IT Senior Director/CISO

Company: University of Oklahoma
Location: Norman
Posted on: January 16, 2023

Job Description:

Job Description - IT Senior Director/CISO (230081) IT Senior Director/CISO - Job Number: 230081 Organization : Information Technology Job Location Schedule : Full-time Work Schedule : Normal hours are M-F 8:00-5:00 Salary Range : Targeted salary $150,000 based on experience Benefits Provided : Yes Required Attachments : Resume Job Description - - - Chief Information Security Officer The University of Oklahoma seeks an experienced and visionary leader to join an exciting community of information technology professionals supporting the institution's mission: To provide the best possible educational experience for our students through excellence in teaching, research and creative activity, and service to the state and society. The Chief Information Security Officer (CISO) develops and executes the information security strategy, program, plans, and controls for the university. The CISO provides guidance and counsel to the University's executive management, academic leaders, and the University community and advocates for the institution's security needs while enhancing the security posture and reducing the overall cybersecurity risk of the institution. The CISO facilitates information security governance and reporting on overall security program effectiveness to the IT Executive Steering Committee and the University's Chief Information Officer. Duties and Responsibilities Leadership

• Responsible for the University's information security program.
• Provide guidance and counsel to the CIO and members of the IT leadership team. -
• Work with appropriate personnel to oversee the operation of a university wide information security organization.
• Develop and maintain information security budgets, personnel, including hiring, training, development and performance management. -
• Work with IT governance committees in defining policy and program direction for the university that addresses compliance requirements and cybersecurity risk. Policy, Compliance and Audit
  • Lead the development and implementation of effective policies, standards, and guidelines to secure protected and sensitive data.
  • Aligns the information security program with relevant compliance requirements from industry, local, state, and federal legislation.
  • Lead efforts to internally assess, evaluate and make recommendations to executive management regarding the adequacy of the security controls.
  • Coordinate, respond, and track all information technology and security related audits.
  • Coordinate research computing security needs with stakeholders in the research community, including research containing sensitive or controlled unclassified information. Outreach, Education and Training
    • Work closely with the University's executive management, academic leaders, administrative leaders, and the University community on a wide variety of security issues. Maintains currency of knowledge of security threats and threat actor practices, intelligence and industry experiences, and developments in effective mitigation tools and practices.
    • Lead education and awareness programs and advise operating units on all levels on security issues, best practices, and vulnerabilities.
    • Work with IT campus leadership to build awareness and a sense of common purpose around security. -
    • Pursue student security initiatives to address unique needs in protecting identity, mobile social media security and online reputation programs. -
    • Establish training programs for constituents to recognize cyber threats and respond appropriately. Risk Management and Incident Response
      • Keep abreast of security incidents as they occur and act as primary control point during significant information security incidents. Convene a Computer Security Incident Response Team (CSIRT) as needed, or requested, in addressing and investigating security incidences that arise. -
      • Supervise efforts to develop and implement technical security standards and security tool sets that will address and mitigate security risk, protect data and assets, detect and respond to security incidents.
      • Facilitate the development and sustainment of a Security Operations Center that monitors security architecture and tools for alerts to quickly respond to potentially malicious events or incidents.
      • Assist university risk management teams with cybersecurity insurance renewals and processes
      • Develop overall risk metrics, reporting, key performance indicators, and dashboards to communicate cyber risk to university leadership and IT governance committees Job Requirements - - - Required Education: -Bachelor's degree, AND: -
        • 36 months of experience in a combination of risk management, information security and IT work. Equivalency Substitution: -Will accept 48 months of related experience in lieu of the bachelors degree for a total of 84 months of related experience. Skills:
          • Broad knowledge of computer security issues, requirements, and trends.
          • Knowledge of common information security management frameworks such as NIST CSF, ISO 27001, CIS 20, etc.
          • Knowledge of Federal, State and Industry information security guidelines, laws, and requirements such as HIPAA, PCI, FERPA, GLBA, etc.
          • Knowledge and experience with emerging secure research controls and best practices.
          • Strong interpersonal and communication skills.
          • Ability to work effectively with demographically and technologically diverse constituents.
          • Skilled in developing policy and procedure in a complex, decentralized environment.
          • The ability to evaluate security software products, oversee the installation and implementation, and interpret findings for practical use. Certifications:
            • CISSP or equivalent (CISA, CISM, GIAC) Advertised Physical Requirements:
              • Physical: -Sit for prolonged periods. Manual dexterity. -Ability to engage in repetitive motion. Environmental: Office Work Environment. Departmental Preferences:
                • None Supervision: 3 - Info Sec Svcs Dir Special Instructions: If you are selected as a final candidate for this position, you will be subject to The University of Oklahoma Norman Campus Tuberculosis Testing policy. To view the policy, visit - https://hr.ou.edu/Policies-Handbooks/TB-Testing . Diversity Statement: The University of Oklahoma is committed to achieving a diverse, equitable, and inclusive university community by recognizing each person's unique contributions, background, and perspectives. The University of Oklahoma strives to cultivate a sense of belonging and emotional support for all, recognizing that fostering an inclusive environment for all is vital in the pursuit of academic and inclusive excellence in all aspects of our institutional mission. Equal Employment Opportunity Statement : The University of Oklahoma, in compliance with all applicable federal and state laws and regulations, does not discriminate based on race, color, national origin, sex, sexual orientation, genetic information, gender identity, gender expression, age, religion, disability, political beliefs, or status as a veteran in any of its policies, practices, or procedures. This includes, but is not limited to, -admissions, employment, financial aid, housing, services in educational programs or activities, and health care services that the University operates or provides. Hiring contingent upon a Background Check? - Yes Special Indications : None Job Posting : Jan 11, 2023 JOB DESCRIPTION HELP Required Attachments Documents required for this position are listed under the "Required Attachments" section of this job listing. You will be required to upload and attach these documents in the application process. Important: ALL required documents must be attached to your job application or your documents will not be visible to the hiring department!

Keywords: University of Oklahoma, Norman , IT Senior Director/CISO, Executive , Norman, Oklahoma