Chief Information Security Officer (CISO)
The Chief Information Security Officer (CISO) is a critical member of the Chief Information Officer’s (CIO) team. The CISO leads a team of security and identity management professionals in creating and executing a comprehensive security plan across the university’s central and decentralized systems. Working cooperatively with leaders across the University, the CISO will have the opportunity to promote strategic risk management and security compliance efforts, and direct implementation of technologies necessary to assure a secure and reliable infrastructure.
Information about the Department:
The Office of Information Security and Compliance, led by the CISO, works to help all K-Staters understand the importance of using good security practices and common sense when they use their computers on the Internet. The team is responsible for campus-wide incident management, risk assessment, security controls, awareness training, identity management, and IT security architecture, policies, standards and compliance.
Diversity and Inclusion:Kansas State University embraces diversity and promotes inclusion in every sector of the institution. The university actively seeks candidates whose commitments and contributions will advance the University's commitment to the Principles of Community.
The successful candidate will:
IT Security Program
- Lead the planning, design, development, integration, testing, documentation, training, implementation and maintenance of university IT security systems and products.
- Provide leadership through strong working relationships and collaboration across the university community to develop strategic goals for information security compliance and risk mediation.
Security Architecture, Policy, Procedures, Standards, and Guidelines
- Develop and maintain an IT Security Architecture for the university.
- Lead and coordinate the development and maintenance of information systems security policies, procedures, standards, and guidelines, ensuring compliance with federal and state laws and regulations and Regents and university policies and standards.
- Analyze new federal and state statutory requirements, university policies, and other security initiatives to determine changes necessary for adoption/compliance and makes appropriate recommendations.
- Develop and maintain the campus Incident Management Plan and chair the Security Incident Response Team (SIRT).
- Ensure monitoring of security-related information sources for security alerts and assess security breaches/ events, oversee appropriate corrective actions, inform the campus community, and identify needed changes based on new security technologies or threats.
- Serve as the liaison with external agencies and organizations, including law enforcement, as needed for incident response and planning.
- Supervise and lead the work of the IT Security Team in ITS.
- Oversee the performance of assigned staff, including providing regular, constructive feedback and coaching towards goal attainment and professional development.
- Manage project teams dealing with IT security issues, optimizing the contribution of people involved.
Communications, Training, and Outreach
- Oversee the development and implementation of training programs and communications to make systems, network, and data users aware of and understand security policies and procedures.
Research and Analysis
- Lead or conduct special projects or studies related to information systems security.
- Stay well-informed of best practices in the IT security field, coordinate and/or evaluates new and emerging security practices and technologies, and recommends and promotes adoption as appropriate.
- Provides expert advice related to information and systems security to university executives and serves as an internal consulting resource on information security issues.
- Serve as a member of the CIO’s Executive Leadership Team and the Enterprise IT Leadership and Operations Management Teams.
- Represent the university with federal, state, local, and professional organizations in the area of IT security.
Required Minimum Qualifications:
- Bachelor's degree in computer science or related field, or bachelor's degree in an unrelated field plus at least ten (10) years’ experience in information technology services
- Two years’ experience in a position with exposure to the process of systems analysis, designing, coding, testing, and maintaining enterprise software applications
- Experience designing, implementing, and/or managing major components of an IT security program or managing an IT operations or service unit in a distributed technology environment
- Competence/experience in the areas of risk analysis and security management for data, information, and applications; IT security standards and best practices; privacy and security legislation; security architectures and technologies; incident detection and response; and disaster recovery support
- Experience coordinating the development and implementation of IT policies and procedures
- Experience evaluating and implementing new practices and technologies to improve an organization’s over- all IT security program
- Experience working collaboratively with a wide range of individuals
- Experience building coalitions and professional relationships with internal and external constituencies to achieve results
- Strong interpersonal skills
- Strong analytical skills
- Must be able to acquire and maintain a top-secret security clearance
- Effective communicator (orally and in writing) with non-technical and technical audiences, including senior executives, managers, staff, vendors, and colleagues
- Post-baccalaureate degree in technology, business administration, or related field
- Certification relevant to IT security (CISA, CISM, CISSP, GIAC/GSEC, etc.)
- Experience working with IT security laws and regulations applicable in higher education
- Experience providing IT security services in a university setting with a distributed technology environment
- Experience developing and promoting awareness and training programs related to IT issues
Special Instructions to Applicants:
Applicants must submit:
- A cover letter reflecting how skills meet the requirements of the position
- The names, phone numbers, and email addresses of at least three professional references
Applicants must be currently authorized to work in the United States at the time of employment.
Screening of Applications Begins:Screening of applicants will begin immediately. For best consideration, apply by January 15, 2017.
Salary Range / Pay Rate:
$100,000 - $150,000
Equal Employment Opportunity:
Kansas State University is an Equal Opportunity Employer of individuals with disabilities and protected veterans and actively seeks diversity among its employees. Equal Employment Opportunity is the Law.
Background Screening Statement:
In connection with your application for employment, Kansas State University may procure a Background Screen on you as part of the process of considering your candidacy as an employee.