Chief Information Security Officer
*Cover letter is required with application.*
Summary: The Chief Information Security Officer (CISO) reports to the Associate Vice President (AVP) and Chief Information Officer (CIO) and is responsible for institution-wide information security and compliance in support of the University's teaching, research, and administrative missions. The CISO works collaboratively with peers on the Information Systems (IS) leadership team, personnel in various campus departments and schools, and IT advisory committees to ensure that the appropriate University security procedures, policies, and practices are in place and to foster an information security-conscious culture and compliance.
Wake Forest is a highly selective, top-tier University that combines the pedagogical intimacy of a liberal arts college with the academic vitality of an internationally recognized research institution. The CISO position represents a rare opportunity to work collaboratively with campus leaders and governance structures to implement a cybersecurity strategy at a leading institution.
- Demonstrates an understanding of current and emerging innovative compliance and risk management standards and practices. Develops and maintains cybersecurity security frameworks and controls, incident response plans, risk assessment processes, risk tolerance methodologies, and relevant policies in a University setting.
- Identifies, evaluates, and reports on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the university.
- Works directly with the campus departments to facilitate IT risk assessment and risk management processes and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk, consistent with institutional risk posture. Leads and motivates cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
- Works collaboratively with the infrastructure, enterprise systems, and client support teams to ensure alignment with security architecture, thus coordinating the strategic planning implicit across all systems and infrastructure and within the parameters other university priorities.
- Provides regular, data-driven reporting on the current status of the information security program to CIO, IS internal leadership, enterprise risk teams, and campus IT advisory committees. Communicates complex information/issues and security-related concepts/risks in an effective, clear manner to a broad range of technical and non-technical faculty, staff, and students.
- Creates, communicates, and implements a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers.Serves, as requested, as the interface with local, state, and federal law enforcement for information on security-related issues.
- Works collaboratively with University and IS communication teams to facilitate security training processes for faculty, staff, and students that are aligned with relevant legal and regulatory requirements.
- Maintains the security and confidentiality of any proprietary or sensitive information or data in any medium regarding the University or its students, faculty, or staff.
- Leads in an open and collaborative style that encourages teamwork and cooperation. Works with a broad variety of diverse people individually and across organizations; commitment to exceptional quality.
Required Education, Knowledge, Skills, Abilities:
- Bachelor's degree and relevant security certifications.
- Eight years progressively responsible information technology security and information security audit management experience or an equivalent combination of education and experience.
- Knowledge and understanding of relevant legal and regulatory requirements (i.e. Family Education Rights and Privacy Act (FERPA), Payment Card Industry/Data Security Standards, Gramm-Leach-Bliley (GLB) Title IV of the Higher Education Act (HEA), and Health Insurance Portability and Accountability Act (HIPAA)).
- Ability to be a consensus builder, collaborative and persuasive leader who can work cooperatively across the entire enterprise.
- Availability to work after hours and/or weekends and on-call, as specified by supervisor.
- Ability to meet the requirements of the University’s automobile insurance.
Preferred Education, Knowledge, Skills, Abilities:
- Eight years progressively responsible information technology security and information security audit management experience in a university environment or an equivalent combination of education and experience.
- Responsible for own work.
Note: This position profile identifies the key responsibilities and expectations for performance. It cannot encompass all specific job tasks that an employee may be required to perform. Employees are required to follow any other job-related instructions and perform job-related duties as may be reasonably assigned by his/her supervisor.
In order to provide a safe and productive learning and living community, Wake Forest University conducts background investigations and drug screens for all final staff candidates being considered for employment.
Wake Forest seeks to recruit and retain a diverse workforce, and encourages qualified candidates across all group demographics to apply.
Winston-Salem, North Carolina, United States