Job Description - Chief Information Security Officer (INF)
Job Description
Chief Information Security Officer - ( INF )
Description
About the Position:
Looking for an opportunity to lead an incredibly talented, small, focused, energetic and pivotal Information Security Team with a stellar mission?Look no further.
Working for SMU supports more than higher education, we're on the mission of raising up the next generation of World Changers, helping them create a better future for themselves, their families, and society at large. SMU is also committed to benefiting staff: providing an outstanding place to work, with world-class benefits, for a diverse workforce of high-performing student and faculty-focused professionals, at one of the highest-ranked places to work in the DFW Metroplex. And Information Security works at the core of the IT services and infrastructure the University relies upon to successfully deliver on this mission, creating safe online-first solutions to facilitate our exceptional learning experiences.
The Chief Information Security Officer (CISO) is a senior-level leader responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO is also responsible for ensuring the University's academic and administrative information resources are protected from security breaches, consistent with regulatory and compliance obligations.
This role is an on-campus, in-person position.
Essential Functions:
- IT Leadership: The CISO works alongside peers as a team member under the CIO, and with key university constituents, contributing directly to executing the University mission, and setting the IT, and IT Security direction of the University.
- IT Risk Management: Develop, implement, and monitor a strategic, comprehensive information security and IT risk management program to ensure the integrity, confidentiality, and availability of the University's information assets. Conduct architecture reviews, risk assessments, and business impact analyses for IT projects and technologies. Develop a risk management plan that will anticipate and neutralize potential threats to university IT assets and personal data.
- Policies and Procedures: Oversee the establishment and maintenance of security policies, standards, and procedures in line with best practices and regulatory requirements.
- Security Architecture and Operations: Lead strategic security planning in concert with IT leaders, contributing to infrastructure design, application development, and disaster recovery frameworks.Oversee the operation of the Security Operations Center (SOC). Advise on, and assist with the management of, network and endpoint security controls. Lead the security aspects of cloud strategy and deployment.Manage tools and processes for vulnerability scanning and regular security assessments, ensuring continuous monitoring and proactive incident response. Generate security solutions and services to continuously advance the organization's security posture.
- Compliance and Audit:Ensure compliance with a range of regulations including FERPA, HIPAA, GLB, PCI, and others. Respond to internal and external audits and oversee remediation efforts for any deficiencies identified.
- Vendor and Relationship Management: Manage security aspects of vendor relationships, from assessments to attestations, assisting in management of vendor compliance to security policies. Build and maintain relationships with university constituents, Higher-Ed groups, professional organizations, local law enforcement, federal agencies, and other relevant external agencies.
- Training: Develop and implement security training for faculty and staff to ensure security awareness and compliance.
- Incident Response and Forensics: Oversee the incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with breaches.
- Governance and Strategic Initiatives: Participate in governance committees and collaborate across various university departments to embed data security into university operations.
- Insurance and Risk Transfer: Work with the Office of Risk Management to ensure cyber insurance procurement, maintenance, and claims response.
Qualifications
Education and Experience:
Prior managerial experience in an Information Technology and service context.
Professional IT security management certification, such as a CISSP, CISM, or similar.
Extensive experience (7+ years) in information security and/or IT risk management with a focus on security, performance, and reliability.
Experience running a security program in a complex environment.
Solid understanding of security protocols and operations.
Working knowledge of current IT risks and experience implementing security solutions.
Knowledge, Skills and Abilities:
Candidate must demonstrate strong interpersonal and verbal communication skills, with the ability to communicate broadly across the University and develop and maintain effective relationships with a wide range of constituencies. Must also demonstrate strong written communication skills.
Candidate should have the ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.Candidate must possess strong problem-solving skills to effectively influence decision-making in key negotiations.
Candidate should be able to perform hands-on, operational work when necessary.
Salary Range:
Salary commensurate with experience and qualifications
Reports To:
This position reports to the Chief Information Officer (CIO) of the University
Physical and Environmental Demands:
- Sit for long periods of time
Deadline to Apply:
This position is open until filled.
About SMU:
SMU's more than 12,000 diverse, high-achieving students come from all 50 states and over 80 countries to take advantage of the University's small classes, meaningful research opportunities, leadership development, community service, international study and innovative programs.
SMU serves approximately 7,000 undergraduates and 5,000 graduate students through eight degree-granting schools: Dedman College of Humanities and Sciences, Cox School of Business, Lyle School of Engineering, Meadows School of the Arts, Simmons School of Education and Human Development, Dedman School of Law, Perkins School of Theology and Moody School of Graduate and Advanced Studies.
SMU is data driven, and its powerful supercomputing ecosystem - paired with entrepreneurial drive - creates an unrivaled environment for the University to deliver research excellence.
Now in its second century of achievement, SMU is recognized for the ways it supports students, faculty and alumni as they become ethical, enterprising leaders in their professions and communities. SMU's relationship with Dallas - the dynamic center of one of the nation's fastest-growing regions - offers unique learning, research, social and career opportunities that provide a launch pad for global impact.
SMU is nonsectarian in its teaching and committed to academic freedom and open inquiry.
EEO Statement:
SMU will not discriminate in any program or activity on the basis of race, color, religion, national origin, sex, age, disability, genetic information, veteran status, sexual orientation, or gender identity and expression. The Executive Director for Access and Equity/Title IX Coordinator is designated to handle inquiries regarding nondiscrimination policies and may be reached at the Perkins Administration Building, Room 204, 6425 Boaz Lane, Dallas, TX 75205 .
SMU offers staff a broad, competitive array of health and related benefits. In addition to traditional benefits such as health, dental, and vision plans, SMU offers a wide range of wellness programs to help attract, support, and retain our employees whose work continues to make SMU an outstanding education and research institution.
SMU is committed to providing an array of retirement programs that benefit and protect you and your family throughout your working years at SMU and, if you meet SMU's retirement eligibility criteria, during your retirement years after you leave SMU.
The value of learning at SMU isn't just about preparing our students for the future. Employees have access to a wide variety of professional and personal development opportunities, including tuition benefits.