Chief Information Security Officer (CISO)

Work Location: 837 Chestnut Ridge Road, Morgantown, WV, 26505 (Required)

Classification: Salary, Full-Time Benefits, FLSA Exempt

Application Deadline: Open Until Filled.

Job Summary

The Chief Information Security Officer (CISO) reports to the Director and is a member of the senior leadership team.  The CISO is responsible for the development, implementation and maintenance of the organization’s information security program, facilitating information security compliance, advising senior leadership on security direction and resource investments, and establishing and implementing appropriate policies to manage information security risk.  The CISO is an advocate for effective cyber security practices and is responsible for the development and delivery of a comprehensive information security plan to optimize our security posture.

Duties & Responsibilities

Program Leadership

  • Responsible for the strategic leadership of WVNET’s information security program.
  • Provide guidance and counsel to the Director and senior leadership in defining objectives for information security, while building relationships and goodwill across the organization and among our customers.
  • Manage the information security governance process, including chairing the Information Security Advisory Committee, to support an information security program and project priorities.
  • Manage the information security planning process to establish an inclusive and comprehensive information security program for the entire organization. Identify and advocate annual and long-range security goals and strategies.
  • Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level, and communicate to senior leadership on a regular basis about those topics.  Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
  • Manage third-party relationships and technology vendors that provide information security functions to ensure contract compliance. Facilitate communication between staff, administration, vendors, and other technology resources within and outside of the organization
  • Policy, Compliance and Audit
  • Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
  • Lead efforts to internally assess, evaluate and make recommendations to administration regarding the adequacy of the security controls for all information and technology systems.
  • Work with state auditors, WV Office of Technology, and outside consultants as appropriate on required security assessments and audits. 
  • Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light.  Provide guidance, evaluation and advocacy on audit responses.

Risk Management and Incident Response

  • Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidents.  Provide leadership for breach response and notification actions.
  • Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
  • Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
  • Examine impacts of new technologies on WVNET’s overall information security. Establish processes to review implementation of new technologies to ensure security compliance.

Outreach, Education and Training

  • Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
  • Work with department leaders to build awareness and a sense of common purpose around security.

Knowledge, Skills, & Abilities

  • Demonstrate current knowledge of emerging privacy legislation, security threats, technical challenges, and developments in system protection and IT security standards.
  • Demonstrate current knowledge of latest security regulations, adversaries, alerts, and vulnerabilities.
  • Advanced knowledge of information security management frameworks.
  • Demonstrated experience advising and collaborating with senior management.
  • Working knowledge and experience in the policy and regulatory environment of information security, particularly in higher education, is highly desirable.
  • Experience with risk mitigation and management preferred.
  • Demonstrated project management skills, financial/budget management, and resource management.
  • Excellent written and verbal communication skills and high level of personal integrity, innovative thinking and leadership with an ability to lead and motivate diverse, cross-functional teams.
  • Significant experience in computing and information security, network security issues, and security incident response and recovery is required, preferably in a higher education environment.

Education / Experience

Bachelor’s degree in computer science, information system, information assurance, cyber security, or a technology-related fieldRequired
Master’s degree in the same fields of study.Preferred
Experience working in an information technology organization.10 years
Experience working in an information security role or department.5 years
Experience working in higher education.Preferred
Professional security certification (e.g., CISSP, CISM/A)Preferred

Salary / Benefits

Salary range is commensurate with experience. Additionally, WVNET offers an excellent benefits package which includes comprehensive health, retirement, and insurance plans as well as generous amounts of vacation, sick, and holiday leave

Equal Opportunity/Affirmative Action Employer/Veterans/Disabled

The West Virginia Network for Educational Telecomputing (WVNET) is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, or protected veteran status and will not be discriminated against on the basis of disability. WVNET provides a collegial, respectful and inclusive environment that values the diversity, creativity and contributions of its staff.

To Apply:

Submit cover letter and resume to: careers@staff.wvnet.edu

Scroll Up
Copy link
Powered by Social Snap