Chief Information Security Officer
Office of Chief Information Officer
Summary of the Position
The Chief Information Security Officer (CISO) reports to the Chief Information Officer and the Deputy Chief Information Officer. The CISO will lead Bentley's efforts to ensure that it protects the information it collects, maintains, and distributes, electronically or otherwise. The CISO has the responsibility to ensure that appropriate policies, standards, procedures and IT infrastructure (including servers, databases, personal computers, 3rd party hosted services, and mobile devices) are designed and maintained to protect Bentley's information, both internally and externally. The CISO will be responsible for building on the current information security strategy at Bentley, and working with senior management across the institution to ensure that budget, planning, infrastructure and implementation of information security based initiatives can be managed efficiently. This is a wide reaching security role, and requires an individual with a sufficient technical background, a solid understanding of data security, and a demonstrated knowledge of compliance-related laws and regulations. The CISO should be well versed in building information security programs to attain a high level of maturity. This position carries the responsibility to ensure the timely identification, remediation and tracking of technical, procedural and policy based items that may impact the security, use and stewardship of the University's data and information systems. Writing policies and documentation, communicating complex topics with faculty, staff, and students, and training on new policies and procedures are key responsibilities.
This role also requires a strong background in project management and business process skills to effectively analyze business functions and make specific recommendations as they relate to the collection, protection and dissemination of data and IT operations. The CISO will contribute recommendations and provide leadership for all projects that have an information security component. The CISO will work with various departments on campus in assessing, developing, implementing, and maintaining information security standards. In addition, the CISO will work with the various departments to develop programs to educate and inform the community about information security, within the traditional data center, SaaS and Cloud environments.
Finally, this position will implement control frameworks and ensure adherence with MA 201 CMR 17 and manage security across all IT departments to ensure auditable and documented end-to-end processes for the operation and handling of Bentley's data and systems.
Build on Bentley's current information security structure, policies, and procedures, and where necessary, provide institutional leadership with regard to information security, data stewardship and IT operations. Stay current by conducting research, keeping up to date on emerging threats, and networking with other security officers and participation in professional associations.
Identify new and emerging threats that can affect Bentley's information.
Along with the University's General Counsel, help guide the appropriate administrators in making recommendations and decisions about data security policy and implementations.
Work with the Enterprise Risk Management Committee to identify and quantify possible security risks.
Participate on technical teams responsible for developing, maintaining and upgrading the Bentley IT infrastructure (including servers, databases, personal computers, 3rd party hosted services and mobile devices) to ensure that issues of security have been thoroughly reviewed, addressed and documented.
Monitor and review all requests for new IT projects (custom and 3rd party applications) to ensure compliance with Bentley's data security standards. Review new vendors and periodically evaluate existing critical vendors to ensure they meet best security practices and are in accordance with existing Bentley policies and procedures.
Advise and consult various campus departments to assist them in monitoring policies, developing practices, and creating awareness and training programs surrounding federal and state data privacy laws. While not exclusive, the CISO will be responsible for taking the lead in understanding the impact of Data Breach laws, HIPPA (Health Insurance Portability Accountability Act), FERPA (Federal Educational Rights and Privacy Act), GLB (Gramm-Leach-Bliley Act) and the HERA (Higher Education Reauthorization Act).
Respond to internal and external audits related to information security and oversee incident response planning and execution as well as the investigation of security breaches; assist with disciplinary and legal matters associated with such breaches as necessary.
Minimum Qualifications (Education and Experience Requirements)
7+ years of experience working in information technology, security, or risk management is required.
A bachelor's degree in computer science/information technology, networking, engineering, or business process/management field preferred.
Demonstrated understanding of business operations, information technology and data security as it relates to monitoring, maintaining and implementing data security policies, standards, guidelines. Excellent communication skills with demonstrated ability to implement and maintain enterprise-wide data security standards.
Strong project management skills, and the proven ability to build trust and work well with all levels of management and technical staff.
Ability to keep up to date with the latest security technologies and maintain a strong knowledge base of industry and technology trends. Excellent written and presentation skills in order to provide detailed reports to all constituencies including the Board of Trustees.
Strong analytical skills in order to identify security vulnerabilities and propose appropriate defensive and compensating controls.
Proven experience working with IT operations, information security, or IT/regulatory risk management.
CISSP (Certified Information System Security Professional) a plus.
Special Instructions to Applicants
Bentley University requires reference checks and may conduct other pre-employment screening.
Documents Needed To Apply
- Cover Letter
Bentley University is an Equal Opportunity Employer, building strength through diversity.