Chief Information Security Officer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Management Information Systems, Engineering or equivalent combination of education and experience.
• Ten years of related experience
• Knowledge of word processing and spreadsheet applications.
• Knowledge of IT architecture, project management.
• Knowledge of intermediate troubleshooting, client relations, and the Information Technology Interface Library (ITIL).
• Knowledge of risk management processes.
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of cyber attack stages and intrusion sets.
• Negotiation skills, basic vendor relations, advanced client relation skills, proposal writing, business acumen, persuasive communication.
• Adaptability to change, team leadership skills, and quality assurance methodologies.
• Extensive knowledge of network infrastructure and protocols. (Routing, switching, firewalls, HTTP, DNS, IP, etc.).
• Comfortable writing Python, PowerShell, and regular expressions.
• Extensive working knowledge of Windows based operating systems and Microsoft enterprise technologies.
• Moderate working knowledge of Unix based operating systems.
• Ability to interpret the information collected by network and host detection tools.
• Ability to clearly articulate intelligence requirements into well-formulated research questions and requests for information.
• Ability to multitask and work cooperatively with others.
• This position generally supervises employees.
• The ability to work beyond normal office hours and / or work on weekends.
• Travel required.

Nice To Haves

• Experience in IT including experience in an information security role in a major organization.

Responsibilities

• Sets IT security policy and procedures to ensure network security, access control, physical security, application development, and management appropriately meet institutional, Federal, State, and industry regulatory requirements.
• Communicates to the executive team, Board of Regents, and TAMUS members.
• Collaborates with TAMUS members to identify and execute IT security initiatives.
• Develops, communicates, supports, and manages compliance with IT security policies and internal audits.
• Ensures adoption and implementation of appropriate IT policies including security, processes, State, and Federal regulations, as well as TAMUS rules and procedures.
• -Communicates with the public, employees, faculty, and staff on security procedures, policy changes, and any security events that occur throughout TAMUS.
• Provides leadership for IT security to the agency executive teams.
• Participates in industry research, workshops, and other related continuing education activities to ensure that policies and procedures remain current Effectively support agency security needs, as well as position TAMUS to be protected against future concerns and developments.
• Assemble and publish reports with security metrics.
• Coordinate litigation hold and electronic information preservation activities.
• Participate in IT service team meetings and related committees.
• Coordinate risk assessment activities with the agency’s risk and compliance staff and IT staff.
• Ensures each agency completes and submits required reports to the State and System on time.
• Assess the progress and maturity of each agency’s security plan annually.
• Works to continually mature security practices.
• Coordinates technology related forensic investigations for cybersecurity and related events.
• Work with IT staff to develop standard operating procedures for implementing security controls.
• Write, develop, implement, and maintain the agency Written Information Security & Privacy Plans.
• Assist agency CIO’s in maintaining Business Continuity Plans (BCP), Disaster Recovery Plans (DRP) and Risk Management Plans (RMP).
• Work with researchers, in collaboration with the Research Security Office, to develop strategies to meet and maintain compliance with security requirements.
• Coordinate vulnerability management activities with IT staff and assessing units.
• Work with embedded security analysts within each Engineering agency.
• Serve as the named Chief Information Security Officer of record with the Texas Department of Information Resources (DIR) for each Engineering agency.
• Other duties as assigned or desired.
• Engage with the Texas A&M System Cybersecurity Operations and local information technology staff to identify, investigate, and respond to intrusions and security incidents.
• Participate in a shared CISO governance committee for the Engineering agencies.

Benefits

• Competitive medical insurance benefits through Blue Cross and Blue Shield of Texas and Prescription coverage by Express Scripts.
• Options for Vision, Dental, Life, and Long-Term Disability insurance.
• A defined benefit retirement plan with the Teacher Retirement System of Texas (TRS) with 8.25% employer contribution.
• Additional Voluntary Retirement Programs: Tax Deferred Account 403(b) and a Deferred Compensation Program 457(b).
• Flexible spending account options for medical and childcare expenses
• Generous paid time off with holidays, vacation and sick leave.
• Robust free training access through LinkedIn Learning plus professional development opportunities.
• Tuition assistance and Educational release time to further your academic pursuits.
• Access to Engineer Your Wellness programs that provide opportunities for employees to engage in health and fitness.
• Wellness release time offered to employees to promote work/life balance.