Chief Information Security Officer
Company: Southern Methodist University
Location: Dallas
Posted on: November 1, 2024
Job Description:
Job Description - Chief Information Security Officer
(INF00000167)About the Position:Looking for an opportunity to lead
an incredibly talented, small, focused, energetic and pivotal
Information Security Team with a stellar mission? Look no
further.Working for SMU supports more than higher education, we're
on the mission of raising up the next generation of World Changers,
helping them create a better future for themselves, their families,
and society at large. SMU is also committed to benefiting staff:
providing an outstanding place to work, with world-class benefits,
for a diverse workforce of high-performing student and
faculty-focused professionals, at one of the highest-ranked places
to work in the DFW Metroplex. Information Security works at the
core of the IT services and infrastructure the University relies
upon to successfully deliver on this mission, creating safe
online-first solutions to facilitate our exceptional learning
experiences.The Chief Information Security Officer (CISO) is a
senior-level leader responsible for establishing and maintaining
the enterprise vision, strategy, and program to ensure information
assets and technologies are adequately protected. The CISO is also
responsible for ensuring the University's academic and
administrative information resources are protected from security
breaches, consistent with regulatory and compliance
obligations.This role is an on-campus, in-person position.Essential
Functions:
- IT Leadership: The CISO works alongside peers as a team member
under the CIO, and with key university constituents, contributing
directly to executing the University mission, and setting the IT,
and IT Security direction of the University.
- IT Risk Management: Develop, implement, and monitor a
strategic, comprehensive information security and IT risk
management program to ensure the integrity, confidentiality, and
availability of the University's information assets. Conduct
architecture reviews, risk assessments, and business impact
analyses for IT projects and technologies. Develop a risk
management plan that will anticipate and neutralize potential
threats to university IT assets and personal data.
- Policies and Procedures: Oversee the establishment and
maintenance of security policies, standards, and procedures in line
with best practices and regulatory requirements.
- Security Architecture and Operations: Lead strategic security
planning in concert with IT leaders, contributing to infrastructure
design, application development, and disaster recovery frameworks.
Oversee the operation of the Security Operations Center (SOC).
Advise on, and assist with the management of, network and endpoint
security controls. Lead the security aspects of cloud strategy and
deployment. Manage tools and processes for vulnerability scanning
and regular security assessments, ensuring continuous monitoring
and proactive incident response.
- Compliance and Audit: Ensure compliance with a range of
regulations including FERPA, HIPAA, GLB, PCI, and others. Respond
to internal and external audits and oversee remediation efforts for
any deficiencies identified.
- Vendor and Relationship Management: Manage security aspects of
vendor relationships, from assessments to attestations, assisting
in management of vendor compliance to security policies. Build and
maintain relationships with university constituents, Higher-Ed
groups, professional organizations, local law enforcement, federal
agencies, and other relevant external agencies.
- Training: Develop and implement security training for faculty
and staff to ensure security awareness and compliance.
- Incident Response and Forensics: Oversee the incident response
planning as well as the investigation of security breaches and
assist with disciplinary and legal matters associated with
breaches.
- Governance and Strategic Initiatives: Participate in governance
committees and collaborate across various university departments to
embed data security into university operations.
- Insurance and Risk Transfer: Work with the Office of Risk
Management to ensure cyber insurance procurement, maintenance, and
claims response.QualificationsEducation and Experience:
- Prior managerial experience in an Information Technology and
service context.
- Professional IT security management certification, such as a
CISSP, CISM, or similar.
- Extensive experience (7+ years) in information security and/or
IT risk management with a focus on security, performance, and
reliability.
- Experience running a security program in a complex
environment.
- Solid understanding of security protocols and operations.
- Working knowledge of current IT risks and experience
implementing security solutions.Knowledge, Skills and Abilities:
- Candidate must demonstrate strong interpersonal and verbal
communication skills, with the ability to communicate broadly
across the University and develop and maintain effective
relationships with a wide range of constituencies.
- Must also demonstrate strong written communication skills.
- Candidate should have the ability to lead and motivate
cross-functional, interdisciplinary teams to achieve tactical and
strategic goals.
- Candidate must possess strong problem-solving skills to
effectively influence decision-making in key negotiations.
- Candidate should be able to perform hands-on, operational work
when necessary.Salary Range: Salary commensurate with experience
and qualifications.Reports To: This position reports to the Chief
Information Officer (CIO) of the University.Physical and
Environmental Demands:
- Sit for long periods of time.Deadline to Apply: This position
is open until filled.
#J-18808-Ljbffr
Keywords: Southern Methodist University, Rowlett , Chief Information Security Officer, Executive , Dallas, Texas
Didn't find what you're looking for? Search again!
Loading more jobs...