Chief Information Security Officer

About The Position

Requirements

• University degree or equivalent post-secondary education and/or experience required.
• 10+ years of progressive cybersecurity experience including significant leadership experience and a proven track record of achievement and success in a complex higher education environment.
• Knowledge of common information security management frameworks (NIST CSF).
• Knowledge of common information security standards (PCI DSS, NIST SP 800-53, CIS, OWASP).
• High level of personal integrity.
• Ability to effectively present risks, strategies and plans in an objective manner to senior administration of the University.
• Excellent verbal and written communication skills.
• Ability to communicate technical concepts to both technical and non-technical audiences.
• Stays calm in a crisis.
• Strong leadership skills are essential, with a demonstrated positive track record of leading a cohesive team with common goals and measurable outcomes in a complex IT environment.
• Demonstrated ability to influence, negotiate, and develop relationships at senior levels and across a wide range of personalities and functions
• Strong organizational and problem-solving skills combined with excellent analytical and planning abilities.
• Experience with identification and cost-effective treatment of cybersecurity risks in an open, collaborative academic environment is strongly preferred.
• Professional information security management certification (e.g., CISSP/CISA) is preferred.

Nice To Haves

• Professional information security management certification (e.g., CISSP/CISA) is preferred.

Responsibilities

• Establishes the direction and priorities for the Information Security Services group
• Serves as an integral member of both IST’s Senior Leadership and Management Teams
• Participates in the development of the long-term vision and planning for IT both in IST and across campus
• Develops the Information Security Services group’s annual plans and priorities and is a key contributor to the creation and execution on strategic planning for both IST and IT on campus.
• Ensures the effective utilization, deployment, and development of human and capital resources
• Oversees hiring and overall management of the Information Security Services group.
• Deploys staff to meet the goals and objectives of the Information Security Services group most appropriately.
• Coaches, trains, and develops employees to enable their professional development.
• Reviews and approves ongoing information security expenses.
• Approves annual performance plans and conducts regular reviews with direct reports.
• Works with the CIO, IST Senior Leaders to intake IT requests, develop strategy, assess emerging technologies, and maintain tactical roadmaps.
• Intake requests for new IT initiatives and ongoing support from the campus community.
• Lead IT strategy development across the University aligned to the institution’s strategic plan.
• Assesses emerging technologies and implement technology solutions to drive innovation.
• Conduct yearly reviews and implement tactical roadmaps to sustain the IT annual and strategic plans.
• Support a collaborative and coordinated model of IT governance, including with IT representatives in the faculties, the VP Administration and Finance and the Provost’s office, senior management, and Associate Deans of Computing or equivalent, where applicable.
• Work with peer institutions and both participate in, and identify new opportunities for IT alliances, in conjunction with Canadian and international groups and alliances.
• Accountable for the development and maintenance of the University’s cybersecurity incident response procedure.
• Leads the response to cybersecurity incidents, coordinating relevant stakeholders in an emergency situation to protect the university’s network and digital assets, and escalating to senior management as appropriate.
• Maintains enterprise central log management systems and implements techniques for the detection and response to malicious activity and unauthorized access.
• Administers the University’s cyber vulnerability management program.
• Shares and receives threat intelligence with/from other institutions, government agencies, and law enforcement to strengthen cybersecurity posture of higher education in Canada.
• Further participates as the university’s key representative in various Ontario and Canada-wide committees related to cybersecurity in both higher education and in the broader public sector.
• Establishes institutional identity and access management principles and standards
• Responsible for the development, maintenance, and operation of the University’s identity management system (WatIAM) and designated access management systems (Grouper, 2FA, Shibboleth).
• Ensures integration with systems of record and target information systems and technology infrastructure.
• Ensures appropriate delegation of administration of campus identities.
• Oversees and manages processes and tracking of access requests to university user accounts in exceptional circumstances (involuntary terminations, next-of-kin)
• Oversees Information Risk Assessments in collaboration with IST Senior Leaders.
• Assists LIS with Privacy Impact Assessments and related procedures.
• Assists IST Senior Leaders, the CIO, and other stakeholders with developing and interpreting University Records Management procedures.
• Leads the University’s cybersecurity awareness program.
• Assists the University’s Office of Risk and Compliance to ensure congruence of policies and procedures related to Cyber and Information Security.
• Supports Finance to ensure the University complies to PCI DSS standards.
• Conducts cybersecurity and privacy risk assessments of information technology initiatives to ensure appropriate management of risks.
• Assists the Office of Research with ensuring research activities are compliant with contractual obligations, as well as supporting the Office of Research Ethics with cybersecurity risk assessments of research activities, as appropriate.
• Oversees the cybersecurity management of Advanced Research Computing facilities hosted by the University, as part of national digital research infrastructure services.
• Assists Secretariat and the CIO in developing University-level Policy regarding IT and IT security.
• Accountable to the CIO, the Vice Presidents and President, and the Board of Governors for information security audits and related risk management.
• Act as an approachable resource and trusted advisor for IT leadership and researchers in securing research information while preserving academic openness.
• Supports Associate Deans with Policy 71 investigations relating to computing infrastructure.
• Assists the University of Waterloo Special Constable Services with investigations as appropriate.
• Assists with workplace investigations led by Human Resources or Conflict Management & Human Rights involving a cyber component.
• Responds to court orders for monitoring and identity information collected by services managed by Information Security Services, in consultation with Legal and Immigration Services.

Benefits

• support & opportunities that empower you to advance your career