Chief Information Security Officer (CISO)

Position Overview The University of Kansas seeks an experienced, visionary executive to serve as its next Chief Information Security Officer (CISO). The University of Kansas (KU) is the state’s flagship university, an R1 institution and one of just 65 invited members of the prestigious Association of American Universities (AAU). This unique, career-defining role will lead the development of best-in-class information security programs at the organization.

As a member of the Chief Information Officer's leadership team, the CISO has the immediate opportunity to positively impact the information security environment across several campuses statewide. Information security is absolutely critical for KU to carry out its mission in an era of expanding data challenges, constantly evolving technologies, an immensely complex regulatory environment and ever-increasing security threats. Strong security is a precondition for students, faculty, staff and administrators to engage with each other and flourish in their work with confidence and conviction. As such, the CISO must lead the strategy and culture of security across multiple campus locations including Lawrence, Edwards, Yoder and Fort Leavenworth to affect continual change and keep KU ahead of modern security dangers and malicious acts.

The CISO will be a visible leader who is known across the university. This executive will be provided the necessary support to invest in a team and identify new technologies, training programs and strategies that meet the security needs of the university. This leader will be critical in implementing tools to automate aspects of security defenses and develop in-person and virtual training to ensure a culture of information security broadly.

The CISO is responsible for the information security strategy and operations of the central IT organization, ensuring regulatory compliance and reporting in partnership with KU’s policy, legal, audit and compliance senior leadership teams. The CISO will also work with external stakeholders at the local, state and regional levels, including information security leaders at other state universities, to ensure KU is utilizing best practices to protect student, personnel and intellectual property information. The CISO will focus on creating an IT-security program that is customer-oriented with an effective team of information security professionals that supports it.

The CISO works in close collaboration with the KU Medical Center CISO on matters related to information sharing between the flagship campus and health sciences groups. Additionally, the CISO will partner closely with the Chief Security Officer and Director of Global Operations and Security (CSO) to ensure information, technology and infrastructure related to research and intellectual property are adequately protected from potential malicious actors, domestic and international. The CSO will lead those research-related initiatives with the CISO providing a significant level of support through policy, staffing and expert guidance.

The CISO will oversee ongoing activities, programs and projects that serve to protect institutional data confidentiality, integrity, and availability while providing students, faculty, staff and vendors with secure and reliable access to systems and information. The CISO will lead the evolution and documentation of KU’s information security standards, controls, training, practices and reporting Job Description Job Duties - Overview
The University of Kansas Information Technology (KU IT) is a vital unit to the institution, facilitating KU’s academic, research and service missions through the utilization of a broad range of best-in-class technology services and systems to more than 28,000 students, 10,000 staff, 2,800 faculty members, and a research enterprise supporting over $290 million in sponsored projects, contracts, and prestigious awards. The CIO and other technology leaders help to shape the direction of information technology across KU campuses in a manner that will most effectively serve the mission of the institution. KU IT partners closely with stakeholders across the organization to ensure the IT roadmap meets its users’ needs and expectations, and aligns with the University’s strategic plan, Jayhawks Rising, focusing on the institutional priorities of Student Success, Healthy & Vibrant Communities and Research & Discovery.

KU IT teams provide direct support for the technology infrastructure, networking, communications, administrative and teaching applications, and other software systems. Teams work closely with peers from purchasing, the schools, and across campus locations to shape the direction of technology and deliver innovative services that meet the quickly-changing needs of the institution. KU IT is made up of dedicated information technology professionals that support learning, research, scholarship, and creative endeavors defining technology options that are viable to the institution. KU IT is a key partner in meeting the mission of the University of Kansas and doing so in a way that is effective, efficient and will adapt to the ever-evolving technology landscape.

IT Security
KU's IT Security Office is a critical entity in the university with a focus on identifying both current vulnerabilities and future threats. The information security team provides the policy guidance, governance and operational leadership to address issues that could threaten the academic and research missions of the University of Kansas. Through the information security team's work, the institution is protected from phishing attacks, data theft, denial of service attacks, fraud, ransomware, malware, and social engineering. The office does this by directly working with information security vendors, partnering with IT operations peers, working with leadership and utilizing communication and education for university employees and students. The Office is the leading authority within KU in recognizing upcoming threats and aligning the right resources and teams to protect university operations and organizational integrity.

In its day-to-day activities, the KU IT Security Office provides essential services for the campus community such as IT security consulting, information security planning, ongoing threat monitoring through vendor partners and providing agile methods for training. KU’s IT security experts are key influencers on campus among school leaders, unit subject matter experts, faculty, staff, researchers and students. The resources and efforts of the KU IT Security Office are fundamental to protecting campus community members as well as the university's expansive data and intellectual property.

