Chief Information Security Officer

Gaston College - Dallas, NC

posted 5 months ago

Full-time - Senior
Dallas, NC
Educational Services

About the position

The Chief Information Security Officer (CISO) at Gaston College is tasked with establishing and maintaining a comprehensive information security program to protect the college's information assets and associated technology. This role is critical in ensuring that the college's digital ecosystem is secure, and it involves identifying, evaluating, and reporting on various risks related to information security, IT, and cybersecurity. The CISO will work closely with senior administration, academic leaders, and the campus community to advocate for the institution's information security needs and to develop strategies that align with the college's business objectives. As a member of the Technology Services leadership team, the CISO will report directly to the Chief Operating Officer (COO) and will play a key role in college leadership. The position requires a visionary leader with a deep understanding of the college environment and a solid grasp of cybersecurity technologies. The CISO will collaborate with various business units and ecosystem partners to implement practices that adhere to established policies and standards for information security. This includes overseeing a range of cybersecurity and risk management activities to ensure that business processes dependent on technology are secure and effective. The CISO will lead the development and implementation of a security program that leverages campus-wide resources and facilitates information security governance. This includes advising senior leadership on security direction, resource investments, and designing policies to manage information security risks. The complexity of this role necessitates an engaging and collaborative leadership style, as the CISO will need to balance security strategies with other institutional priorities. The CISO will also be responsible for monitoring the external threat environment, developing disaster recovery policies, and ensuring compliance with relevant legislation and standards.

Responsibilities

  • Lead the information security function across the college to ensure consistent and high-quality information security management in support of the business goals.
  • Provide guidance and counsel to the CIO and key members of the college leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security.
  • Promote collaborative, empowered working environments across campus, removing barriers and realizing possibilities.
  • Facilitate an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
  • Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire institution in support of academic and administrative information systems and technology.
  • Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
  • Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas.
  • Provide regular reporting on the current status of the information security program to enterprise risk teams and the Executive Management team as part of a strategic enterprise risk management program, thus supporting business outcomes.
  • Manage the budget for the information security function, monitoring and reporting discrepancies.
  • Develop an information security vision and strategy that is aligned to the college priorities and enables and facilitates the college's business objectives, and ensures senior stakeholder buy-in and mandate.
  • Develop, implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the college.
  • Develop and enhance an up-to-date information security management framework based on the following: National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), CIS Controls, or Security Operations Center (SOC).
  • Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
  • Develop and maintain a document framework of continuously up-to-date information security policies, standards and guidelines. Oversee the approval and publication of these information security policies and practices.
  • Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.
  • Work closely with CIO, technical experts, deans and administrative leaders across campus on a wide variety of security issues that require an in-depth understanding of the IT environment in their units.
  • Create the necessary internal networks among the information security team and line-of-business executives, compliance & audit, physical security, legal and HR management teams to ensure alignment as required.
  • Build and nurture external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.
  • Liaise with external agencies, such as the North Carolina Community College System Information Security Office, law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
  • Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
  • Pursue security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program.
  • Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
  • Define and facilitate the processes for information security risk and for legal and regulatory assessments.
  • Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
  • Develop and oversee effective disaster recovery policies and standards to align with the college business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the institution's perimeter.
  • Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas.
  • Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem.
  • Monitor security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidents that arise.
  • Convene Ad Hoc Security Committee as appropriate and provide leadership for breach response and notification actions for the college.
  • Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
  • Examine impacts of new technologies on the college's overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
  • Coordinate and track all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes.
  • Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.
  • Maintain a high standard of professional and ethical practice in representing the College. Maintain confidentiality of relevant information. Demonstrate a thorough knowledge of the field or discipline with continued adherence to professional accountability. Establish and maintain effective working relationships and partnerships. Accept responsibility for managing situations and problems. Work cooperatively with team members and colleagues and contribute positively and constructively to the achievement of team and College objectives. Adhere to the College's policies, procedures, and other established guidelines.
  • Serve on various College committees as required.
  • Perform other duties as assigned.

Requirements

  • Bachelor's degree in a technology or Business related field of study such as Computer Science, Information Technology, Cybersecurity, Business or Business Information Systems required.
  • Seven (7) to ten (10) years of related experience in a combination of risk management, information security and IT roles required.
  • Active security certifications (e.g.: CISSP, CISM, CEH, GCIA, GCIH, SANS, NSA IAM) preferred.
  • Knowledge of and experience applying security control requirements for information security standards (e.g.: FERPA, HIPAA, PCI DSS, IRS 1075, or other federal compliance requirements).
  • Demonstrated project management experience with cyber security program management, cyber exercise planning, incident response and monitoring, and security vulnerability/patch management.
  • Demonstrated supervisory experience leading a technical team in developing and transitioning cybersecurity capabilities.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and ability to work under pressure in emergencies and communicate cyber security and risk-related concepts to colleagues required.
  • Strong leadership skills that incorporate organizational, analytical, decision-making, and team-building skills.
  • Experience in developing information security policies, procedures, standards, and guidelines, and successfully executing cyber security programs required.
  • Comprehensive understanding of industry standards and requirements for information security management, state and federal statutes, and third-party security assessments.
  • Demonstrated experience in internet and network security products and platforms, including intrusion detection, intrusion prevention, incident response, vulnerability assessments and penetration testing.
  • Advanced knowledge of attack vectors, threat trends, mitigation strategies, intrusion analysis, malware analysis, anomalous behavior, and incident response protocols.
  • Excellent knowledge of information security alerts, threat trends, intrusion analysis, malware, anomalous behavior, forensic research, and incident response protocols.
  • Ability to work nights and weekends as needed to resolve security related issues.
  • Eligibility to obtain and maintain a Division of Criminal Investigation (DCI) certification required. In addition to the standard background check, this position requires having a clear fingerprint-based criminal records search through the State Bureau of Investigation (SBI).

Nice-to-haves

  • Experience with cloud security and data protection strategies.
  • Familiarity with emerging technologies and their implications for information security.
  • Experience in higher education information security management.

Benefits

  • Health insurance coverage
  • Dental insurance coverage
  • Vision insurance coverage
  • Retirement savings plan (401k)
  • Paid holidays
  • Paid time off (PTO)
  • Professional development opportunities
  • Flexible scheduling options

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service