Chief Information Security Officer

Must Haves:

• Bachelor’s Degree or higher with a major in computer science, information technology, business or public administration, or related disciplines; OR equivalent combination of education and/or experience
• Deep expertise and technical knowledge in the information security and risk management domains
• 10+ years of experience managing an information security area, program, or office with a proven track record of creating and maintaining information security practices and/or services
• Demonstrated recent experience and achievements with managing and prospering a comprehensive information security program, including well-known IT and information security standards (i.e. ISO 27001/2, COBIT), auditable compliance, policy governance, data management, and risk management
• Ability to effectively communicate security concepts, strategies, and influence best-practice adoption to a wide variety of audiences
• Demonstrated recent experience in a senior leadership role with accountability to executive management

Overall Duties:

• Develop and implement a long-term information security strategy to protect information resources.

• Lead the creation and maintenance of security policies, procedures, and standards, ensuring compliance with laws, regulations, and contracts.

• Oversee compliance with FERPA, HIPAA, GLBA, PCI, DMCA, GDPR, and related regulations, balancing security needs with business and educational functions.

• Identify and report information security risks to leadership and provide expert guidance on security best practices.

• Collaborate with university leaders to assess IT risks, set risk tolerance, and implement controls to mitigate risks.

• Promote a security-aware culture through ongoing Security Awareness Training & Education (SATE).

• Lead, mentor, and manage a cross-functional security, risk, and compliance team.

• Participate in relevant committees and working groups related to IT governance and data privacy.

• Oversee daily security operations, including threat monitoring, detection, and incident response.

• Evaluate and implement cost-effective, minimally disruptive security solutions.

• Collaborate with technical teams to ensure compliance with security frameworks.

• Manage regulatory audits and implement remediation actions as needed.

• Develop metrics to track the effectiveness and maturity of the security program.

• Stay informed on emerging threats and guide stakeholders on responses.

• Liaise with law enforcement and oversee incident response and vendor risk management.