Chief Information Security Officer / Director of Information Security

Job description

Job Category:


Position Title:

Chief Information Security Officer / Director of Information Security

Full Time/Part Time:

Full Time


Dean of the Faculty


Information Technology Services

Department Statement:

Colgate University’s Information Technology Services (ITS) is a dynamic organization that serves the diverse technology needs of the university community. Comprised of several functional areas – Classrooms, Digital Media & Events; Data Analytics & Decision Support; Engagement & Support; Information Security; Learning & Applied Innovation; Services & Shared Infrastructure – ITS prides itself on exceptional customer service and building collaborative relationships to meet the unique needs of our liberal arts campus.

ITS endeavors to foster an inclusive environment that values diversity, professional development, creativity, and innovation to support the growth of individuals and the organization. Under the leadership of the CIO, ITS is embarking on a strategic planning process to align services and resources with several exciting new initiatives identified in Colgate’s Third Century Plan.

Colgate University’s Chief Information Security Officer/Director of Information Security is responsible for thought leadership, policy and practice development, and operational leadership around issues of data privacy and information security such as data compliance, business continuity, user awareness, incident response, operational security, etc. This position will reside in the office of the CIO and will report to the Chief Information Officer. Job title commensurate with experience.


The Chief Information Security Officer / Director of Information Security participates in ITS strategic planning efforts to align with Colgate University’s mission, Third Century Plan, and the DEI commitment to grow and strengthen the Information Security at Colgate University.
Specific Accountabilities include but are not limited to:
Maintaining an expert level of understanding of higher ed trends and the work of faculty, students, and staff that ensures a secure technology environment that enables creativity and success.;

Maintaining a comprehensive working knowledge of federal, state, local laws and regulations, and industry standards (together in this document referred to as Laws and Regulations), where compliance requires specific data or information security policies, practices, reporting, or audits. These Laws and Regulations include, but are not limited to, HIPAA, FERPA, Higher Education Opportunity Act (HEOA), CCPA, GDPR, PCI DSS.

Maintaining and continuing growth of the University’s identity and access management initiatives.

Developing detailed procedures for system access and permissions to support auditing and detection of compliance issues;
Developing effective procedures for regular system and server patches and vulnerability management, based on university best practices.

Advising on the effective use of network security equipment, including firewalls and intrusion protection systems.

Maintaining expert-level knowledge of Cloud infrastructures, including IAAS, PAAS, and SAAS, and help the University maintain a secure cloud presence.

Developing and delivering user-friendly training for end-users, data stewards, system administrators, and others as required in support of the above.

Establishing benchmarks and tracking metrics that reflect the effectiveness of University data and information security policy and practice and provide feedback for future development opportunities.

Conducting periodic security audits of the IT environment, develop reports, document results, recommend changes, supervision of implementation plans.

Lead the development, maintenance, and annual evaluation of incident response, including forensics and investigations in the event of a data breach or incident, as well as business continuity and disaster recovery plans.

Participate in University-wide working groups and committees representing and advocating for the interests of a secure and private data environment.

Represent the University as a participant of institutional security collaborations (REN-ISAC, Higher Education Information Security Council, NY 6, etc.).

Maintaining a working knowledge and technical understanding of the interrelationships and interdependencies between and among the systems, services, and products provided and supported by ITS.


Information Security Principles


Demonstrated ability to determine how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. Campus-wide expert on information security. Demonstrated ability to adapt to changing environment, evaluate risk and develop priorities.


Platform Expertise


Demonstrated deep knowledge of information security combined with broad understanding of network and system administration, desktop, mobile and and enterprise environments


Project Management


Demonstrated ability to provide deep functional and technical expertise within a project environment. Contributes to multiple projects simultaneously.


Customer Service


Displays empathy and patience with users of all levels of sophistication. Can successfully support highest profile users on campus. Demonstrated ability to consistently follow through with solutions and information for all types of users. Demonstrated ability to diffuse the most challenging situations and remain calm and focused. Demonstrated ability to assess user sophistication and communicate (oral and written) with customers in an appropriate level of detail. Always conveys confidence to the user in ITS ability to solve issues.


Incident Response


Demonstrated ability to correlate events, recognize and categorize different types of vulnerabilities and associated attacks, and perform incident handling steps.


Security Assessment


Demonstrated ability to evaluate the adequacy of security designs and efficacy of security controls based on cybersecurity principles and tenets.


