Chief Information Security Officer
- Employer
- Central Piedmont Community College
- Location
- North Carolina, United States
- Salary
- $84,207.00 - $168,407.00
- Date posted
- Mar 25, 2022
View more
- Position Type
- Administrative, Academic Affairs, Chief Academic Officers & Vice Presidents, Other Academic Affairs, Student Affairs, Chief Student Affairs Officers & Vice Presidents
- Employment Level
- Administrative
- Employment Type
- Full Time
Chief Information Security Officer position available in Information Technology Services.
General Function
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which we operate. The CISO is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives.
The CISO reports to the Chief Information Officer (CIO), is a
member of the ITS leadership team and serves a key role in
university leadership, working closely with senior administration,
academic leaders, and the campus community. The CISO is an advocate
for the Institution's total information security needs and is
responsible for the development and delivery of a comprehensive
information security strategy to optimize the security posture of
the college.
The CISO position requires a visionary leader with sound knowledge
of the college environment and a working knowledge of cybersecurity
technologies covering the college network as well as the broader
digital ecosystem. The CISO will proactively work with business
units and ecosystem partners to implement practices that meet
agreed-on policies and standards for information security. He or
she should understand IT and must oversee a variety of
cybersecurity and risk management activities related to IT to
ensure the achievement of business outcomes where the business
process is dependent on technology. The CISO will be responsible
for implementing and running the enterprise information security
program. The CISO should understand and articulate the impact of
cybersecurity on (digital) business, and be able to communicate
this to the senior stakeholders. A key element of the CISO's role
is working with executive management to determine acceptable levels
of risk for the organization.
The CISO leads the development and implementation of a security
program that leverages collaborations and campus-wide resources,
facilitates information security governance, advises senior
leadership on security direction and resource investments, and
designs appropriate policies to manage information security risk.
The complexity of this position requires a leadership approach that
is engaging, imaginative, and collaborative, with a sophisticated
ability to work with other leaders to set the best balance between
security strategies and other priorities at the campus level.
Characteristic Duties and Responsibilities
1. Lead the information security function across the
company to ensure consistent and high-quality information security
management in support of the business goals. Responsible for the
strategic leadership of the college’s information security
program.
2. Provide guidance and counsel to the CIO and key members of
the college leadership team, working closely with senior
administration, academic leaders, and the campus community in
defining objectives for information security, while building
relationships and goodwill.
3. Promote collaborative, empowered working environments
across campus, removing barriers and realizing possibilities.
4. Facilitate an information security governance structure
through the implementation of a hierarchical governance program,
including the formation of an information security steering
committee or advisory board.
5. Lead information security planning processes to establish
an inclusive and comprehensive information security program for the
entire institution in support of academic and administrative
information systems and technology.
6. Establish annual and long-range security and compliance
goals, define security strategies, metrics, reporting mechanisms
and program services; and create maturity models and a roadmap for
continual program improvements.
7. Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas.
8. Provide regular reporting on the current status of the information security program to enterprise risk teams and the executive management team as part of a strategic enterprise risk management program, thus supporting business outcomes.
9. Manage the budget for the information security function, monitoring and reporting discrepancies. Strategy and Frameworks.
10. Develop an information security vision and strategy that is aligned to the college priorities and enables and facilitates the college’s business objectives, and ensures senior stakeholder buy-in and mandate.
11. Develop, implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the college.
12. Develop and enhance an up-to-date information security management framework based on the following: National Institute of Standards and Technology (NIST).
13. Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
14. Develop and maintain a document framework of continuously up-to-date information security policies, standards and guidelines. Oversee the approval and publication of these information security policies and practices.
15. Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.
16. Work closely with IT leaders, technical experts, deans and administrative leaders across campus on a wide variety of security issues that require an in-depth understanding of the IT environment in their units.
17. Create the necessary internal networks among the information security team and line-of-business executives, compliance & audit, physical security, legal and HR management teams to ensure alignment as required.
18. Build and nurture external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.
19. Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
20. Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
21. Pursue security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program.
22. Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
23. Define and facilitate the processes for information security risk and for legal and regulatory assessments.
24. Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
25. Develop and oversee effective disaster recovery policies and standards to align with the college business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter. Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas.
26. Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem.
27. Monitor security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidents that arise.
28. Convene Ad Hoc Security Committee as appropriate and provide leadership for breach response and notification actions for the college.
29. Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
30. Examine impacts of new technologies on the college’s overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
31. Coordinate and track all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes.
32. Work with auditors as appropriate to keep audit focus in
scope, maintain excellent relationships with audit entities and
provide a consistent perspective that continually puts the
institution in its best light. Provide guidance, evaluation and
advocacy on audit responses.
Knowledge, Skills, Abilities and Characteristics
* Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from senior executives to technical specialists.
* Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization.
* Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
* Up-to-date knowledge of methodologies and trends in both higher education and IT.
* Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.
* Poise and ability to act calmly and competently in high-pressure, high-stress situations.
* Must be a critical thinker, with strong problem-solving skills Knowledge and understanding of relevant legal and regulatory requirements, such as: Federal Education Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard (PCI).
* Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
* Project management skills: scheduling and resource management.
* Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist.
* A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital.
* Degree in business administration or a technology-related field, or equivalent work- or education-related experience.
* Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
* Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
* Excellent stakeholder management skills.
* High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
* High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
* Additional background investigations or probes may be conducted as part of hiring process.
Minimum Requirements
Bachelor's Degree from a regionally accredited institution and seven (7) to ten (10) years of related experience in a combination of risk management, information security and IT roles.
Get job alerts
Create a job alert and receive personalized job recommendations straight to your inbox.
Create alert