Chief Information Security Officer

North Carolina State University-posted about 1 month ago
Full-time • Executive
Raleigh, NC
5,001-10,000 employees
Educational Services
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The Security & Compliance Unit (S&C) within the Office of Information Technology (OIT) oversees the cybersecurity of the University's systems and data in a manner consistent with industry best practices and the University's IT compliance and IT risk management obligations. S&C develops and ensures compliance with cybersecurity policies/regulations/procedures, supports and oversees implementation of strategic information security initiatives, provides operational security services, and provides campus-wide vendor risk and license management. S&C is also the functional lead for the university's identity and access management program. S&C's overall responsibilities include the following: Development/maintenance of the university's cybersecurity strategic plan and roadmap Implementation of strategic cybersecurity initiatives Operational security services Coordination of IT resilience efforts and change management processes Manage the University wide operational cybersecurity services Establish, review, and enforce university-wide IT and cybersecurity policies, standards, and procedures, while also ensuring compliance with federal/state regulations and contractual obligations. Campus-wide IT vendor risk and license management The Chief Information Security Officer (CISO) reports to the Vice Chancellor for Information Technology and Chief Information Officer (CIO) and leads the Security and Compliance Unit (S&C) in the Office of Information Technology (OIT). The CISO is a member of the OIT Leadership Cabinet and works closely with senior administration, academic leaders, and the campus community to optimize the security posture of the university. The CISO is responsible for developing, implementing and maintaining the university's comprehensive cybersecurity program that ensures the confidentiality, integrity, and availability of university data and technology resources. This program utilizes industry best practices and employs a range of policy, procedural, and technological controls to manage risk to NC State University's information assets. The CISO leads a cybersecurity program that harnesses collaborations and campus-wide resources, promotes effective cybersecurity governance, advises senior leadership on strategic cybersecurity direction and resource investments, and develops policies to effectively manage IT and cybersecurity risks. The CISO is responsible for managing the S&C portfolio within its operating budget of over $5 million as well as overseeing VRLM's maintenance and negotiation of licenses totaling over $12 million.

  • Provide leadership and oversight of activities and services related to the S&C unit.
  • Ensure ongoing collaboration with OIT units, colleges, administrative units and key constituents such as data stewards, data trustees, the Office of General Counsel, Internal Audit, and Emergency Management & Mission Continuity regarding overall cybersecurity requirements.
  • Provides regular updates to the VCIT/CIO and other University leaders regarding cybersecurity matters, including ongoing program reporting and incident reporting.
  • Serve as co-chair of the Research Controlled Unclassified Information (CUI) Security Compliance Committee and Guest/Affiliate Steering Team.
  • Serve on a number of committees as a member or in an advisory capacity (e.g., Strategic IT Committee (SITC), Campus IT Directors, Enterprise Risk Management Advisory Team, Data Steward Committee, Data Governance Council, etc.).
  • Serve on the UNC Information Security Council and establish collaboration and partnerships with the colleges/universities in the UNC system.
  • Facilitate NC State's annual self assessments with the UNC security framework and policy requirements
  • Be an active participant in the appropriate national organizations such as EDUCAUSE and be involved with collaboration and engagement in security initiatives.
  • Provide leadership to the Cybersecurity Awareness Team and ensure functionality of the Cybersecurity Liaisons program to assist with maintaining a secure university landscape and resulting project priorities.
  • Lead the development of the annual presentation to the University Board of Trustees regarding the university's security threat and risk landscape
  • Provide executive responsibility and expert oversight for strategies, plans, policies, processes and operations that safeguard the security of technology systems and university information, regardless of format or medium (electronic, paper, etc.).
  • Lead the continuous enhancement of a 3-5 year university cybersecurity strategic plan and roadmap that addresses needed resources (people, processes, technology) for a secure university environment and is prioritized using a developed risk management process.
  • Engage with university leaders to communicate vision and drive information security programs and concepts into all business processes and programs. Partners with executive leadership in achieving successful delivery of the following functional areas of Security: Governance and Policy, IT Risk Management, Compliance Management, Identity and Access Management, Endpoint Security, Security Operations, Vulnerability Management, Security Training and Awareness, Application Security, Cybersecurity Assessments and Testing, Cybersecurity Analytics and Cybersecurity Portfolio Management.
  • Manage the university's information security governance processes and provide leadership to the Information Security Advisory Group
  • Collaborate with university leadership to develop and foster a culture supporting a high-level of cybersecurity and compliance in university activities, while ensuring actions are appropriately measured against university philosophies, attitudes, and its research and education missions. Provide leadership and guidance for the secure use of Artificial Intelligence (AI).
  • Work closely with the research community in exploring new and novel approaches to cybersecurity within networking, data management systems, software development, federation and identity management, and other research instruments and platforms.
  • Develop and maintain strategic external relationships and partnerships to support and improve cybersecurity and compliance.
  • Other duties as assigned.
  • Requires a relevant post-baccalaureate degree with a minimum of three (3) years or greater of related professional experience, or a relevant undergraduate degree and a minimum of five (5) years or greater of relevant experience may be substituted for the advanced degree, or equivalent professional training in a closely related field and level of leadership.
  • Clear demonstration of balancing the business, technical, compliance and cultural risks to help make decisions that support the university mission and improve success.
  • Relevant experience in a senior cybersecurity information and technology leadership position (Chief Information Security Officer or Deputy Chief Information Security Officer or other key leadership experience in Cyber related leadership) managing and supporting a staff of professionals dedicated to cybersecurity, or the ability to address ways in which current experience is relevant.
  • Proven leadership, communication, presentation and problem solving skills.
  • Proven ability to enhance and/or implement an enterprise-wide information security education and awareness program.
  • Excellent written and verbal communication skills and high level of personal integrity
  • Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
  • Demonstrated experience in overseeing the establishment, implementation, and management of an established information security program.
  • In-depth knowledge of cybersecurity principles, information auditing principles, cybersecurity policy and compliance and IT risk management.
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, NIST Cybersecurity Framework and 800-series, CIS Controls, etc..
  • Broad understanding of IT and cybersecurity related compliance obligations such as FERPA, GLBA, HIPAA, PCI, DFARS/CMMC and federal/state records retention requirements.
  • A broad understanding of all IT service functions, such as technical security, network engineering, application development, server administration, database administration, user account administration, identity and access management, endpoint device management and academic support.
  • A minimum of eight (8) years of full-time experience in information security management and leadership
  • Experience in academia, with experience at a Research 1 university a plus
  • Possess the relationship skills, cultural awareness, and organizational prowess required to work effectively in a University setting
  • Professional Security Certification from at least one of the currently acceptable information security such as: Certified Information Systems Security Professional (CISSP) Systems Security Certified Practitioner (SSCP) Certified Information Security Manager (CISM)
  • Medical, Dental, and Vision
  • Flexible Spending Account
  • Retirement Programs
  • Disability Plans
  • Life Insurance
  • Accident Plan
  • Paid Time Off and Other Leave Programs
  • 12 Holidays Each Year
  • Tuition and Academic Assistance
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Chief Information Officer Resume Examples
Chief Information Officer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service