Chief Information Security Officer
UNCG
Posting Details Position Information Position Number 002471 Functional Title Chief Information Security Officer Position Type Staff Position Eclass E2 - SAAO II 12 Month Leave Earning University Information Located in North Carolina’s third largest city, UNC Greensboro is among the most diverse, learner-centered public research universities in the state, with nearly 18,000 students in eight colleges and schools pursuing more than 150 areas of undergraduate and over 200 areas of graduate study. UNCG continues to be recognized nationally for academic excellence, access, and affordability. UNCG is ranked No. 1 most affordable institution in North Carolina for net cost by the N.Y. Times and No. 1 in North Carolina for social mobility by The Wall Street Journal — helping first-generation and lower-income students find paths to prosperity. Designated an Innovation and Economic Prosperity University by the Association of Public and Land-grant Universities, UNCG is a community-engaged research institution with a portfolio of more than $67M in research and creative activity. The University’s 1,100 faculty and 1,700 staff help create an annual economic impact for the Piedmont Triad region in excess of $1B. Primary Purpose of the Organizational Unit The Information Technology Services Division is a strategic partner to the executive team in achieving the goals of the university. The Vice Chancellor for Information Technology Services and Chief Information Officer reports directly to the Chancellor and is a member of the Chancellor’s Council. IT services are highly centralized at UNCG, with ITS providing and managing all of the technology services consumed by students, faculty, staff, and visitors. This structure affords amazing opportunities for technology leaders to research, launch, and implement ideas that have a lasting positive impact on the university. Position Summary The CISO has enterprise-wide leadership responsibility for establishing and maintaining information security policies and standards, executing IT risk management processes, guiding efforts to identify, detect, and respond to security threats, and maintaining the confidentiality, integrity, and availability of University information resources.
The CISO will:
Develop and implement a strategic, long-term information security strategy to ensure that UNC Greensboro’s information resources are adequately protected. Lead the development of comprehensive information security policies, procedures, standards, and guidelines, and oversee their approval, dissemination, and maintenance. Ensure that the information security management program enforces compliance with applicable policies, laws, regulations, and contractual requirements. Lead efforts to monitor and maintain compliance with FERPA, HIPAA, GLBA, PCI, DMCA, GDPR, and other applicable laws and regulations, as well as University and UNC System policies. Work to strike an optimal balance between the necessity for business and pedagogical functionality with the need for security, safety and data privacy in all aspects of University operations. Identify, evaluate, and report on information security risks, program developments, and improvement projects to the executive committees and the Board of Trustees, and provide subject matter expertise on security standards and best practices. Work with senior leaders across the university to identify and assess IT risks, establish risk tolerance, navigate risk acceptance processes, monitor remediation efforts, and implement mitigating and compensating controls necessary to reduce IT risks to acceptable levels. Act as the champion for the enterprise information security program and foster a security-aware culture through creative and effective efforts towards ongoing Security Awareness Training & Education (SATE). Develop, mentor, lead, and manage a high-performing cross-functional team of information security, risk, and compliance professionals. Be an active participant and take a leadership role in relevant councils, committees, and working groups in areas related to IT Governance, Information Security, Data Governance, Identity & Access, and Privacy. Supervise all aspects of security operations for the daily defense of the University, including monitoring, detection, investigation, and response to attacks, vulnerabilities, and emergent threats. Oversee the evaluation, selection, and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive. Partner with enterprise architects, infrastructure engineers, and application development teams to ensure that UNCG technologies are developed and maintained according to security policies, frameworks, and guidelines. Supervise efforts to satisfy regulatory requirements, including execution of internal and external IT audit activities and implementation of remediation actions. Develop business-focused metrics to measure the effectiveness of the information security program, and work to increase the maturity of the program over time. Monitor the industry and external environment for emerging threats and advise relevant stakeholders on appropriate postures in response to the changing threat landscape. Liaise with law enforcement and other advisory bodies as necessary to ensure that the organization maintains a strong security posture. Oversee incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations, and legal matters. Oversee and lead the creation, communication, and implementation