Chief Information Security Officer (CISO)

About The Position

Requirements

• Master's degree in related field or equivalent combination of education and experience.
• Extensive mid/senior level leadership and managerial experience.
• Extensive cybersecurity experience with IT security standards or frameworks such as ISO 27002 and NIST 800 series.
• Extensive experience with security policy and administration.
• Demonstrated experience with evolving state-of-the-art information security technologies and approaches.
• Expert leadership experience.
• Experience with information system auditing including security reviews, control selection, and evaluation of systems using a risk-based approach.
• Demonstrated experience in crises management and response.
• Expertise in risk management approaches to assess and address security and other types of information technology-related risks.
• Demonstrated accomplishments in program leadership, policy development, and project management.
• Demonstrated strong interpersonal and communications skills, plus the ability to achieve goals through influence, collaboration, and cooperation.
• Demonstrated ability to communicate technical concepts and solutions to both technical and non-technical audiences.
• Demonstrated ability to work with senior university staff and senior technical personnel.
• Knowledge of computer forensic investigation methodology and investigation tools to collect, analyze, and preserve electronic evidence.
• Integrity and high standards of personal and professional conduct.
• Top Secret clearance or ability to obtain one within 6 months of hire (U.S. citizenship required).
• Required industry certifications such as a Certified Information Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), or Certified Information Security Manager (CISM), or ability to obtain within 60 days of hire.

Nice To Haves

• Experience working in a higher education or a research environment.
• Direct knowledge in the specific technical areas of systems administration, applications development, database administration, network operations, or data center operations.

Responsibilities

• Develops, communicates, and oversees the implementation of a strategic, comprehensive information security and risk roadmap for Mason and for ITS.
• Works with Mason leadership to identify risks to the confidentiality, integrity, and availability of university systems and data.
• Provides leadership in the enforcement of security and associated policies.
• Provides leadership to the ITSO in the analysis, discussion, and development of security policy, standards, and practices, and guides the acquisition of advanced security technology.
• Collaborates with and supports IT colleagues to monitor, assess, and test security solutions.
• Develops and enhances an information security governance framework to guide Mason's information security compliance efforts.
• Coordinates and tracks information security related audits at all internal, state, and federal levels.
• Ensures that the ITSO provides timely and documented responses to security concerns of IT projects.
• Assists with the assessment of business requirements and advises on IT security products, services, and solutions.
• Develops and implements plans to ensure compliance with applicable laws, regulations, and requirements.
• Serves as or is accountable to designate a ‘qualified individual' responsible for overseeing the information security program.
• Ensures that Mason's IT Security policies are up to date and provide appropriate protections for Mason.
• Manages a broad range of complex security and risk-related issues in information technology.
• Continually evaluates risks and acts expeditiously in making decisions and recommendations.
• Evaluates Mason's security environment and provides strategic risk guidance for technical controls.
• Assists in establishing best practices and procedures for information assurance, disaster recovery, and business continuity.
• Leads, plans, coordinates, and participates in required training exercises for incident response.
• Leads and coordinates institutional responses to security incidents, providing timely reports during the incident and remediation.
• Tracks security incidents and administers a Mason-wide IT Security Risk Management Program.
• Works with IT and communications teams to address communication needs associated with security incidents.
• Directs teams in deployment and management of appropriate security tools and other applicable enterprise-wide systems.
• Provides consultation, guidance, and investigation regarding information security, policy, and security education and training.
• Documents and publishes security standards, processes, and procedures that the university community is expected to meet.
• Develops and enhances an information security and risk management awareness training program for all employees.

Benefits

• Salary commensurate with education and experience
• Hybrid eligible workplace
• Professional development opportunities
• Health insurance
• Retirement plan options
• Paid holidays and leave