Reporting to the Chief Information Officer, Mary Walsh, the CISO leads a team of dedicated information security professionals and dotted-line reports who provide information security expertise and guidance across KU schools and administrative units. The focus of the CISO will be to be a forward thinking, agile thought partner and security expert that is continuously developing programs, solutions, and education to ensure that data is secure and that the university is able to move forward with its mission.

In partnership with senior leadership, the CISO will craft an inclusive, coherent vision of information security needs and position the organization to meet those goals. The CISO will engage with enterprise and university leadership (including the KUMC CISO) to drive the security program and concepts into all business processes, leading any efforts around risk mitigation. The CISO will be involved in a regular review of existing and new partnerships for KU, including a review of strategic collaborations, contracts, research management and other engagements. Required Qualifications

PROFESSIONAL QUALIFICATIONS & PERSONAL CHARACTERISTICS
The University of Kansas seeks in its next CISO a thoughtful visionary and strategic leader with a track record in building information security programs in highly complex organizations by leading the implementation of toolsets and influencing the culture of security across the campus community. The CISO must have a commitment to KU's vision, mission and values; a demonstrated track record of information security leadership; and provide objective proof of their ability to build a program that can adapt to the fast-changing threats across the information security landscape. The ideal candidate will demonstrate significant experience in aligning information security strategy, recognized framework and resources to meet the needs of the institution.

The successful candidate will also have:
▪ A bachelor’s degree in a relevant field such as information security, computer science, information technology, or information systems; a master’s degree is preferred. A recognized, valid information security certification such as a CISSP, CISM, CISA or similar is required for the CISO.
▪ More than 10 years of information security experience with five years of progressive leadership experience in a complex organization.
▪ Demonstrated ability to successfully define and implement the strategic direction of the organization's information security program through listening and understanding the needs of a vast constituency in combination with available resources and teams.
▪ A significant track record in advancing information security through the thoughtful use of policy, technology, vendor relationships and governance as demonstrated by application materials.
▪ Understanding or direct work experience with complex higher education regulatory and legal environments including FISMA and HIPAA, among others.
▪ Experience in the utilization and/or deployment of modern information security frameworks such as NIST, ISO 27000, HITRUST and others.
▪ Effective written and verbal communication skills, including storytelling to develop compelling business/use cases to garner support for achieving the risk posture that positively promotes and advances the University’s mission and strategic goals.
▪ Significant operational leadership experience in information security working within a complex organization, which will include information security planning and policy development.
▪ Experience developing a multi-year information security roadmap and demonstrated ability to socialize that plan to senior leaders, developing and utilizing metrics to measure performance and can be understood by a variety of audiences.
▪ Experience with performing risk analysis both in-house and through third-party organizations, followed by developing effective risk mitigation plans that take into account the culture of the organization and how most effectively implement.
▪ A strong commitment to contributing to a culture that promotes and values diversity, equity and inclusion in alignment with the goals of KU.
▪ Experience in immediate prioritization or response to security requests demonstrating strong customer service skills.
▪ Exceptional ability to communicate including both written and verbal communication skills. This should be showcased in a quantifiable way with candidate application materials.
▪ Experience in managing personnel and leading teams. Additional Candidate Instructions All applications, nominations and inquiries are invited. Applications should include, as separate documents, a CV or resume, and a letter of interest addressing the themes in this profile.

As WittKieffer is assisting the University of Kansas in this search. For fullest consideration, candidate materials should be received by August 31, 2022. Application materials should be submitted using WittKieffer's candidate portal.

Nominations and inquiries can be directed to:
Zachary Durst
zdurst@wittkieffer.com


  Contact Information to Applicants Nominations and inquiries can be directed to:

Zachary Durst
zdurst@wittkieffer.com Advertised Salary Range commensurate with experience Application Review Begins Thursday, September 1, 2022

Anticipated Start Date Thursday, December 1, 2022

The University of Kansas prohibits discrimination on the basis of race, color, ethnicity, religion, sex, national origin, age, ancestry, disability status as a veteran, sexual orientation, marital status, parental status, gender identity, gender expression, and genetic information in the university's programs and activities. Retaliation is also prohibited by university policy. The following persons have been designated to handle inquiries regarding the nondiscrimination policies and are the Title IX coordinators for their respective campuses: Associate Vice Chancellor for the Office of Civil Rights and Title IX, civilrights@ku.edu, Room 1082, Dole Human Development Center, 1000 Sunnyside Avenue, Lawrence, KS 66045, 785-864-6414, 711 TTY (for the Lawrence, Edwards, Parsons, Yoder, and Topeka campuses); Director, Equal Opportunity Office, Mail Stop 7004, 4330 Shawnee Mission Parkway, Fairway, KS 66205, 913-588-8011, 711 TTY (for the Wichita, Salina, and Kansas City, Kansas medical center campuses).