of a process for managing vendor risk and other third-party risk. Minimum Qualifications Bachelor’s Degree or higher with a major in computer science, information technology, business or public administration, or related disciplines; OR equivalent combination of education and/or experience Deep expertise and technical knowledge in the information security and risk management domains 10+ years of experience managing an information security area, program, or office with a proven track record of creating and maintaining information security practices and/or services Demonstrated recent experience and achievements with managing and prospering a comprehensive information security program, including well-known IT and information security standards (i.e. ISO 27001/2, COBIT), auditable compliance, policy governance, data management, and risk management Ability to effectively communicate security concepts and strategies and influence best-practice adoption to a wide variety of audiences Knowledge of Higher Education policies and best practices in regard to FERPA, HIPAA, FISMA, GLBA, and other regulations Strong customer service ethic Demonstrated recent experience in a senior leadership role with accountability to executive management Outstanding communication abilities, both written and verbal Additional Required Certifications, Licensures, and Certificates Preferred Qualifications Special Instructions to Applicants Recruitment Range Salary commensurate with experience Org #-Department Info Technology Services - 23101 Job Open Date 07/09/2024 For Best Consideration Date 07/16/2024 Job Close Date Open Until Filled Yes FTE 1.000 Type of Appointment Permanent If time-limited, please specify end date for appointment. Number of Months per Year 12 FLSA Exempt Key Responsibilities ________________________________________________________________________________________________________________________ Percentage Of Time 20 Key Responsibility Enterprise Information Security Strategy Essential Tasks Lead the development of a comprehensive Information Security strategy that effectively balances risk against ongoing and strategic business needs for innovation and operational efficiency. Effectively communicate information security strategy at multiple levels within the organization. Coordinate the development and delivery of a security awareness training program for employees, contractors, and other parties. Coordinate the use of external third-party resources for the development, implementation, and monitoring of the information security program, including penetration testing. Establish a metrics-driven dashboard to evaluate the effectiveness of the Information Security program. Serve as a key thought leader in Information Security, which includes working with key partners both internal and external to the University, vendors, and peers in the UNC System to develop thought leadership around policies, processes, and capabilities that can help change or enhance the security posture at UNC Greensboro. Percentage Of Time 20 Key Responsibility Enterprise Information Technology Risk and Compliance Management Essential Tasks Enterprise Information Technology Risk and Compliance Management: Develop and implement an IT risk management program that includes threat modeling, monitoring for exposures, risk identification, risk analysis, creation and implementation of risk treatment and mitigation plans, and reporting to executive management on both a regular and event-driven basis. Develop and implement procedures and tools for monitoring, maintaining, and reporting on compliance with applicable policies, laws, regulations, frameworks, and other requirements. Percentage Of Time 20 Key Responsibility Information Security Plans, Programs, Policies and Controls Essential Tasks Information Security Plans, Programs, Policies, and Controls: Work proactively with the ITS leadership team and their direct reports to ensure strategic plans, security programs, and technical controls are aligned with their respective business strategies and in compliance with policies, applicable laws, and regulations. Mature the ITS organization to a constant state of audit readiness, ensuring that proper controls and documentation are consistent across the organization, managed in a central divisional repository, and reviewed and updated at established intervals with organizational accountability to the Chief Information Security Officer. Work closely with senior ITS leadership to mature University technology policies, expiring, updating, and writing as needed to remain relevant against service portfolio changes and shifts in service delivery models. Percentage Of Time 20 Key Responsibility Transformational Leadership Essential Tasks Transformational Leadership: Engage as a thought leader with the ITS leadership team to collect and leverage customer demand and actual cost of service delivery data to right-size the enterprise technology services portfolio, build agile, cost-effective technology services, effectively tell the ITS story, and re-invent organizational talent to a new paradigm for service delivery. Work with other ITS leaders to mature foundational IT processes and systems to increase capabilities and improve operational efficiency. Work with ITS senior leadership to develop a multi-year information security plan that prioritizes security initiatives and spending based on appropriate risk management and/or financial methodology. Build information