The Chief Information Security Officer (CISO) leads the development and operations of risk management efforts (including both data/systems security and IT business continuity) and coordinates overall IT governance functions for the Ohio Technology Consortium (OH–TECH).
The CISO will oversee the crucial balance of the need for IT support/systems that maximize flexibility and adaptability while minimizing risk to the organizational units. The governance functions establish the organizational mechanisms, and specify accountable parties, for decision–making on IT generally while the CISO is primarily responsible for interpretation and communication of security controls.
This position is a member of the Shared Infrastructure leadership team and works with the Director under supervision of the Office of the Chancellor of the Ohio Department of Higher Education (ODHE) to strategize, manage, integrate and coordinate overall IT direction.
Responsibilities of the CISO include:
- Ensuring the overall performance of the security functionality for all consortia members and the ODHE.
- Leads, develops and maintains the IT risk, business continuity and compliance management strategies.
- Develops and maintains policies, standards, processes and procedures to assess, monitor, report, escalate and remediate IT risk, security and compliance–related issues.
- Leads a small team with the responsibilities of vulnerability management, penetration testing, web application firewall, governance risk and compliance, data loss prevention, log aggregation, threat hunting, software security review (including third–party risk assessments), advising in software procurement, developing and maintaining the approved software list along with the software inventory utilized on both endpoints and servers, and endpoint patching (OS and third–party applications).
- Closely partners with Digital Security and Trust, State of Ohio Office of Information Security and Privacy, and functions as OH–TECH's Security Liaison and primary contact for compliance, internal audit, risk management and business continuity.
- Works with cross–functional teams in designing reviews and tests of IT internal controls and security frameworks (e.g., NIST) to ensure that existing IT systems are operating as designed and that they contain adequate security controls for risk management and compliance.
- Facilitates risk assessments and identifies risk themes.
- Proactively promotes enhancement of technology–related internal controls awareness, training and best practices across units.
- Responsible for incident response and serves as the main point of contact to investigate and resolve IT security incidents involving OH–TECH systems.
- Leads, develops and maintains the OH–TECH IT governance strategy. In conjunction with the Office of the Chancellor, oversees the development of a governance mechanism that helps to continuously coordinate and integrate IT decision–making, and specifying appropriate parties for such decision–making, across units; communicates agendas and outcomes with IT and unit leaders and beyond as appropriate.
- Responsible for the security, risk reduction and compliance aspects of OH–TECH's IT process improvement and strategic change initiatives. Acts as a change agent to assess and promote best security practices across the organization, often responsible for the implementation coordinator role of these changes.
- Leads the IT organization's overall business continuity planning, including creating disaster recovery processes and assisting in performing business continuity test scenarios and trials.
OH–TECH, the technology and information division of the ODHE, provides high–tech solutions for Ohio's higher education institutions to catalyze innovation in the modern knowledge economy. The consortium functions as an umbrella organization for Ohio's statewide technology infrastructure organizations: the Ohio Academic Resources Network (OARnet), the Ohio Supercomputer Center (OSC) and the Ohio Library and Information Network (OhioLINK). OH–TECH is a welcoming and inclusive environment.
Because The Ohio State University serves as OH–TECH's fiscal and legal agent, OH–TECH staff enjoy the same benefits as other Ohio State employees, including participation in the Ohio Public Employees Retirement System (OPERS), the Ohio State Health Plan, employee wellness and work–life balance programs, educational benefits, discount programs and more.
Required Education/Experience:
- Bachelor's degree, or an equivalent combination of education and experience.
- Extensive years of IT work experience in a research university setting including information security, IT risk management, process design, re–engineering, organizational transformation, problem solving, reasoning and IT governance.
- 7 years of leadership experience in managing multiple, large, cross–functional teams or projects.
- Proven ability to deliver solutions on time and within budget.
- Experience influencing senior level management and key stakeholders.
- Excellent written and verbal communication skills.
- Strategic or long–range planning experience.
- One or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC).
Desired Education/Experience:
- Master's degree, or an equivalent combination of education and experience.
- Atlassian Jira and Confluence.
- Service Now ITSM.
Function: Information Technology
Subfunction: Information Security and Risk Management
Career Band: People Leader Managerial
Career Level: M3
#J-18808-Ljbffr