Chief Information Security Officer
The University of North Carolina at Charlotte (UNC Charlotte) is seeking a Chief Information Security Officer within the Information and Technology Services department. Information and Technology Services (ITS) is the central information technology unit for the University of North Carolina at Charlotte. ITS provides and supports campus-wide services in the areas of technology support, enterprise applications, information security, systems and operations, data networking, and telecommunications. ITS also includes the Center for Teaching & Learning and University Research Computing.
The Chief Information Security Officer (CISO) is responsible for overall planning, development, implementation, and oversight of the University’s campus-wide information security program. The CISO works collaboratively with the campus community to establish an information security program that includes information security policies, standards, and guidelines; information security awareness and training; information security incident response and management; risk assessment and management; and information security-related IT architecture. The CISO establishes and enforces policies and standards to safeguard data and assets by addressing compliance with university policies as well as all relevant federal and state regulations. Additionally, the CISO advises senior leadership on security direction and resource investments.
The CISO reports directly to the Vice Chancellor for Information and Technology Services and Chief Information Officer (VC/CIO). The position will supervise two to three information assurance staff and will lead cross-functional teams.
Primary Duties and Responsibilities
Lead Campus Information Security Program:
Under the general direction of the VC/CIO, leads the development, implementation, and maintenance of the University’s campus-wide information security program. In collaboration with the campus community, assumes overall responsibility for developing and maintaining the campus information security roadmap for ensuring the security of academic, research, and administrative information systems and technology and data. Establishes and maintains an information security program that includes policies, standards, and guidelines; awareness and training; incident response and management; risk assessment and management; and relevant IT architecture to ensure information security and compliance with relevant state and federal statutory and regulatory requirements. Leads efforts to internally assess, evaluate, and make recommendations to administration regarding the adequacy of the security controls for the university’s information and technology systems. Establishes processes to review the implementation of new technologies to ensure information security compliance.
Manage Information Assurance Group:
Directs and manages the Information Assurance Group and provides vision and direction. Ensures the delivery of a suite of high quality information security services to the campus. Supports appropriate professional development and training for the group. Maintains the appropriate knowledge, skills, and abilities for the position.
Information and Technology Services Leadership:
Participates in strategic planning and development of annual goals and objectives for the ITS department, with special attention to providing leadership for those areas related to information security. Serves as a member of the ITS leadership team and works toward the achievement of department goals and objectives.
Provides leadership and visibility in the area of information security for the University of North Carolina at Charlotte. Represents the university on committees and boards associated with the University of North Carolina system and in national and regional consortiums and collaborations. Serves as the primary contact for information security vendors and contractors. Stays informed of information security issues and regulatory changes affecting higher education at the state and national level; and communicates to the VC/CIO on a regular basis regarding those topics.
- Bachelor’s degree from an accredited college or university
- Extensive knowledge of and experience in information technology and security issues
- Excellent interpersonal, verbal, and written communication skills
- Experience in managing as well as in negotiating vendor contracts and agreements with service providers and regulatory agencies
- Experience in supervising, coaching, and mentoring information technology professionals
- Successful experience working, collaborating, and establishing credibility and relationships with senior leadership, colleagues, and clients
- Experience building collaborative relationships to ensure an effective working environment with senior administrators, academic leaders, and the campus community
- Demonstrated success working with internal audit, system auditors, state auditors, outside consultants, and legal affairs in a lead capacity
- Demonstrated experience in development of a security program that balances risk and the needs and goals of the university
- Significant supervisory and administrative experience with increasing responsibility, preferably in an educational setting
- Knowledge of information security and compliance related regulations including FERPA, HIPAA, PCI-DSS, GLBA, and similar policies and laws
- Demonstrated experience with developing and implementing an information security awareness and training program
- Demonstrated experience with developing and maintaining information security policies
- Experience with information security related issues involving identity and access management, intrusion detection, forensics, incident management, and risk management
- Experience leading and managing information security services in a medium/large research university or similar environment
- CISSP or equivalent certification
- Advanced degree from an accredited college or university
Special Notes to Applicants:
TO APPLY: Qualifications, responsibilities and application information are available at https://jobs.uncc.edu/ (reference: position #8097 ). Screening of applications will begin January 31, 2014 and will continue until the position is filled.
As an EOE/AA employer and an ADVANCE Institution that strives to create an academic climate in which the dignity of all individuals is respected and maintained, the University of North Carolina at Charlotte encourages applications from all underrepresented groups. All finalists will be subject to Criminal Background Check.