Chief Information Security Officer

CSU Careers•Los Angeles, CA

About The Position

California State University, Los Angeles, invites applications for the above Administrator III position. The University: California State University, Los Angeles (Cal State LA) is one of 22 campuses within the California State University system. The University is the premier comprehensive public university in the heart of Los Angeles. We offer nationally recognized programs and our faculty have a strong commitment to scholarship, research, creative pursuits, and service. As a federally recognized Hispanic-serving (HSI) and Asian-American, Native American, and Pacific Islander-serving institution (AANAPISI), Cal State LA recognizes the transformative power of education and embraces its duty to identify and serve the needs of all of its students. The University is committed to creating a community in which a diverse population of students, faculty, and staff can thrive. The Position: The Chief Information Security Officer (CISO) is responsible for overseeing, managing, and safeguarding Cal State LA's information security posture and meeting the security control requirements of the applicable Federal, State, and local compliance mandates. This includes establishing information security visions, strategies, architecture, governance, and capability roadmaps, developing, and implementing comprehensive information security policies, procedures, and programs, conducting regular security assessments, audits, and penetration testing, and responding to security incidents. Reporting directly to the Vice President, this pivotal role entails exercising enterprise-wide authority to ensure compliance with university information security policies and IT risk management practices, consistent with industry standards and governmental regulations. The CISO also serves as a strategic advisor to the university's executive leadership on information security matters. This comprehensive role involves a strategic and multifaceted approach to information security, data governance, risk management, and regulatory compliance, contributing significantly to the university's overall cybersecurity posture and resilience. As an advocate for Cal State LA's overall information security needs and awareness planning, the ClSO provides vision and leadership for developing and supporting security and compliance initiatives. The incumbent, serving as the CISO, directs the planning and implementation of security controls for enterprise IT systems, business operations, and facility defenses against security breaches and vulnerability issues. Additionally, the CISO is responsible for auditing existing systems and overseeing the administration of security policies, activities, and standards to meet the applicable IT and regulatory compliance mandates. The incumbent works closely with the legal, audit, and Human Resources Management (HRM) to assist with non-retention, investigation, e-discovery, and litigation requirements. Incumbent serves as the campus security and compliance liaison on various committees including the CSU Information Security Advisory Committee (ISAC) and CSU system-wide information security initiatives. Key Responsibilities of the CISO: In collaboration with the university's executive leadership, the CISO plays a pivotal role in defining acceptable levels of information security risk, aligning cybersecurity strategies with institutional objectives, and ensuring the university's overall resilience against cyber threats and regulatory compliance requirements.

Requirements

Bachelor's degree from an accredited four-year college or university in information security, computer science, or a related field.
Minimum of 8-10 years of progressive experience in information security, cybersecurity, or a related field.
Proven experience in a leadership role, overseeing comprehensive information security programs, and managing security initiatives in a complex organizational environment, preferably in higher education.
Demonstrated ability to provide strategic vision and leadership in information security.
Strong communication skills with the ability to effectively convey complex security concepts to both technical and non-technical stakeholders.
Experience collaborating with executive management and presenting to governing boards.
In-depth knowledge of information security principles, cybersecurity technologies, and risk management frameworks.
Experience with the implementation and management of security operations centers (SOCs) and security monitoring systems.
Familiarity with industry-accepted information security standards, frameworks, and best practices.
Expertise in developing, implementing, and maintaining information security policies, procedures, and standards.
Experience with information security governance and ensuring compliance with applicable industry standards and governmental regulations.
Proven experience leading and managing incident response teams in. addressing security breaches and cyberattacks.
Strong background in conducting risk assessments and implementing risk management strategies.
Experience managing relationships with security-related vendors and overseeing security services.
Knowledge of vetting and reviewing security practices and controls of third-party service providers.
Familiarity with data governance frameworks and the ability to enforce data classification rules and procedures.
Experience with overseeing compliance efforts, including audits and assessments related to FERPA, GLBA, HIPAA, and other relevant regulations.
Track record of developing and implementing strategic plans for information security programs.
Ability to align information security initiatives with organizational goals.
Demonstrated commitment to staying abreast of the latest trends, emerging threats, and best practices in information security.
Participation in professional organizations, conferences, and networking events in the cybersecurity field.
Experience in leading and developing a diverse team of information security professionals.
Ability to foster a collaborative and inclusive team culture.
Understanding of legal and regulatory requirements related to information security, particularly in the context of higher education.
Incumbent must demonstrate an interest or ability in working in a multicultural/multiethnic environment.
A background check (including a criminal records check) must be completed satisfactorily before any candidate can be offered a position with the CSU.
Failure to satisfactorily complete the background check may affect the application status of applicants or continued employment of current CSU employees who may apply for the position.
California State University, Los Angeles, as part of the CSU system, is a State of California Employer. As such, the University requires all employees upon date of hire to reside in the State of California.
As of January 1, 2022 the CSU Out-of-State Employment Policy prohibits the hiring of employees to perform CSU-related work outside the state of California.
The person holding this position is considered a "mandated reporter" under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 revised July 21, 2017, as a condition of employment.

Nice To Haves

Five (5) or more years of experience in leading teams in a management or leadership role, particularly in a fast-paced, service-oriented environment.
Experience working in higher education information technology.
Familiar with CSU security and compliance policies and procedures.
Familiar with Agile Software Process and Management.
Understanding of Cal State LA's mission and values.
Commitment to diversity, equity, and inclusion.

Responsibilities

Identify risks and IT security and compliance requirements and priorities: Collaborate with executive management to establish acceptable risk profiles, balance security measures with operational needs and business objectives, identify and remediate security-related compliance gaps, establish security and compliance governance processes to ensure security and compliance solutions are appropriate, and resources are allocated based on the priorities of the university business objectives.
Protect the information assets and reputation of the university from cyberattacks: Design, implement, and maintain a comprehensive campus-wide information security management program, encompassing policies, procedures, practices, and capabilities to safeguard sensitive data and critical infrastructure. Conduct security awareness program to educate Cal State LA user community to protect themselves from phishing and/or cyberattacks.
Detect cyber threats, attacks, system vulnerabilities, and security-related non-compliance issues: Enhance technical capabilities to improve cyber threat detection effectiveness. Develop IT security talents to identify symptoms of cyberattacks. Establish security threat detection processes to monitor cyber risks and vulnerabilities. Lead the assessments and security health check efforts on regulatory compliance mandates including FERPA, PII, GLBA, GDPR, PCI DSS, and HIPAA.
Respond to security incidents and cyberattacks: Maintain up-to-date Incident Response Management Plans and improve the university's incident response readiness via CSIRT training and tabletop exercises. Lead the incident response efforts, perform investigation, coordinate remediation activities, and ensure effective communication with stakeholders during and after security breaches or cyberattacks. Collect evidence for cyber incidents to enable post incident activities.
Restore disrupted systems and business capabilities after cyber incidents: Coordinate with Infrastructure Team to back up critical systems and sensitive data to enable quick and comprehensive restoration of systems after cyber-attacks or system disruption.
Strategic Planning and Prioritization: Actively participate in IT strategic planning initiatives, projects, and resource allocation decisions, prioritizing security investments and aligning cybersecurity strategies with the university's evolving needs.
IT Audit Oversight: Oversee IT-related audit responses, ensuring adherence to internal controls, regulatory compliance requirements, and industry best practices.