contact information for three (3) professional references.