Chief Information Security Officer
The Chief Information Security Officer (CISO) at the University of North Carolina at Chapel Hill is one of the University’s senior technology leaders. Reporting directly to the Office of the Chief Information Officer, s/he will serve as the information security officer for the University, with all related responsibilities. The Chief Information Security Officer will work to ensure the existence of a highly secure technology environment for UNC Chapel Hill. The Chief Information Security Officer will lead and participate in various committees and working groups to ensure that collaboration and coordination occur with all impacted campus entities. With coordinated support and direction from the Office of the CIO, The Chief Information Security Officer is part of a group of senior technology administrators responsible for ensuring that the culture and mission of the University are supported by information technology. The Chief Information Security Officer directly supports the University's education, research and public service mission. •Research grant applications now routinely require details about the University's Information Security program and IT Security plans documenting how research data will be protected. •Teaching and learning activities rely on the availability and reliability of computing resources; information security helps to ensure secure access. •Federal and State regulatory compliance efforts for research and education call for a strong Information Security program. •The University's national reputation and academic standing could be severely damaged by the negative press resulting from any significant error in information security. The Chief Information Security Officer is responsible for: •Developing and maintaining a highly respected, robust Information Security Program for the University. •Working with schools and academic units to ensure protection of data used in support of the University’s mission of education, research and public service. •Creating and implementing a full-scale security awareness program to ensure campus constituents are properly educated on best practices to follow in performing their work and in risks to the University if policy and procedures are not followed. •Working with security and compliance committees and working groups to ensure full collaboration and consistency across the campus in implementation of security-related policies, standards and procedures. •Coordinating with University Counsel, Internal Audit, and law enforcement officials to ensure information security compliance with all legal and regulatory requirements in order to minimize the risk of interruption to academic and research activities. •Serving as the UNC Chapel Hill HIPAA Security Officer, chairing the HIPAA Steering Committee and participating in other HIPAA-related activities and working groups as needed. •Managing and/or coordinating the proper handling of copyright issues, including receiving, tracking and resolving these issues. •Coordinating the development and periodic testing of disaster recovery plans and business continuity plans for ITS. •Establishing and implementing appropriate policy and practices to maintain a highly secure network and system infrastructure at UNC Chapel Hill that protects the confidentiality, integrity and availability of University resources. •Providing senior technical, administrative, planning, and leadership necessary to maintain an effective IT security program for UNC Chapel Hill. •Providing leadership to the ITS security team, which has operational responsibility for centrally-managed security prevention and detection devices, anti-virus and vulnerability assessment solutions and advisory responsibility for all other centrally-managed systems and the University network. •Enforcing acceptable use policies for the campus, coordinating with appropriate campus units as needed. •Providing executive level leadership for a team that provisions and operates the firewall solutions. •Providing leadership for risk assessment and compliance activities. •Attesting on behalf of the University for a number of compliance purposes. An undergraduate degree in a related field is required, and an advanced degree is preferred. CISSP is required; additional security-related credentials preferred. Five to ten years of IT management experience is preferred and experience as the senior IT security official for an organization is highly desirable. Demonstrated ability to implement an IT Security program in a Higher Education institution is required. Demonstrated and specific experience managing a variety of IT security activities. Demonstrated ability to successfully address regulatory requirements and compliance issues in High Education. Demonstrated ability to communicate effectively and negotiate successful outcomes is required. Salary Range: $130,000 to $150,000 Information Technology Services: http://its.unc.edu/ Interested applicants must go to the UNC-CH job search page to apply for this position: http://unc.peopleadmin.com/postings/45603 The University of North Carolina at Chapel Hill is an equal opportunity, affirmative action employer and welcomes all to apply regardless of race, color, gender, national origin, age, religion, creed, genetic information, sexual orientation, gender identity or gender expression. We also encourage protected veterans and individuals with disabilities to apply.