This job has expired

Chief Information Security Officer

Indiana University
Indiana, United States
Salary Not specified
Start date
Oct 7, 2021
Department Information

Information technology empowers Indiana University's students, faculty, and staff to continually improve the quality of their research, education, and services. The Office of the Vice President for Information Technology, under the Vice President for Information Technology (VPIT), manages information technology across the Indiana University system.

This position will receive generous benefits as an Indiana University employee (see here) and be part of a vibrant information security community at Indiana University that includes the REN-ISAC, the Center for Applied Cybersecurity Research, the OmniSOC, and a rich set of research faculty. Indiana University is a strategic partner of Women in Cybersecurity (see here) and a strong participant in the EDUCAUSE Higher Education Information Security Council (HEISC).

Job Summary

Manage information security for the $4 billion Indiana University system that encompasses 118,000+ students, faculty and staff, and $500 million in research. Under the direction of the Associate Vice President for Information Security (AVPIS), the IU Chief Information Security Officer (CISO) works in collaboration with other IU assurance management (privacy, legal, data stewards, etc) to plan IU information security strategy and initiatives to maintain a secure, privacy-respecting, ethical, compliant environment that supports IU’s research, education and outreach missions. The main responsibility of the CISO is to provide day-to-day oversight of the 20-person University Information Security Office (UISO) and the information security initiatives supporting IU’s information security strategy and environment. 

Specific responsibilities of the CISO include:

  • Providing project oversight and ongoing personnel management of the UISO, including maintaining an inclusive environment, ongoing professional development, and a diverse set of perspectives necessary to function in IU’s heterogeneous environment.
  • Communicating information security and other technical contexts in a variety of settings to IU administrators, faculty, researchers, staff, students who have a range of technical acumen in order to persuade them to support information security initiatives.
  • Maintaining relationships across IU to be aware of changes at the department level that could introduce risk, to be able to effectively persuade with varying levels of direct authority, and to coordinate information security university-wide.
  • Maintaining a broad knowledge of IU IT infrastructure and operations and how they apply to each of IU’s missions of education, research, and outreach, to be able to understand the trade-offs of risk and policy choices on IU’s risk posture and missions. 
  • Making day-to-day risk management choices to resolve tensions between information security goals, IU’s mission, and other constraints.
  • Collaborating with information security faculty, the Research & Education Networking Information Sharing and Analysis Center (REN-ISAC), the Center for Applied Cybersecurity Research (CACR), and the OmniSOC as opportunities arise.
  • Ensuring, in collaboration with the UISO’s Incident Response Management and the AVPIS, that IU is prepared for information security incidents. During responses, provide oversight of incident response and play a pivotal role in communication  to the AVPIS and CIO.



  • Bachelor's degree 


  • Degree in Computer Science, Information Systems Management, Public Policy or Law



  • 5 years of information security or related experience
  • 3 years of management experience


  • 8 years of experience in assessing and mitigating information security risks
  • 5 years of experience at a level of management at an institution of sufficient size and complexity as to provide evidence of potential success in information security management at Indiana University.

Combinations of related education and experience may be considered



  • Professional certification (e.g., CISSP, CISM)



  • Proficient communication skills
  • Maintains a high degree of professionalism
  • Demonstrated time management and priority setting skills
  • Demonstrates a high commitment to quality
  • Excellent organizational skills
  • Excellent collaboration and team building skills
  • Effectively coaches and delivers constructive feedback
  • Instills commitment to organizational goals
  • Demonstrates excellent judgment and decision-making skills
  • Effective conflict management skills
  • Builds and manages effective teams
  • Effective leadership skills
  • Ability to represent the company with external constituents
  • Ability to drive multiple projects to successful completion 


  • Sufficient knowledge of information technology, information security technology, compliance programs, privacy, relevant legal doctrine, and education, research, and outreach processes to be able to oversee information security security initiatives and processes at IU.
  • Ability to assess information security risks and trade-offs in a complex university environment.
  • Ability to communicate information security technical matters effectively to a variety of audiences.
  • Ability to manage a 20-person, 3-tier team and associated budget.

Familiarity with:

  • Security and privacy of educational records (FERPA) and private health information.
  • Copyright and software piracy law.
  • Information security audit and control issues.
  • Facilitation of secure research, including compliance programs (HIPAA, 800-53, 800-171)
  • Information security issues arising from a diverse, 100,000+ person community in a highly open, collaborative environment.
  • Project management processes.
  Work Location

Bloomington, Indiana or Indianapolis, Indiana.

This position has the potential for a remote work arrangement.  

Get job alerts

Create a job alert and receive personalized job recommendations straight to your inbox.

Create alert