Date: Thu, 28 Mar 2024 22:51:55 +0000 (UTC)
Message-ID: <1065100264.7139.1711666315159@ip-10-10-7-29.ec2.internal>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_7138_1145662796.1711666315157"
------=_Part_7138_1145662796.1711666315157
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
Last reviewed: March 20=
17
Policies Defining CIO and CISO Responsibilities
<=
span class=3D"confluence-anchor-link" id=3D"CISOJobDescriptionTemplate-#Tem=
plate">CISO Job Description Template
Institution Name
Title (e.g., Information Security Officer, Chief Inform=
ation Security Officer, Director of Information Security, Manager of Inform=
ation Security)
Institution's Job or Reference #
The Institution seeks an experienced, energetic, engagi=
ng and visionary leader who wants to become part of an exciting, vibrant co=
mmunity of information technology professionals supporting the inst=
itution's mission: providing a comprehensive, high-quality educati=
on that engages students in discovery through research and broad-based scho=
larship.
Information technology plays a vital and ever-expanding role in the inst=
itutional mission. The Institution's information technolog=
y environment is highly distributed and diverse, with strong leadership and=
coordination from Chief Information Officer (CIO) and direct report units.=
We are seeking a strong, knowledgeable leader to provide vision, strategy,=
broad-based planning, and hands-on responsibility as the University Inform=
ation Security Officer (UISO).
The UISO reports to the CIO, is a member of the CIO leadership team and =
serves a key role in university leadership, working closely with senior adm=
inistration, academic leaders, and the campus community. The UISO is an adv=
ocate for the Institution's total information security nee=
ds and is responsible for the development and delivery of a comprehensive i=
nformation security strategy to optimize the security posture of the univer=
sity. The UISO leads the development and implementation of a security progr=
am that leverages collaborations and campus-wide resources, facilitates inf=
ormation security governance, advises senior leadership on security directi=
on and resource investments, and designs appropriate policies to manage inf=
ormation security risk. The complexity of this position requires a leadersh=
ip approach that is engaging, imaginative, and collaborative, with a sophis=
ticated ability to work with other leaders to set the best balance between =
security strategies and other priorities at the campus level.
DUTIES AND RESPONSIBILITIES:
Univer=
sity and Program Leadership
- Responsible for the strategic leadership of the University's informatio=
n security program.
- Provide guidance and counsel to the CIO and key members of the universi=
ty leadership team, working closely with senior administration, academic le=
aders, and the campus community in defining objectives for information secu=
rity, while building relationships and goodwill.
- Work with campus leadership to oversee the formation and operations of =
a university-wide information security organization that is organized towar=
d a common goal in information security.
- Promote collaborative, empowered working environments across campus, re=
moving barriers and realizing possibilities.
- Manage institution-wide information security governance processes, chai=
r the Information Security Advisory Committee and lead Information Security=
Liaisons in the establishment of an information security program and proje=
ct priorities.
- Lead information security planning processes to establish an inclusive =
and comprehensive information security program for the entire institution i=
n support of academic, research, and administrative information systems and=
technology.
- Establish annual and long-range security and compliance goals, define s=
ecurity strategies, metrics, reporting mechanisms and program services; and=
create maturity models and a roadmap for continual program improvements.=
li>
- Stay abreast of information security issues and regulatory changes affe=
cting higher education at the state and national level, participate in nati=
onal policy and practice discussions, and communicate to campus on a regula=
r basis about those topics. Engage in professional development to maintain =
continual growth in professional skills and knowledge essential to the posi=
tion.
- Provide leadership philosophy for the Information Security Office to cr=
eate a strong bridge between organizations, build respect for the contribut=
ions of all and bring groups together to share information and resources an=
d create better decisions, policies and practices for the campus.
- Mentor the Information Security Office team members and implement profe=
ssional development plans for all members of the team.
- Represent the university on committees and boards associated with the <=
strong>Institution's System and in national and regional consortiu=
ms and collaborations
- Perform special projects and other duties as assigned.
Policy, Com=
pliance and Audit
- Lead the development and implementation of effective and reasonable pol=
icies and practices to secure protected and sensitive data and ensure infor=
mation security and compliance with relevant legislation and legal interpre=
tation.
- Lead efforts to internally assess, evaluate and make recommendations to=
management regarding the adequacy of the security controls for the Univers=
ity's information and technology systems.
- Work with Internal Audit, State Board of Regents, Auditor General's Off=
ice and outside consultants as appropriate on required security assessments=
and audits.
- Coordinate and track all information technology and security related au=
dits including scope of audits, colleges/units involved, timelines, auditin=
g agencies and outcomes. Work with auditors as appropriate to keep audit fo=
cus in scope, maintain excellent relationships with audit entities and prov=
ide a consistent perspective that continually puts the institution in its b=
est light. Provide guidance, evaluation and advocacy on audit responses.
- Work with university leadership and relevant responsible compliance dep=
artment leadership to build cohesive security and compliance programs for t=
he university to effectively address state and federal statutory and regula=
tory requirements.
- Develop a strategy for dealing with increasing number of audits, compli=
ance checks and external assessment processes for internal/external auditor=
s, PCI, ITAR, HIPAA, and FISMA.
Outreac=
h, Education and Training
- Work closely with IT leaders, technical experts, deans and administrati=
ve leaders across campus on a wide variety of security issues that require =
an in-depth understanding of the IT environment in their units, as well as =
the research landscape and federal regulations that pertain to their unit's=
research areas.
- Create education and awareness programs and advise operating units at a=
ll levels on security issues, best practices, and vulnerabilities.
- Work with campus groups such as Network Managers, Information Security =
Liaisons and technical organizations such as University Information Technol=
ogy Services to build awareness and a sense of common purpose around securi=
ty.
- Pursue student security initiatives to address unique needs in protecti=
ng identity theft, mobile social media security and online reputation progr=
am.
Ris=
k Management and Incident Response
- Keep abreast of security incidents and act as primary control point dur=
ing significant information security incidents. Convene a Security Incident=
Response Team (SIRT) as needed, or requested, in addressing and investigat=
ing security incidences that arise.
- Convene Ad Hoc Security Committee as appropriate and provide leadership=
for breach response and notification actions for the University.
- Develop, implement and administer technical security standards, as well=
as a suite of security services and tools to address and mitigate security=
risk.
- Provide leadership, direction and guidance in assessing and evaluating =
information security risks and monitor compliance with security standards a=
nd appropriate policies.
- Examine impacts of new technologies on the Institution's overall information security. Establish processes to review implementati=
on of new technologies to ensure security compliance.
For complete details and to apply, please visit: Institution=
's URL
PLEASE NOTE: In order to receive proper consideration, applications =
must be submitted directly via the Institution's career site. Applications submitted via any other source will not =
be considered.
The Institution is an EEO/AA: M/W/D/V (Equal Opportunit=
y/Affirmative Action Employer: Male/Female/Disabled/Veteran) Employer.
Questions or=
comments? Contact us.
Except wher=
e otherwise noted, this work is licensed under a Creative Commons Attributi=
on-NonCommercial-ShareAlike 4.0 International License (=
CC BY-NC-SA 4.0).
------=_Part_7138_1145662796.1711666315157
Content-Type: image/svg+xml
Content-Transfer-Encoding: 7bit
Content-Location: file:///C:/0d839e34c442efc3b909aa82acd46059