The University of Southern California ( USC ), founded in 1880, is located in the heart of downtown Los Angeles, and is the largest private employer in the City of Los Angeles. As an employee of USC , you will be part of a world class research university and a member of the “Trojan Family,” comprised of the faculty, students, and staff that make the university what it is today.
USC seeks an experienced, engaging and visionary leader to join a vibrant community of information technology professionals supporting USC’s mission, “the development of human beings and society as a whole through the cultivation and enrichment of the human mind and spirit.”
The Chief Information Security Officer ( CISO ) is a member of the CIO’s leadership team and works closely with senior administration, academic leaders, and the campus community to lead the development and implementation of USC’s information security infrastructure. This role is integral to all areas of ITS and the university that are impacted by information security. The CISO will partner closely with the offices of Compliance, Audit, Purchasing, and other campus administrative and academic units.
University and Program Leadership
Risk Management and Outreach
- Lead the entire university’s information security program including administrative units, schools (currently 22), USC Hospitals and USC affiliated organizations.
- Guide and counsel the CIO and senior administration, academic leaders, and the campus community to diplomatically define objectives for information security.
- Oversee the formation and operations of a university-wide information security organization.
- Manage institution-wide information security governance processes, chair the Information Security Risk Committee and lead Information Security Liaisons.
- Lead information security planning processes to establish an inclusive and comprehensive program for the institution.
- Partner with central units and schools to develop training and outreach to IT professionals, administrators, faculty and students.
- Establish annual and long-range security and compliance goals, strategies, metrics,programs and reporting.
- Create maturity models and a roadmap for continuous security improvement.
- Remain current and informed regarding information security issues and regulatory changes affecting higher education, participate in national policy and practice discussions, and communicate to campus on a regular basis about those topics.
- Supervise and mentor the Information Security team and implement professional development plans.
- Coordinate and negotiate the use of external resources.
- Develop and review security architectures, technical plans and purchases
The University of Southern California values diversity and is committed to equal opportunity in employment.
- Create education and risk awareness programs and advise operating units at all levels (faculty, staff and students) on multiple security issues, best practices, and vulnerabilities.
- Work closely with IT leaders, technical experts, deans and administrative leaders across campus to define and facilitate IT risk assessment and risk management processes.
- Keep abreast of security incidents and act as primary control point. Convene a Security Incident Response Team ( SIRT ) as needed or requested, in addressing, communicating and investigating incidences.
- Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance.
- Liaise with enterprise architecture teams across the university to coordinate strategic planning and ensure alignment between entities.
- Create and manage a unified and flexible control framework.
Minimum Field of Expertise
Ten + years of experience in computing or related technology, of which five years are directly related to computer, information, and telecommunications security assessment, administration, project management and leadership
Professional certification, CISSP , CISM , CISA , or similar industry certifications
Direct experience in the specific technical areas of systems administration, applications development, database administration, network operations, and data center operations
Knowledge and understanding of relevant state and federal legal and regulatory requirements, such as Sarbanes-Oxley Act ( SOX ), Health Insurance Portability and Accountability Act ( HIPAA ), Family Educational Rights and Privacy Act ( FERPA ) and Payment Card Industry/Data Security Standard
- An advanced degree in Computer Science or Information Systems Management, Business Administration, Public Policy, Law, or an undergraduate degree with advanced experience related to technology policy and security administration.
- Professional certification, CISSP , CISM , CISA , or similar industry certifications.
- Ability to lead and motivate cross-function, interdisciplinary teams to achieve tactical and strategic goals.
- Have direct experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.
- Experience in a higher education environment, including academic health and clinical systems.
- Must be an articulate and persuasive leader who can serve as an effective member of the management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff
- Experience with information system auditing including computer security reviews, control selection, and evaluation of systems using a risk based approach
- Expertise in risk management approaches to assess and address security and other types of Information Technology-related risks through an IT or enterprise risk management program.
- Expertise in computer forensic investigation methodology.
Supervises employees and student workers
Supervises - Nature of Work
Preferred Field of Expertise
- 15 years of experience in computing or related technology, of which five years are directly related to computer, information, and telecommunications security assessment, administration, project management and leadership.
- Direct experience in the specific technical areas of systems administration, applications development, database administration, network operations, and data center operations.
- Knowledge and understanding of relevant state and federal legal and regulatory requirements, such as Sarbanes-Oxley Act ( SOX ), Health Insurance Portability and Accountability Act ( HIPAA ), Family Educational Rights and Privacy Act ( FERPA ) and Payment Card Industry/Data Security Standard.
University of Southern California - 12 months ago