Chief Information Security Officer
About The Position
The University of Virginia (UVA), one of the nation’s leading public institutions, seeks an experienced, dynamic, and mission-driven leader to be the next Chief Information Security Officer (CISO). Reporting to the Vice Presdient and Chief Information Officer (CIO), the CISO will provide strategic leadership and oversight to a diverse portfolio. They will lead high-performing teams and work collaboratively across a large, complex institution. The CISO must enjoy engaging with the University community, drawing on strong communication skills, a natural ability to build relationships, and comfort explaining complex technical concepts to faculty and staff at all levels. The complexity of this position requires strong leadership, collaboration and partnership skills, and the ability to balance the urgency surrounding the risk of emerging threats with university strategies and business needs. As a critical member of the Information Technology Services (ITS) leadership team, this pivotal role is responsible for establishing and maintaining a university-wide information security management program to ensure that the university’s data and assets are adequately protected. The CISO must stay current with the evolving threat landscape (particularly involving AI-based threats), ensure staff are upskilling to keep pace, and challenging the status quo to ensure the University maximizes its investment in its information security resources. The candidate will work closely with IT leadership, administrative leaders, and academic faculties across Grounds to identify, evaluate, and report on information security risks in a manner that meets compliance and regulatory requirements and aligns with and supports the risk posture of the University.
Requirements
- A bachelor’s degree in Information Technology, Computer Science, Information Systems, or a related field (advanced degree preferred).
- Professional security management certification is strongly desired, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials.
- At least 10 years of experience in a combination of risk management, information security, and IT jobs (at least five must be in a senior leadership role).
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST 800-53, 800-174, and Cybersecurity Framework (CSF).
- Familiarity with AI and machine learning-based tools used across the information security lifecycle.
- Experience with contract and vendor negotiations and management, including managed services.
- Experience with Cloud Computing/IaaS/PaaS/SaaS technologies and services.
- Excellent written and verbal communication skills, interpersonal, relationship-building, and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences at all levels.
Nice To Haves
- Strong understanding of the higher education sector's policy, regulatory, and legislative environment is preferred.
Responsibilities
- Information Security Program Leadership
- Team Leadership
- Policy, Compliance and Audit
- Community and Partner Engagement
- Risk Management, Security Operations, Projects, and Incident Response
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
