Chief Information Security Officer

About The Position

Requirements

• Bachelor's degree, preferably in information technology, computer science, information systems, cybersecurity, business, or a related field.
• At least seven years of progressive experience in information security, risk management, or closely related IT leadership roles, including experience leading or serving as a primary owner for one or more major components of an enterprise or institutional information security program.
• Demonstrated experience leading information security work that includes most of the following: security governance, risk assessment, incident response, identity and access management, vendor and third-party technology risk, security policy development, and security architecture or design.
• Strong interpersonal communication, relationship building, change leadership, and strategic planning skills.
• Experience working in a complex, decentralized organization and building strong relationships and influence across diverse stakeholders.

Nice To Haves

• Master's degree in a related field.
• Professional security certifications such as CISSP, CISM, CRISC, or equivalent.
• Experience in higher education, public sector, or another complex non profit institution.
• Experience with cloud security, vendor and third-party risk management, and budget management.
• Experience partnering on or supporting technology aspects of digital accessibility and responsible AI use, or a clear interest in learning and leading in these areas.
• Experience with network and systems security architecture and analysis and familiarity with regulatory and compliance frameworks such as FERPA, GLBA, HIPAA, PCI DSS, CMMC, or similar standards.

Responsibilities

• Provide institution level leadership for UNI's information security and privacy program, including strategy, governance, and day to day operations of the information security office.
• Identify and assess information security, privacy, and technology risks and recommend and implement standards, control frameworks, and processes that support teaching, learning, research, and operations in a regional comprehensive university setting.
• Design and maintain a modern security architecture across networks, systems, applications, cloud services, and data platforms, aligned with university policies, Board of Regents expectations, and applicable regulatory and contractual requirements.
• Oversee identity and access management, including account lifecycle, multi factor authentication and authorization, privileged access, and related governance and controls.
• Lead incident monitoring, detection, investigation, and response, including post incident reviews that drive continuous improvement and realistic risk reduction. Significant incidents may occasionally require leadership and coordination outside standard business hours.
• Partner with IT units and campus leaders to embed security and privacy requirements into technology planning, solution design, procurement, and change management, including vendor and third-party technology risk, digital accessibility, and AI related initiatives.
• Develop and champion security awareness and education efforts for the university community and provide consulting support so departments and IT staff can implement secure, practical solutions.
• Lead, coach, and develop a collaborative, customer focused security team and build strong partnerships with IT units, colleges, divisions, and administrative offices.
• Participate in and help lead information security governance processes, manage designated budgets, recommend tools and services, and represent UNI with Regents partners, peer institutions, government entities, auditors, insurers, and relevant professional organizations.