Deputy Chief Information Security Officer

About The Position

Requirements

• Master’s degree in Information Security, computer science, Information Systems, STEM, or a related field OR bachelor's degree plus training and work experience that equates to a master's degree.
• Significant years of progressively responsible experience in information security, IT risk management, or related areas.
• Demonstrated experience leading cybersecurity programs or teams.
• Strong knowledge of security frameworks and standards (e.g., NIST CSF, NIST SP 800-53, CIS Critical Security Controls).
• Experience with incident response, risk assessment, and security operations.
• Ability to communicate effectively with technical and non-technical stakeholders.
• Experience working in or supporting complex, decentralized organizations.
• Demonstrated ability to successfully handle sensitive discussions, maintain confidentiality, strong personal ethics commitment, strong personal integrity, and demonstrated sound judgment.

Nice To Haves

• Experience in higher education, research institutions, or public sector environments.
• Familiarity with higher-education regulatory and compliance requirements.
• Relevant professional certifications (e.g., CISSP, CISM, CRISC).
• Experience supporting research computing and federally funded research security requirements.
• Experience with shared governance and consensus-driven environments

Responsibilities

• Provide oversight of security operations, including monitoring, detection, vulnerability management, and incident response.
• Help establish metrics and reporting to measure program effectiveness and risk posture.
• Help oversee institutional cybersecurity risk management activities, including risk assessments, risk acceptance, and mitigation planning.
• Contribute to enterprise risk management (ERM) efforts and executive-level risk reporting.
• Help ensure incident response plans are maintained, tested, and integrated with campus emergency management and communications.
• Support response to significant cybersecurity incidents, including coordination with internal and external stakeholders.
• Oversee post-incident reviews and continuous improvement efforts.
• Support security requirements for regulated and sensitive data, including FERPA, PHI, PCI-DSS, GLBA, export controls, and sponsored research (e.g., NIST 800-171 / CMMC where applicable).
• Collaborate with research administration to enable secure research computing environments.
• Assist with audits, assessments, and compliance reporting.
• Provide guidance on third-party risk management and vendor security reviews.
• Oversee the IT Security Lab, supporting hands on security research, testing and workforce development.
• Lead and support the development and delivery of cybersecurity awareness and education programs for faculty, staff, students, and researchers.
• Promote a culture of shared responsibility for security across the institution.
• Communicate risk and security concepts clearly to non-technical audiences.
• Represent the institution in higher-education cybersecurity communities and consortia.
• Manage and mentor information security staff and leaders.
• Foster a collaborative, inclusive, and service-oriented team culture.
• Support professional development and succession planning within the security organization.
• Help recruit, retain, and develop diverse cybersecurity talent.