Search for University Jobs in Staff & Non-Managerial Professionals
Chief Information Security Officer
Worcester Polytechnic Institute
Chief Information Security Officer
Information Technology CIO Division
Worcester Polytechnic Institute - WPI
JOB DESCRIPTION SUMMARY
Worcester Polytechnic Institute seeks an experienced, energetic, engaging and visionary leader who wants to become part of an exciting, vibrant community of information technology professionals supporting the institution's mission: helping students learn how to learn by applying your classroom experiences in projects that challenge you from a proficiency, social, and global perspective.
WPI is passionate about creating an inclusive workplace that promotes and values diversity. We are looking for candidates who can support our commitment to equity, diversity and inclusion.
Information technology plays a vital and ever-expanding role in the institutional mission. The Institution's information technology environment is highly distributed and diverse, with strong leadership and coordination from Chief Information Officer (CIO) and direct report units. We are seeking a strong, knowledgeable leader to provide vision, strategy, broad-based planning, and hands-on responsibility as the Chief Information Security Officer (CISO).
The CISO reports to the CIO, is a member of the CIO leadership team and serves a key role in university leadership, working closely with senior administration, academic leaders, and the campus community. The CISO is an advocate for the Institution's total information security needs and is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the university. The CISO leads the development and implementation of a security program that leverages collaborations and campus-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies and processes to manage information security risk. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities at the campus level.
Policy, Compliance and Audit
- Responsible for the strategic leadership of the University's information security program.
- Manage the security operations team.
- Provide guidance and counsel to the CIO and key members of the university leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security, while building relationships and goodwill.
- Promote collaborative, empowered working environments across campus, removing barriers and realizing possibilities.
- Manage institution-wide information security governance, chair the Information Security, Risk and Committee and lead liaisons in the establishment of an information security program and project priorities.
- Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire institution in support of academic, research, and administrative information systems and technology.
- Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
- Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level, participate in national policy and practice discussions, and communicate to campus on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
- Provide leadership philosophy for the Information Security Office to create a strong bridge between organizations, build respect for the contributions of all and bring groups together to share information and resources and create better decisions, policies and practices for the campus.
- Perform special projects and other duties as assigned.
Outreach, Education and Training
- Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the University's information and technology systems.
- Coordinate and track all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.
- Work with university leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements.
- Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI, ITAR, HIPAA, and FISMA.
Risk Management and Incident Response
- Work closely with IT leaders, technical experts, deans and administrative leaders across campus on a wide variety of security issues that require an in-depth understanding of the IT environment in their units, as well as the research landscape and federal regulations that pertain to their unit's research areas.
- Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
- Work with campus groups such as Network Managers, Information Security Liaisons and technical organizations such as University Information Technology Services to build awareness and a sense of common purpose around security.
- Pursue student security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program.
Business Continuity Planning & Enterprise Architecture
- Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise.
- Convene Ad Hoc Security Committee as appropriate and provide leadership for breach response and notification actions for the University.
- Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
- Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
- Examine impacts of new technologies on the Institution's overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
- Oversee the University's Business Continuity Planning efforts, which includes working with key stakeholders, developing formal BC/DR plans, maintaining and supervising the testing of those plans.
- Oversee the University's Enterprise Architecture needs.
- Master's degree; at least 5 years of experience directly related to the duties and responsibilities specified.
- CISSP or other security certification preferred.
- Applicants must have demonstrated experience working in and fostering a diverse and inclusive workplace and/or commitment to do so as an employee at WPI
United States of America (Exempt)
WPI is an Equal Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, veteran status, or disability. We are seeking individuals with diverse backgrounds and experiences who will contribute to a culture of creativity and collaboration, inclusion, problem solving and change making.
To apply, visit: https://wpi.wd5.myworkdayjobs.com/en-US/WPI_External_Career_Site/job/Worcester/Chief-Information-Security-Officer_R0000926
WPI is a vibrant, active, and diverse community of extraordinary students, world-renowned faculty, and state of the art research facilities. At WPI, we have competitive and comprehensive benefits, including health insurance, long-term care, retirement, tuition assistance, flexible spending accounts, work-life balance and much more.
Diversity & Inclusion at WPI
WPI is committed to creating an inclusive workplace where everyone feels valued and respected; a place where every student, faculty and staff member can be themselves, so that they can study, live, and work comfortably, to reach their full potential, and make meaningful contributions in order to meet departmental and institutional goals. WPI thrives on innovative practice and welcomes diverse perspectives, insight, and people from diverse lived experiences, to enhance the community environment and propel the institution to the next level in a competitive, global marketplace.
Please reference AcademicKeys.com in your cover letter when
applying for or inquiring about this job announcement.
Please see the job description for contact details
pertaining to this university job announcement.
Refer this job to a friend or colleague!
New Search |