Chief Information Security Officer
: Job Details :

Must Haves:

• Bachelors Degree or higher with a major in computer science, information technology, business or public administration, or related disciplines; OR equivalent combination of education and/or experience
• Deep expertise and technical knowledge in the information security and risk management domains
• 10+ years of experience managing an information security area, program, or office with a proven track record of creating and maintaining information security practices and/or services
• Demonstrated recent experience and achievements with managing and prospering a comprehensive information security program, including well-known IT and information security standards (i.e. ISO 27001/2, COBIT), auditable compliance, policy governance, data management, and risk management
• Ability to effectively communicate security concepts, strategies, and influence best-practice adoption to a wide variety of audiences
• Demonstrated recent experience in a senior leadership role with accountability to executive management

Overall Duties:

Develop and implement a long-term information security strategy to protect information resources.

Lead the creation and maintenance of security policies, procedures, and standards, ensuring compliance with laws, regulations, and contracts.

Oversee compliance with FERPA, HIPAA, GLBA, PCI, DMCA, GDPR, and related regulations, balancing security needs with business and educational functions.

Identify and report information security risks to leadership and provide expert guidance on security best practices.

Collaborate with university leaders to assess IT risks, set risk tolerance, and implement controls to mitigate risks.

Promote a security-aware culture through ongoing Security Awareness Training & Education (SATE).

Lead, mentor, and manage a cross-functional security, risk, and compliance team.

Participate in relevant committees and working groups related to IT governance and data privacy.

Oversee daily security operations, including threat monitoring, detection, and incident response.

Evaluate and implement cost-effective, minimally disruptive security solutions.

Collaborate with technical teams to ensure compliance with security frameworks.

Manage regulatory audits and implement remediation actions as needed.

Develop metrics to track the effectiveness and maturity of the security program.

Stay informed on emerging threats and guide stakeholders on responses.

Liaise with law enforcement and oversee incident response and vendor risk management.