Chief Information Security Officer - CISO

The University seeks highly qualified candidates for the role of Chief Information Security Officer.

As a prospective candidate, you are expected to carefully read this job description and eliminate yourself from the candidate pool if the duties and responsibilities are not a good match for you.

POSITION SUMMARY

The Chief Information Security Officer (CISO) provides strategic leadership and operational oversight for the University’s information security program. This role is responsible for safeguarding digital assets, ensuring regulatory compliance, and fostering a culture of cybersecurity awareness across the University. Reporting to the Chief Information Officer (CIO) and as a member of the leadership team of Information Technology Services (ITS), the CISO works collaboratively with University leadership to align information security initiatives with academic and administrative goals. The CISO develops and leads outreach, communication, and education efforts to raise campus-wide awareness of information security risks, requirements, and solutions; provides strategic and technical guidance and assistance in the design and implementation of appropriate security processes for campus-wide information systems ; creates and keeps current information security policies and incident response protocols to help ensure the confidentiality, availability and integrity of all information assets; and leads the University’s monitoring, detection, and mitigation of potential security threats.

D UTIES AND RESPONSIBILITIES

• Develop, maintain, and enforce cybersecurity policies, standards, and procedures that ensure confidentiality, integrity, and availability of information systems.
• Develop security architecture and maintain a risk-mitigation approach to securing ITS assets.
• Collaborate with ITS leadership, legal, audit, and academic units to ensure alignment between security and institutional priorities, aligned with the principles of academic freedom that remain core to a national doctoral and professional University.
• Conduct security awareness education and training programs that promote a security-conscious culture across the University.
• Serve as the primary advisor to University leadership on information security risks and mitigation strategies. Partner with campus stakeholders to integrate information security into the lifecycle of all technology projects.
• Direct incident response activities and collaboration with other ITS units in the development of disaster recovery and business continuity plans.
• Coordinate with law enforcement, governmental agencies, and insurance providers on cybersecurity matters.
• Monitor emerging threats and coordinate proactive responses to potential vulnerabilities.
• Provide oversight of, in collaboration with the School of Engineering and Computing, the internal student-run security operations center and external threat detection and response services.
• Lead cybersecurity risk assessments and oversee internal/external audits, cybersecurity maturity assessments, and penetration tests.
• Stay current with information security issues and regulatory changes affecting higher education at the state and national level, participate in national policy and practice discussions, and communicate to campus on a regular basis about those topics.
• Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.

• Performs other related duties as required or dictated by responsibilities.

QUALIFICATIONS AND EXPERIENCE

• 8-10 years of progressive information security experience with 3+ years in a leadership or managerial role.
• Experience in higher education or a research environment is preferred.
• A strategic grasp of information security at both institutional and operational levels.
• Capability to articulate a vision for information security that engages all constituents, satisfies internal and external requirements, and enables the University’s ongoing pursuit of excellence and innovation in its academic and research fields.
• Proven experience managing a small team of technology associates. This role has management responsibility for an Information Security Architect and a Senior Network Security Specialist.
• Professional certifications such as CISSP, CISM, or CRISC.
• Familiarity with NIST, ISO 27001, and EDUCAUSE security frameworks.
• Strong understanding of compliance standards such as FERPA, HIPAA, GDPR, and GLBA.
• Excellent interpersonal and communication skills, with the ability to present complex security topics to diverse audiences.