Chief Information Security Officer

Job Level
Senior position
Job Category
C Level
  • Technology
Job Status
Areas of Responsibility
  • Information Technology

Job Summary:

The Chief Information Security Officer (CISO) is responsible for establishing and maintaining a campus-wide information security program to ensure that information assets and institutional data are adequately protected across The University of Texas at Arlington. The information security program includes policies, standards & procedures; awareness and training plans; security compliance; vulnerability and risk reduction; and incident response plans in support of the University's teaching, research and mission. He or she works closely with executive management to determine acceptable levels of risk for the organization, advising on security ramifications of emerging technologies, and to ensure that appropriate and effective policies and procedures are in place for the protection and privacy of the enterprise's confidential information resources. The CISO is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives. He or she is a visionary leader with sound knowledge of business management and of information security best practices and technologies.

Essential Duties:

  • Responsible for ensuring that UTA develops and continuously maintains an optimal balance between the institution's tolerance for risk with respect to its information assets, the ability of the campus community to easily and safely transact their business activities, and the institution's compliance with applicable regulation. Works closely with the university's Chief Information Officer to ensure compliance with The University of Texas System, The State of Texas, and federal cyber security requirements. S/he is also responsible for the maturation and unification of security practices throughout the entire institution.

  • Coordinates and participates in special projects concerning cyber security, including testing of systems, tabletop exercises and regular assessments of UTA's security posture. Creates and manages an information security training program for faculty, staff and students. Creates and manages policies and procedures to support the information security program. Communicates frequently with executive stakeholders to create trust and transparency between technical and functional units. This position applies industry-accepted methodologies or frameworks (e.g., NIST, ITIL , COBIT, etc.) to ensure adherence to standards and requirements and to provide stakeholders with continual reports on progress and performance.

  • Provides regular reporting on the current status of the information security program to senior business leaders, DIR, UT System and various teams and committees. Must be knowledgeable about both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations. The ideal candidate is a thought leader, a builder of consensus and of bridges between business and technology. He or she is an integrator of people, process and technology.

  • Must have knowledge of regulations and acts that impact the enterprise: Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Communications Assistance for Law Enforcement Act (CALEA), Federal Information Security and Management Act (FISMA), Health Information Technology for Economic and Clinical Health Act (HITECH), and the Payment Card Industry Data Security Standard (PCI). Leads and motivates a professional team that supports the mission, vision and values of the institution. Supervises directly, and through subordinate supervisors, the Information Security staff. Oversees and participates in hiring, training and evaluation of department staff. Accountable for creation and maintenance of the department budget.

Required Qualifications:

  • Bachelor's degree in computer science, Information Management, Business Administration, Engineering or fifteen (15) years of work-related experience or the equivalent experience.

  • At least ten (10) of those years must be related to information security policy, standards, operations and risk management. Work experience may NOT substitute for the degree requirement.

  • Five (5) years managerial experience in related field.

Preferred Qualifications:

  • Advanced degree in Computer Science, Information Management, Business Administration, Engineering or related fields.

  • Five (5) years of experience in a college or university Information Security Office or an IT organization with accountability for system security.

  • Knowledge of network and server hardware, software and security tools.

  • Working knowledge of current information security laws and accepted industry practices.

  • Highly developed interpersonal skills in the area of communications and team-based management.

  • Certification is required in two or more security-related disciplines, such as CISSO, CISSP, CISA, CISM, CHP, CGEIT, CSCS, ISSAP, etc.

EEO Statement:

UTA is an Equal Opportunity/Affirmative Action institution. Minorities, women, veterans and persons with disabilities are encouraged to apply. Additionally, the University prohibits discrimination in employment on the basis of sexual orientation. A criminal background check will be conducted on finalists. The UTA is a tobacco free campus.

Open Until Filled: No

Location: Arlington

How to Apply

Applicants must include in their online resume the following information: 1) Employment history: name of company, period employed (from month/year to month/year), job title, summary of job duties and 2) Education: school name, degree type, and major.