Information technology empowers Indiana University's students,
faculty, and staff to continually improve the quality of their
research, education, and services. The Office of the Vice President
for Information Technology, under the Vice President for
Information Technology (VPIT), manages information technology
across the Indiana University system.
This position will receive generous benefits as an Indiana
University employee (see here) and
be part of a vibrant information security community at Indiana
University that includes the REN-ISAC, the Center for Applied
Cybersecurity Research, the OmniSOC, and a rich set of research
faculty. Indiana University is a strategic partner of Women in
Cybersecurity (see here)
and a strong participant in the EDUCAUSE Higher Education
Information Security Council (HEISC).
Manage information security for the $4 billion Indiana
University system that encompasses 118,000+ students, faculty and
staff, and $500 million in research. Under the direction of the
Associate Vice President for Information Security (AVPIS), the IU
Chief Information Security Officer (CISO) works in collaboration
with other IU assurance management (privacy, legal, data stewards,
etc) to plan IU information security strategy and initiatives to
maintain a secure, privacy-respecting, ethical, compliant
environment that supports IU’s research, education and outreach
missions. The main responsibility of the CISO is to provide
day-to-day oversight of the 20-person University Information
Security Office (UISO) and the information security initiatives
supporting IU’s information security strategy and
Specific responsibilities of the CISO include:
- Providing project oversight and ongoing personnel management of
the UISO, including maintaining an inclusive environment, ongoing
professional development, and a diverse set of perspectives
necessary to function in IU’s heterogeneous environment.
- Communicating information security and other technical contexts
in a variety of settings to IU administrators, faculty,
researchers, staff, students who have a range of technical acumen
in order to persuade them to support information security
- Maintaining relationships across IU to be aware of changes at
the department level that could introduce risk, to be able to
effectively persuade with varying levels of direct authority, and
to coordinate information security university-wide.
- Maintaining a broad knowledge of IU IT infrastructure and
operations and how they apply to each of IU’s missions of
education, research, and outreach, to be able to understand the
trade-offs of risk and policy choices on IU’s risk posture and
- Making day-to-day risk management choices to resolve tensions
between information security goals, IU’s mission, and other
- Collaborating with information security faculty, the Research
& Education Networking Information Sharing and Analysis Center
(REN-ISAC), the Center for Applied Cybersecurity Research (CACR),
and the OmniSOC as opportunities arise.
- Ensuring, in collaboration with the UISO’s Incident Response
Management and the AVPIS, that IU is prepared for information
security incidents. During responses, provide oversight of incident
response and play a pivotal role in communication to the
AVPIS and CIO.
- Degree in Computer Science, Information Systems
Management, Public Policy or Law
- 5 years of information security or related experience
- 3 years of management experience
- 8 years of experience in assessing and mitigating information
- 5 years of experience at a level of management at an
institution of sufficient size and complexity as to provide
evidence of potential success in information security management at
Combinations of related education and experience may be
LICENSES AND CERTIFICATIONS
- Professional certification (e.g., CISSP, CISM)
- Proficient communication skills
- Maintains a high degree of professionalism
- Demonstrated time management and priority setting skills
- Demonstrates a high commitment to quality
- Excellent organizational skills
- Excellent collaboration and team building skills
- Effectively coaches and delivers constructive feedback
- Instills commitment to organizational goals
- Demonstrates excellent judgment and decision-making skills
- Effective conflict management skills
- Builds and manages effective teams
- Effective leadership skills
- Ability to represent the company with external
- Ability to drive multiple projects to successful
- Sufficient knowledge of information technology, information
security technology, compliance programs, privacy, relevant legal
doctrine, and education, research, and outreach processes to be
able to oversee information security security initiatives and
processes at IU.
- Ability to assess information security risks and trade-offs in
a complex university environment.
- Ability to communicate information security technical matters
effectively to a variety of audiences.
- Ability to manage a 20-person, 3-tier team and associated
- Security and privacy of educational records (FERPA) and private
- Copyright and software piracy law.
- Information security audit and control issues.
- Facilitation of secure research, including compliance programs
(HIPAA, 800-53, 800-171)
- Information security issues arising from a diverse, 100,000+
person community in a highly open, collaborative environment.
- Project management processes.
Bloomington, Indiana or Indianapolis, Indiana.
This position has the potential for a remote work