Deputy Chief Information Security Officer

About The Position

Requirements

• Bachelor’s degree within Information Science, Computer Information Systems, Cyber Security or related field(s)
• 10 years’ experience in governance, risk and compliance, team management and security frameworks
• Relevant cyber certification such as CISSP, GIAC, CISM.
• Demonstrated ability to align security initiatives with institutional objectives.
• Strong ability to coordinate cybersecurity efforts across diverse departments, schools, and research units.
• Experience in developing, implementing, and enforcing cybersecurity policies, standards, and best practices in a complex organizational environment.
• Comprehensive understanding of cybersecurity frameworks (e.g., NIST, ISO 27001), data protection regulations (e.g., FERPA, HIPAA), and risk mitigation strategies.
• Demonstrated ability to lead, mentor, and manage cybersecurity professionals, oversee budgets, and allocate resources effectively.
• Bachelor’s degree in IT, computer science, or related fields.
• Ten years’ experience in IT, information security, privacy and risk management across all domains.
• Experience developing and managing relevant products and services (e.g., EDR/XDR, Cloud security tools, file integrity monitoring, information security configuration, data security platforms, CASB, DLP, IDS/IPS, firewalls).
• Extensive experience with relevant regulatory requirements (e.g., GLBA, PCI, FERPA, HIPAA).
• Excellent understanding of security controls frameworks (e.g., CIS Top20, NIST CSF, 800-53).
• Extensive experience defining and deploying security hardening guidelines.
• Proven subject matter expertise in different technology stacks (e.g., OS, system, network, application).
• Excellent leadership and people management skills.
• Proven understanding of CIS benchmarks and customer service metrics.
• Experience managing different operating systems and configuration standards.
• Ability to plan, organize and document complex system design activities.
• Excellent written and oral communication skills, able to interact with a broad spectrum of people on a technical and professional level to share complex information.
• Proven analytical, consulting and problem-solving skills, with exceptional attention to detail.
• Excellent organizational skills and proven ability to manage multiple projects and priorities simultaneously.
• Ability to manage, teach and train others.
• Experience with database administration, access management and systems/data backup, storage and recovery.

Nice To Haves

• MBA or master’s degree in computer science or related field(s)
• 15 years’ experience in governance, risk and compliance, team management and security frameworks
• In-depth knowledge of industry standards, regulations, and new industry developments/trends.
• Ability to gain government and/or university security clearance (as required).
• Demonstrated experience with managing a GRC (Governance, Risk, and Controls) technology platform.
• Experience with defining requirements and use cases to enable and automate manual processes via technology platforms within Cyber Risk Management, Cyber Risk Quantification, Cyber Issue Management, Exception Reporting, etc.
• Strong documentation skills related to process workflow creation within the GRC and cyber risk management focus areas.
• Demonstrated track record of strategic leadership in a higher education or a similar environment and/or extensive experience in program development, performance management, and educational administration.
• Demonstrated ability to successfully manage a team, foster collaboration, and navigate complex situations.
• Excellent communication, problem-solving and decision-making skills.
• Demonstrated ability to lead change and innovation within an organization.
• Ability to navigate the university's complexity, along with negotiation skills to garner support from multiple stakeholders.
• Knowledge and experience in employing project management methodologies, strategic planning processes and performance measurement systems.
• Master’s degree in IT, computer science, or related fields.
• Twelve years’ experience implementing and managing governance, risk, and compliance technologies and supporting processes.
• Extensive experience working in regulatory environments and in large/federated enterprises.
• Experience in higher education.

Responsibilities

• Lead and oversee the Cyber Governance function, including cybersecurity training and awareness, cyber performance management, and policy management programs.
• Provide cross-functional oversight of key cybersecurity domains, including Identity & Access Management (IAM), Cybersecurity Architecture & Engineering, and Cyber Defense.
• Partner with Information Security Officers and stakeholders across departments, schools, and research units to coordinate cybersecurity initiatives and risk management activities across the university.
• Support and help drive strategic cybersecurity initiatives, ensuring alignment with the university’s mission, research priorities, and operational needs.
• Oversee the development, implementation, and enforcement of cybersecurity policies, standards, and best practices across the enterprise.
• Strengthen and expand cybersecurity capabilities, tools, and processes that enhance protection of university systems, data, and research assets.
• Lead and mentor cybersecurity teams, fostering collaboration, professional growth, and operational excellence.
• Manage resources effectively, including oversight of budgets, staffing, and prioritization of cybersecurity initiatives.
• Ensure alignment with leading security frameworks, regulatory requirements, and industry standards (e.g., NIST, ISO 27001, FERPA, HIPAA).
• Serve as a trusted strategic advisor to the CISO and university leadership on cybersecurity risk, governance, and emerging threats.
• Assume full operational leadership of cybersecurity functions in the absence of the CISO, ensuring continuity of leadership and enterprise security operations.
• Performing other related responsibilities as requested and when necessary.

Benefits

• To support faculty and staff well-being, USC provides benefits-eligible employees with a broad range of benefits and perks to help protect their and their dependents’ health, wealth, and future. These benefits are available as part of the overall compensation and total rewards package.