security services that are customer-driven and fully aligned to both the University and ITS strategic plans. Build and lead a cross-functional security organization that may draw upon the resources and technical expertise of ITS and other technology organizations. Percentage Of Time 20 Key Responsibility Provide strategic and tactical security guidance for programs and projects as it pertains to the design, implementation, and operation of security controls Essential Tasks This includes the evaluation of the enterprise architecture, hardware, software, and technical controls. Lead the enterprise information security incident response function. Provide oversight for security investigations, and assist with disciplinary and legal matters associated with security breaches and policy violations as necessary. ADA Checklist ADA Checklist
The CISO will:
Develop and implement a strategic, long-term information security strategy to ensure that UNC Greensboro’s information resources are adequately protected. Lead the development of comprehensive information security policies, procedures, standards, and guidelines, and oversee their approval, dissemination, and maintenance. Ensure that the information security management program enforces compliance with applicable policies, laws, regulations, and contractual requirements. Lead efforts to monitor and maintain compliance with FERPA, HIPAA, GLBA, PCI, DMCA, GDPR, and other applicable laws and regulations, as well as University and UNC System policies. Work to strike an optimal balance between the necessity for business and pedagogical functionality with the need for security, safety and data privacy in all aspects of University operations. Identify, evaluate, and report on information security risks, program developments, and improvement projects to the executive committees and the Board of Trustees, and provide subject matter expertise on security standards and best practices. Work with senior leaders across the university to identify and assess IT risks, establish risk tolerance, navigate risk acceptance processes, monitor remediation efforts, and implement mitigating and compensating controls necessary to reduce IT risks to acceptable levels. Act as the champion for the enterprise information security program and foster a security-aware culture through creative and effective efforts towards ongoing Security Awareness Training & Education (SATE). Develop, mentor, lead, and manage a high-performing cross-functional team of information security, risk, and compliance professionals. Be an active participant and take a leadership role in relevant councils, committees, and working groups in areas related to IT Governance, Information Security, Data Governance, Identity & Access, and Privacy. Supervise all aspects of security operations for the daily defense of the University, including monitoring, detection, investigation, and response to attacks, vulnerabilities, and emergent threats. Oversee the evaluation, selection, and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive. Partner with enterprise architects, infrastructure engineers, and application development teams to ensure that UNCG technologies are developed and maintained according to security policies, frameworks, and guidelines. Supervise efforts to satisfy regulatory requirements, including execution of internal and external IT audit activities and implementation of remediation actions. Develop business-focused metrics to measure the effectiveness of the information security program, and work to increase the maturity of the program over time. Monitor the industry and external environment for emerging threats and advise relevant stakeholders on appropriate postures in response to the changing threat landscape. Liaise with law enforcement and other advisory bodies as necessary to ensure that the organization maintains a strong security posture. Oversee incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations, and legal matters. Oversee and lead the creation, communication, and implementation of a process for managing vendor risk and other third-party risk. Minimum Qualifications Bachelor’s Degree or higher with a major in computer science, information technology, business or public administration, or related disciplines; OR equivalent combination of education and/or experience Deep expertise and technical knowledge in the information security and risk management domains 10+ years of experience managing an information security area, program, or office with a proven track record of creating and maintaining information security practices and/or services Demonstrated recent experience and achievements with managing and prospering a comprehensive information security program, including well-known IT and information security standards (i.e. ISO 27001/2, COBIT), auditable compliance, policy governance, data management, and risk management Ability to effectively communicate security concepts and strategies and influence best-practice adoption to a wide variety of audiences Knowledge of Higher Education policies and best practices in regard to FERPA, HIPAA, FISMA, GLBA, and other regulations Strong customer service ethic Demonstrated recent experience in a senior leadership role with accountability to executive management Outstanding communication abilities, both written and verbal Additional Required Certifications, Licensures, and Certificates Preferred Qualifications Special Instructions to Applicants