Chief Information Security Officer, ITS (2760)

Chief Information Security Officer, ITS (2760)

Pocatello - Main

Institution Information

Idaho State University, established in 1901, is a Carnegie-classified doctoral research and teaching institution, with a culture built on trust, compassion, stability, and hope. ISU serves over 12,000 students in Pocatello, Meridian, Twin Falls, and Idaho Falls. Students and faculty at ISU are leading the way in cutting-edge research and innovative solutions. We are proud to offer exceptional academics nestled in the grand, natural beauty of the West. We invite you to apply to be a part of our University community!

Job Description

The Chief Information Security Officer (CISO) is responsible for overall planning, development, implementation, and oversight of the University's campus-wide information security program. The CISO works collaboratively with the campus community to establish information security programs, including: information security policy, practices, and standards; information security awareness and training; information security incident response and management; risk assessment and management; and cybersecurity related IT architecture. Additionally, the CISO serves as the primary information security liaison to federal, state, local and professional organizations. This leadership position reports to the Chief Information Officer (CIO). The position will supervise information security staff and student employees with oversight responsibilities across campus for best secured practices. The CISO, after collaborating with ITS professionals and other campus constituents, will be responsible for recommending security technology solutions and security related policies to the CIO.

May be eligible for part-time hybrid remote work (as determined by supervisor; not to exceed 8 days per month).

Key Responsibilities

Responsible for designing, coordinating, implementing and enforcing Idaho State University's Information Security Program by:

• Assuming overall responsibility for developing and maintaining the university information security program

• Establishing and enforcing information security policy, standards and practices

• Identifying and addressing compliance requirements

• Developing, implementing and maintaining information security incident response protocols

• Providing systems forensics when necessary

• Serving as liaison to federal, state, local, and professional organizations

• Providing leadership and visibility in the area of information security for Idaho State University

• Providing reports on the current status of ISU's information security and compliance

• Serving as ISU's primary point of contact for all information security requests and questions

Develop and maintain a coordinated plan for information security technology by:

• Coordinating with ITS units and departmental system admins in the identification of an appropriate mix of security technologies

• Developing strong relationships with ISU constituents and other state security officers

• Proposing technologies, budgets and implementation activities to ISU leadership

• Maintaining strong knowledge of current industry trends

• Maintaining technical competence in chosen tools

• Participating in industry groups, networking with peers, and developing collaborations

• Coordinating third-party security assessments as necessary Manage ISU's Information Security personnel Participate in Campus leadership

Minimum Qualifications

• Bachelor's degree in Computer Science, Management Information Systems, or related field

• Possess, or obtain within the first six months, Certified Information Systems Security Professional (CISSP) or other relative information systems security certification.

• Extensive knowledge of and 5 years' experience in information security

• Knowledge of laws and regulations including but not limited to: Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability Accountability Act (HIPAA), Gramm-Leach- Bliley (GLB) Act, and Sarbanes-Oxley

• Capability and experience in establishing processes to review implementation of new technologies to ensure security compliance

• Demonstrated skills in team building, training, coaching, mentorship, and leadership with 5 years' experience managing staff

• Demonstrated ability to collaborate with cybersecurity faculty and students in productive ways

• Knowledge of information regulatory requirements and standards such as ISO 27001/2, Critical Security controls and NIST 800-171

• Excellent interpersonal, written, and oral communication skills with the ability to communicate security-related concepts to a broad range of technical and non-technical staff

• Experience in managing as well as in negotiating vendor contracts and agreements with end users, service providers and regulatory agencies

• Proven problem solver who is experienced with information security related issues involving identity and access management, intrusion detection, forensics, incident management, risk management and/or auditing

• Successful experience working, collaborating and establishing credibility and relationships with senior leadership, colleagues and customers

Preferred Qualifications

• Master's Degree or equivalent work experience preferred

• Knowledge of research, administrative, and instructional computing needs (including library support, university advancements, academic, and administrative services)

• Demonstrated knowledge of developing an information security awareness and training program

• Demonstrated experience with developing and maintaining information security policies

• Technical experience in network administration, system administration, application development, database administration, systems analysis, and/or data center operations

• Knowledge of networking fabric design, firewalls, and software implementations

• Experience in developing total cost of ownership analyses for large technology implementations

• Experience in preparing grant proposals and in investigating enhanced funding models

• Experience in committee and task force leadership

Additional Information

You must submit your CV/resume, cover letter, and list of three (3) professional references, including current contact information. This position will remain open until it is filled; however, priority consideration will be given to applications received on or before July 8, 2024. Salary will be between $120,000 - $140,000 per year, commensurate with education and experience. Benefits include comprehensive health, dental, and vision; life insurance; disability plan; employee assistance program (EAP); excellent retirement options and company contribution; and generous paid time off/sick leave accrual. All offers of employment are conditional pending the successful completion of a background investigation, provided by HireRight.

Posting Number: req2234

Type: Working 12 months per year

Position: Non-classified Staff

Division: Information Technology Services

The State of Idaho is committed to providing equal employment opportunities and prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on their race, color, religion, political affiliation or belief, sex, national origin, genetics, or any other status protected under applicable federal, state, or local laws.

The State of Idaho is committed to access and reasonable accommodations for individuals with disabilities, auxiliary aids and services are available upon request. If you require an accommodation at any step in our recruitment process, you are encouraged to contact (208) 334-2263 (TTY/TTD: 711), or email ada.coordinator@dhr.idaho.gov.

Preference may be given to veterans who qualify under state and federal laws and regulations.