Job Description - Chief Information Security Officer (INF00000167)
About the Position:
Looking for an opportunity to lead an incredibly talented, small, focused, energetic and pivotal Information Security Team with a stellar mission? Look no further.
Working for SMU supports more than higher education, we're on the mission of raising up the next generation of World Changers, helping them create a better future for themselves, their families, and society at large. SMU is also committed to benefiting staff: providing an outstanding place to work, with world-class benefits, for a diverse workforce of high-performing student and faculty-focused professionals, at one of the highest-ranked places to work in the DFW Metroplex. Information Security works at the core of the IT services and infrastructure the University relies upon to successfully deliver on this mission, creating safe online-first solutions to facilitate our exceptional learning experiences.
The Chief Information Security Officer (CISO) is a senior-level leader responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO is also responsible for ensuring the University's academic and administrative information resources are protected from security breaches, consistent with regulatory and compliance obligations.
This role is an on-campus, in-person position.
Essential Functions:
- IT Leadership: The CISO works alongside peers as a team member under the CIO, and with key university constituents, contributing directly to executing the University mission, and setting the IT, and IT Security direction of the University.
- IT Risk Management: Develop, implement, and monitor a strategic, comprehensive information security and IT risk management program to ensure the integrity, confidentiality, and availability of the University’s information assets. Conduct architecture reviews, risk assessments, and business impact analyses for IT projects and technologies. Develop a risk management plan that will anticipate and neutralize potential threats to university IT assets and personal data.
- Policies and Procedures: Oversee the establishment and maintenance of security policies, standards, and procedures in line with best practices and regulatory requirements.
- Security Architecture and Operations: Lead strategic security planning in concert with IT leaders, contributing to infrastructure design, application development, and disaster recovery frameworks. Oversee the operation of the Security Operations Center (SOC). Advise on, and assist with the management of, network and endpoint security controls. Lead the security aspects of cloud strategy and deployment. Manage tools and processes for vulnerability scanning and regular security assessments, ensuring continuous monitoring and proactive incident response.
- Compliance and Audit: Ensure compliance with a range of regulations including FERPA, HIPAA, GLB, PCI, and others. Respond to internal and external audits and oversee remediation efforts for any deficiencies identified.
- Vendor and Relationship Management: Manage security aspects of vendor relationships, from assessments to attestations, assisting in management of vendor compliance to security policies. Build and maintain relationships with university constituents, Higher-Ed groups, professional organizations, local law enforcement, federal agencies, and other relevant external agencies.
- Training: Develop and implement security training for faculty and staff to ensure security awareness and compliance.
- Incident Response and Forensics: Oversee the incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with breaches.
- Governance and Strategic Initiatives: Participate in governance committees and collaborate across various university departments to embed data security into university operations.
- Insurance and Risk Transfer: Work with the Office of Risk Management to ensure cyber insurance procurement, maintenance, and claims response.
Qualifications
Education and Experience:
- Prior managerial experience in an Information Technology and service context.
- Professional IT security management certification, such as a CISSP, CISM, or similar.
- Extensive experience (7+ years) in information security and/or IT risk management with a focus on security, performance, and reliability.
- Experience running a security program in a complex environment.
- Solid understanding of security protocols and operations.
- Working knowledge of current IT risks and experience implementing security solutions.
Knowledge, Skills and Abilities:
- Candidate must demonstrate strong interpersonal and verbal communication skills, with the ability to communicate broadly across the University and develop and maintain effective relationships with a wide range of constituencies.
- Must also demonstrate strong written communication skills.
- Candidate should have the ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
- Candidate must possess strong problem-solving skills to effectively influence decision-making in key negotiations.
- Candidate should be able to perform hands-on, operational work when necessary.
Salary Range: Salary commensurate with experience and qualifications.
Reports To: This position reports to the Chief Information Officer (CIO) of the University.
Physical and Environmental Demands:
- Sit for long periods of time.
Deadline to Apply: This position is open until filled.
#J-18808-Ljbffr