Chief Information Security Officer

Job Description

Typical duties include but are not limited to:

• Partners and leads the cybersecurity function across the organization to ensure consistent, high-quality information security management in support of the organization goals.
• Develops the cybersecurity strategy and operating model in collaboration with stakeholders, ensuring alignment with the organization's risk management approach and compliance monitoring for non-digital risk areas.
• Establishes a cybersecurity governance framework by implementing a structured governance program, including the creation of a cybersecurity steering committee or advisory board.
• Collaborates with the procurement office to ensure cybersecurity requirements are integrated into contracts by coordinating with vendor management and procurement teams.
• Develops and updates policies and procedures to safeguard information assets, addressing emerging threats and industry standards while identifying, evaluating, and managing cybersecurity risks to the organization.
• Oversees risk evaluation and compliance management processes while developing risk management frameworks to prioritize and mitigate potential cybersecurity threats, vulnerabilities, and incidents.
• Advises on the cyber risk posture of the organization, including the mandatory application of controls.
• Ensures the organization complies with relevant legal, regulatory, and industry standards. Maintains awareness of evolving laws and regulations to ensure ongoing compliance.
• Manages resources in alignment with the IT workforce plan and supports the CIO in budgeting for the cybersecurity function by monitoring and reporting any discrepancies.
• Develops a cybersecurity vision and strategy aligned with organizational priorities to support business objectives while securing senior stakeholder buy-in. This includes creating, implementing, and monitoring a comprehensive cybersecurity program that ensures the confidentiality, integrity, and availability of the organization's information assets, as well as compliance with safety, privacy, reliability, and resilience requirements.
• Manages and contains cybersecurity incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.
• Manages an effective cybersecurity organization consisting of direct reports including hiring, training, staff development, performance management and review process.
• Leads the development of IT policies, procedures, and performance management processes, while providing guidance on information security governance to ensure that security initiatives are effectively integrated throughout the organization.
• Liaises with external agencies, including law enforcement, SUS CISOs, and other advisory bodies, to ensure the organization maintains a strong security posture and stays informed of relevant threats identified by these entities.
• Stays current with developments in new market trends and innovations in Cybersecurity and technology.

Other Duties:

• May be responsible for developing and managing strategic vendor and partnership relationships.
• May oversee the execution of high-impact, enterprise wide, strategic programs or initiatives.
• May oversee IT workforce management, including the sourcing, training and development of staff.
• May assume full CIO responsibilities (or those responsibilities as directed) during the CIO's absence.
• Performs other job-related duties as assigned.

Additional Job Description

Required Qualifications:

• This position requires fourteen years of professional, full-time experience, or as an alternative, a Bachelor's degree from an accredited institution in Computer Science, Management Information Systems, Business, or a closely related degree and ten years of professional, full-time experience.
• Five years of leadership responsibility, including strategy, budgeting, and managing multiple cross functional teams.
• Demonstrated experience influencing key stakeholders across the organization and within complex contexts.
• Any appropriate combination of relevant education, experience, and/or certifications may be considered.

Preferred Qualifications:

• Master's Degree from an accredited institution in Computer Science, Management Information Systems, Business or closely related field.
• IT leadership and management experience in a higher education setting.
• Experience in Infrastructure and Operations.
• Experience building a security program.
• Experience in risk and compliance management.
• CISSP GIAC Certification.

Knowledge, Skills, and Abilities:

• Expert knowledge of current and emerging technologies, technology directions, and strategic application to business needs, including the ability to differentiate between a relevant trend and hype.
• Knowledge of infrastructure planning and operations, design and deployment, as well as system life cycle management.
• Knowledge of business and management principles involved in strategic planning, resource allocation, workforce modeling, leadership technique, and coordination of people and resources.
• Excellent interpersonal, verbal and written communication skills.
• Skill in identifying complex problems and reviewing related information to develop and evaluate options and implement solutions.
• Ability to interact in a professional manner with staff, faculty, students, and the community in a service-oriented environment.
• Ability to think critically and creatively, have a high standard of integrity, and be motivated to incorporate best practices into the organizational structure.
• Ability to improve operational efficiency, service delivery and information management across the IT organization.
• Ability to provide strong, consistent leadership in various situations when numerous and complex demands are involved.
• Ability to effectively manage the work of others by providing guidance and motivation while establishing goals and expectations of accountability.

Salary: $130,000 - $155,000