Recruitment Range Salary commensurate with experience Org #-Department Info Technology Services - 23101 Job Open Date 07/09/2024 For Best Consideration Date 07/16/2024 Job Close Date Open Until Filled Yes FTE 1.000 Type of Appointment Permanent If time-limited, please specify end date for appointment. Number of Months per Year 12 FLSA Exempt Key Responsibilities ________________________________________________________________________________________________________________________ Percentage Of Time 20 Key Responsibility Enterprise Information Security Strategy Essential Tasks Lead the development of a comprehensive Information Security strategy that effectively balances risk against ongoing and strategic business needs for innovation and operational efficiency. Effectively communicate information security strategy at multiple levels within the organization. Coordinate the development and delivery of a security awareness training program for employees, contractors, and other parties. Coordinate the use of external third-party resources for the development, implementation, and monitoring of the information security program, including penetration testing. Establish a metrics-driven dashboard to evaluate the effectiveness of the Information Security program. Serve as a key thought leader in Information Security, which includes working with key partners both internal and external to the University, vendors, and peers in the UNC System to develop thought leadership around policies, processes, and capabilities that can help change or enhance the security posture at UNC Greensboro. Percentage Of Time 20 Key Responsibility Enterprise Information Technology Risk and Compliance Management Essential Tasks Enterprise Information Technology Risk and Compliance Management: Develop and implement an IT risk management program that includes threat modeling, monitoring for exposures, risk identification, risk analysis, creation and implementation of risk treatment and mitigation plans, and reporting to executive management on both a regular and event-driven basis. Develop and implement procedures and tools for monitoring, maintaining, and reporting on compliance with applicable policies, laws, regulations, frameworks, and other requirements. Percentage Of Time 20 Key Responsibility Information Security Plans, Programs, Policies and Controls Essential Tasks Information Security Plans, Programs, Policies, and Controls: Work proactively with the ITS leadership team and their direct reports to ensure strategic plans, security programs, and technical controls are aligned with their respective business strategies and in compliance with policies, applicable laws, and regulations. Mature the ITS organization to a constant state of audit readiness, ensuring that proper controls and documentation are consistent across the organization, managed in a central divisional repository, and reviewed and updated at established intervals with organizational accountability to the Chief Information Security Officer. Work closely with senior ITS leadership to mature University technology policies, expiring, updating, and writing as needed to remain relevant against service portfolio changes and shifts in service delivery models. Percentage Of Time 20 Key Responsibility Transformational Leadership Essential Tasks Transformational Leadership: Engage as a thought leader with the ITS leadership team to collect and leverage customer demand and actual cost of service delivery data to right-size the enterprise technology services portfolio, build agile, cost-effective technology services, effectively tell the ITS story, and re-invent organizational talent to a new paradigm for service delivery. Work with other ITS leaders to mature foundational IT processes and systems to increase capabilities and improve operational efficiency. Work with ITS senior leadership to develop a multi-year information security plan that prioritizes security initiatives and spending based on appropriate risk management and/or financial methodology. Build information security services that are customer-driven and fully aligned to both the University and ITS strategic plans. Build and lead a cross-functional security organization that may draw upon the resources and technical expertise of ITS and other technology organizations. Percentage Of Time 20 Key Responsibility Provide strategic and tactical security guidance for programs and projects as it pertains to the design, implementation, and operation of security controls Essential Tasks This includes the evaluation of the enterprise architecture, hardware, software, and technical controls. Lead the enterprise information security incident response function. Provide oversight for security investigations, and assist with disciplinary and legal matters associated with security breaches and policy violations as necessary. ADA Checklist ADA Checklist
R for Rare (0-30%), O for Occasional (30-60%), F for Frequent (60-90%), C for Constant (90-100%).
Physical Effort Hand Movement-Repetitive Motions - F, Reading - F, Writing - F, Hearing - f, Talking - f Work Environment Inside - c Applicant Documents Required Documents Resume/CV Cover Letter List of References Optional Documents Reference Letter 1 Reference Letter 2 Reference Letter 3 Supplemental QuestionsRequired fields are indicated with an asterisk (*).
* Are you eligible to work in the United States without sponsorship? Yes No
Confirm your E-mail: Send Email
All Jobs from UNCG