Chief Information Security Officer

$120,000 - $120,000/Yr

Dutchess Community College - Poughkeepsie, NY

posted about 2 months ago

Full-time - Senior
Poughkeepsie, NY
Educational Services

About the position

Under the direction of the President or designee, the Chief Information Security Officer (CISO) is responsible for the development and delivery of a comprehensive information security and privacy program. This program is college-wide and includes all formats of information communication for all authorized users. Protecting information and infrastructure from internal or external threats and ensuring the compliance of all statutory and regulatory requirements regarding information access, security, and privacy is of the utmost concern. The CISO is responsible for the development and implementation of information security policies, standards, and procedures to ensure the College is compliant with industry standards for information and cybersecurity. This includes performing ongoing security risk assessments, developing procedures for auditing and incident prevention and response, and serving as the official campus contact for information security and privacy along with law enforcement entities, external auditors, and agencies. The CISO also maintains breach insurance coverage policy and supporting information security policy, and is tasked with the development and delivery of an education and training program on security and privacy matters for the College. Additionally, the CISO maintains security devices such as routers, firewalls, and other networking hardware/software. The CISO provides oversight and direction of DCC's IT operations, which includes directing and approving the design of security systems and IT controls, developing and recommending policies and procedures to handle security incidents, ensuring that disaster recovery and business continuity plans are in place and tested, and developing and implementing security policies, controls, and cyber incident response planning. The CISO is also responsible for reviewing investigations after breaches or incidents, maintaining a current understanding of the IT threat landscape, ensuring compliance with changing laws and applicable regulations, scheduling periodic security audits, overseeing identity and access management, and managing all teams, employees, contractors, and third-party vendors involved in IT security. Furthermore, the CISO provides training and mentoring to security team members and develops a training plan for students, faculty, staff, and the community, including security awareness training. The role also involves monitoring and updating the cybersecurity strategy to leverage new technology and threat information, briefing the executive team on status and risks, and communicating best practices and risk management strategies to the campus community.

Responsibilities

  • Develop and implement information security policies, standards, and procedures.
  • Perform ongoing security risk assessments.
  • Develop procedures for auditing and incident prevention and response.
  • Serve as the official campus contact for information security and privacy.
  • Maintain breach insurance coverage policy and supporting information security policy.
  • Develop and deliver an education and training program on security and privacy matters for the College.
  • Maintain security devices such as routers, firewalls, and other networking hardware/software.
  • Direct and approve the design of security systems and IT controls.
  • Develop and recommend policies and procedures to handle security incidents and coordinate investigative activities.
  • Ensure that disaster recovery and business continuity plans are in place and tested.
  • Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
  • Maintain a current understanding of the IT threat landscape for the industry.
  • Ensure compliance with changing laws and applicable regulations and translate that knowledge to identification of risks and implementation of actionable plans.
  • Schedule periodic security audits.
  • Oversee identity and access management and policies.
  • Implement cybersecurity policies and procedures including communication and compliance.
  • Manage all teams, employees, contractors, and third-party vendors involved in IT security.
  • Provide training and mentoring to security team members.
  • Develop and implement a training plan for students, faculty, staff, and community, including security awareness training.
  • Monitor and update the cybersecurity strategy to leverage new technology and threat information.
  • Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget.
  • Communicate best practices and risk management strategies to the campus community.

Requirements

  • Bachelor's degree in Computer Science, Engineering or related discipline from a regionally accredited college or university required.
  • Minimum five (5) to eight (8) years of experience in information security, information technology or related field.
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
  • Excellent written and verbal communication skills and high level of personal integrity.
  • Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
  • Experience with contract and vendor negotiations and management including managed services.
  • Specific experience in Agile (scaled) software development or other best in class development practices.
  • Experience with Cloud computing/Elastic computing across virtualized environments.
  • Strong understanding of a wide variety of cybersecurity attacks, threats, threat analysis, ethical hacking and system auditing coupled with experience with incident management.
  • Experience with adherence to and influencing global cybersecurity regulations.
  • Strong knowledge of network infrastructure, routing, switching, servers, clients, and mobile computing.
  • Able to align and connect business strategies with technology solutions that will mitigate risk.
  • Proven ability to interface and develop relationships with governmental agencies who can assist with threat assessments and worldwide security issues.
  • Ability to communicate complex technical challenges in a non-technical and simplified manner to business audience.

Nice-to-haves

  • Certifications such as CCNA, CCIE, CISSP, CISM, GIAC, MCSE, CCSP or equivalent, CEH are preferred.
  • Advanced technical or business degree, preferred.

Benefits

  • Retirement
  • Medical
  • Vision
  • Dental
  • PTO

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service