Personal Accountability for Results


Takes responsibility for decisions, performance, and outcomes; behaves in a responsible manner with a positive attitude; shows self-awareness and openness to feedback.


Effective Communication


Demonstrates effective written and oral communication skills; shares information and seeks input from others; adapts communication to diverse audiences; protects private and confidential information.


Problem Solving and Decision Making


Analyzes and prioritizes situations to identify and solve problems; generates solutions to improve efficiency and quality; involves others in solving problems and making decisions; factors organizational goals into decisions; makes clear, transparent, and timely decisions.


Change Management


Responds positively to changing university initiatives and readily adapts behavior to maintain effective performance; understands the long-term direction of the university and can relate this to the departmental area; adapts to new methodologies; identifies and acts on areas where change is appropriate.


Leadership and Teamwork


Applies skills and knowledge to provide a climate to achieve departmental and organizational success; balances individual and department goals; helps others perform at their best; builds productive relationships to enhance individual and organizational effectiveness; treats others with respect; resolves conflicts among team members.


Creativity and Innovation


Generates, explores, encourages, and implements innovative ways of creating strategic value for the university, division, department, and individual level; critically assesses the effectiveness of new initiatives.


Diversity and Inclusion


Demonstrates respect for people and their differences; understands the benefits of a diverse workforce; earns the trust and respect of others; includes and welcomes others; works to understand the perspective of others; promotes opportunities to experience diversity within our community.

Professional Experience/ Qualifications:

Professional experience and a record of success in the accountabilities of the position.

Technical proficiency in enterprise systems and infrastructure sufficient to credibly work with technical staff to implement security policies and practices.

Excellent communication skills.

Ability to work both independently and within a team. Willing to collaborate, share ideas openly, and learn.

Must be capable of working tactfully and collegially with a diverse group of faculty, staff, and students on a regular basis.

Preferred Qualifications:

Experience in a higher education setting.

One or more applicable Information Security certifications such as Certified Information Systems Security Professional (CISSP).


A minimum of a Bachelor’s Degree in Information Technology, or a related degree preferred, or a combination of education and experience from which comparable skills are attained.

Physical Requirements:

Ability to be on-call nights and weekends.

Other Information:

Colgate is committed to attracting and retaining a diverse faculty, staff, and student population.

We strive to be an inclusive community — one that embraces and values diversity (in the broadest sense possible) in an environment of mutual respect, communication, and engagement. A variety of cultures and perspectives enriches the quality of campus life, and the opportunity to share different views and experiences is at the core of Colgate’s educational enterprise.

These differences can include but are not limited to: race; ethnicity; gender and gender expression; sexual orientation; socioeconomic status; geographic background; national origin; culture; age; mental, cognitive, and physical abilities; religious beliefs; and political beliefs.

As a result, we ask all candidates seeking consideration for the Chief Information Security Officer / Director of Information Security position to submit a diversity statement with their application materials.

To learn more about Colgate’s DEI plan visit

Requisition Number:




Job Open Date:


Open Until Filled:


EEO Statement:

It is the policy of Colgate University not to discriminate against any employee or applicant for employment on the basis of their race, color, creed, religion, age, sex, pregnancy, national origin, marital status, disability, protected Veterans status, sexual orientation, gender identity or expression, genetic information, being or having been victims of domestic violence or stalking, familial status, or any other categories covered by law. Colgate is an Equal Opportunity/Affirmative Action employer. Candidates from historically underrepresented groups, women, persons with disabilities, and protected veterans are encouraged to apply.

Clery Act:

The Campus Safety Department will provide upon request a copy of Colgate’s Annual Security and Fire Safety Report. This report includes statistics as reported to the United States Department of Education for the previous three years concerning reported: 1. crimes that occurred on-campus; in certain off-campus buildings or property owned or controlled by Colgate University; and on public property within, or immediately adjacent to and accessible from, the campus and 2. fires that occurred in student housing facilities. The report also includes institutional policies concerning campus security and fire safety, such as policies concerning sexual assault, life safety systems, and other related matters. To obtain a copy, contact the Campus Safety Compliance Manager via e-mail at [email protected]. You may also access the report from the Campus Safety web page at:




Diversity Profile: University



View more

Learn more on Inside Higher Ed's College Page for University

Arrow pointing right
Job No:
Posted: 11/7/2020
Application Due: 2/5/2021
Work Type: Full Time