Chief Information Security & Privacy Officer - 002381
Western Carolina University Department: IT Security Office
About WCU: Western Carolina University continues to rank high on Forbes Best Employers lists each year. Including:
• 2024 Ranking in the top 8.5% on Forbes America s Best Midsize Employers list, WCU was ranked 34 out of the top 400 employers across all industries.
• 2023 Ranked in the top 20% on Forbes America s Best Midsize Employers list, WCU was ranked 97 out of the top 500 employers across all industries.
• 2022 Ranked 14th in the top 100 employers in North Carolina in Forbes America s Best Employers by State list.
Western Carolina University is the UNC system s westernmost campus and has been consistently ranked as one of the top 15 public regional institutions in the South.
Employees of WCU are provided a comprehensive benefits package as well as other resources, policies and programs to ensure a happy and healthy work/life balance. Benefit eligible employees have access to dental, vision and health insurance plans eligibility begins on the first of the month following date of hire. Retirement plan contributions begin on the eligibility date following election and include employer contributions for either a defined contribution or a defined benefit plan. Optional disability plans are also available.
Eligible employees have access to tuition waivers for up to three courses per academic year; employee may enroll at any of the constituent UNC System campuses. Also offered are free group exercise classes multiple times per week, a discounted membership to the campus recreation center, free vaccine and booster shots offered on campus, pretax flexible spending accounts, 12 paid holidays and 24 hours of paid community service leave each year. Leave earning employees (staff and 12-month faculty) who work at least half of the working days of their first month of employment will begin accruing vacation and sick leave immediately. Paid parental leave after 12 months of continuous service.
WCU offers an abundance of training and development programs, certifications, workshops and conferences many of which are offered free of charge.
Position Summary: The primary location of this position is on-site at the main Cullowhee, NC campus. This position is designated as being exempt from the State of North Carolina Human Resources Act (EHRA).
The Chief Information Security & Privacy Officer (CISPO) reports directly to the university Chief Information Officer and manages the IT Security Office, overseeing operational security staff in their responsibilities for information security governance, policy, risk, compliance, training, incident detection, and incident response. The CISPO is primarily responsible for the information security governance, risk, compliance (GRC), policy, training, incident detection and incident response efforts for WCU.
Additionally, the office will consult with other IT staff and other campus departments on information security needs and concerns. In alignment with ISO 27002 (information security standard) and ISO 27701 (information privacy standard) adopted by WCU and the UNC System, this position will manage repercussions and recovery in the case of any security breach. In addition to GRC work, the CISPO will oversee operational security detection efforts performed by other staff across the IT division. This position has institutional scope of responsibility and will manage all aspects of departmental functions such as budgeting, strategic planning and working with vendors and providers.
The CISPO is required to work closely and collaboratively with all units within the IT Division, as well as divisions and departments across the campus. Extensive work with University Legal Counsel and Internal Audit is expected.
In 2024, EDUCAUSE recognized former WCU CISPO, Joel McKenzie, for his novel approach in merging the CISO role with the Privacy Officer, to illustrate a proactive approach to their Top 10 item: Institutional Resilience.
Knowledge, Skills, and Abilities Required for this position: Minimum Qualifications: - Bachelor s degree in computer science, business analytics or related field.
- Minimum of three (3) years of progressively responsible experience working within multiple areas of information security.
- Demonstrated ability to work across the university at all levels, including at the executive level, to proactively propose, communicate the need for, and implement necessary security practices both currently and for the future.
- Demonstrated excellence in oral, written, and interpersonal communications skills, including the ability to explain technical concepts in non-technical terms.
- Strong analytical skills in identifying and resolving problems or finding acceptable solutions to problems.
- Demonstrated experience with and knowledge of:
- networking technologies and security practices
- data center and system administration security practices
- endpoint device security for various operating systems, and
- identity and access control methodologies
- Demonstrated excellence in customer service and support-oriented approaches.
- Experience managing multiple simultaneous initiatives with minimal supervision.
- Ability to work effectively in a fast-paced, highly dynamic, cross-team environment.
- Strong attention to detail.
- Ability and commitment to receive CISSP certification within eighteen months (if not already certified).
Preferred Qualifications: - Master s degree in business administration or information security.
- More than five (5) years of progressively responsible experience working within multiple areas of information security.
- CISSP certification.
Position Type: Permanent Full-Time
Special Instructions to Applicants: Application materials must be submitted online. Review of applications will begin immediately and will continue until a candidate has been selected for hire.
All formal communication will be handled through email. Please monitor your junk or spam folders for missed messages.
Please include a
- a cover letter addressing qualifications as related to the job requirements
- a current resume
- a list of three recent (within past five years) professional references (which include name, title, email, phone, and relationship) in order to complete the application.
For questions or additional information please contact Jason Lavigne at
AA/EOE Western Carolina University is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race; color; ethnicity; religion; sex; pregnancy; sexual orientation; gender identity or expression; national origin; age; disability; genetic information; political affiliation; National Guard or veteran status, consistent with applicable federal, state and local laws, regulations, and policies, and the policies of The University of North Carolina. Persons with disabilities requiring accommodations in the application and interview process please call or email at .
University Safety The Western Carolina University Annual Safety Report is available online at University Annual Safety Report or in hard-copy by request at the office of the Vice Chancellor for Student Affairs, 227 HFR Administration Building, Cullowhee, NC 28723 ) or the Office of University Police, 111 Camp Annex, Cullowhee, NC 28723 ). The report, required of all universities participating in Title IV student financial aid programs, discusses crime statistics, procedures for reporting suspicious or criminal activity, security, police authority, crime prevention strategies, university policies on substance abuse and sexual offenses, workplace violence and fire safety.
To apply, please visit: Copyright 2025 Inc. All rights reserved.
Posted by the FREE value-added recruitment advertising agency
jeid-38ea7e218c00094bac7f472bea8337dc