Chief Information Security Officer

This is a shared position between Wesleyan University and Trinity College, reporting jointly to their respective Chief Information Officers.

The Chief Information Security Officer (CISO) is responsible for establishing and maintaining an information security management program that meets compliance and regulatory requirements and aligns with the risk posture at each institution.

The CISO works with executive management to determine acceptable levels of risk for each organization, and will collaborate with functional areas to implement practices that meet defined policies and standards for information security.

As the leader of the security program the CISO must coordinate disparate drivers, constraints, and personalities, while maintaining objectivity and a strong understanding that security is just one of the college’s activities.

Responsibilities include:

Developing, implementing, and monitoring a strategic, comprehensive enterprise information security and IT risk management program.

Supervising (at Wesleyan) the Information Security & Operations Manager

Working directly with the functional areas to facilitate IT risk assessment and risk management processes, and working with stakeholders throughout Wesleyan and Trinity to align security controls with business processes. Providing regular reporting on the current status of the information security program to enterprise risk teams and senior leaders as part of a strategic enterprise risk management program.

Creating a framework for roles and responsibilities with regard to information ownership, classification, accountability, and protection.

Facilitating information security governance utilizing existing security advisory boards.

Developing, maintaining, and publishing information security policies, standards, and guidelines. Overseeing the approval, training, and dissemination of security policies and practices.

Ensuring that security policies and programs are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.

Creating and managing information security and risk management awareness training programs for all employees, contractors and approved system users.

Facilitating a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security program.

Managing security incidents and events to protect corporate information assets, including intellectual property, regulated data, and the colleges’ reputations.

Liaise with external agencies such as law enforcement and other advisory bodies as necessary to ensure that the organization maintains a strong security posture.

Bachelor’s degree in business administration or a technology related field and at least 5 years of experience or an equivalent combination of education, training and related work experience.

Related work experience includes a combination of risk management, information security and information technology roles with progressively increasing responsibility including leadership experience.

Effective communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.

Poise and ability to act calmly and competently in high-pressure, high-stress situations.

Demonstrated ability to be critical thinker, with strong problem-solving skills, a high degree of initiative, dependability, and ability to work with little supervision.

Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard, Family Educational Rights and Privacy Act (FERPA).

Proven analytical skills, including the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.

Proven thought leader, consensus builder, and an integrator of people and processes.

Demonstrated commitment to work within a diverse environment and interact openly with individuals of different backgrounds

Demonstrated project management skills

Demonstrated financial/budget management, scheduling and resource management skills.

Knowledge of common information security management frameworks, such as ISO/IEC27001, ITIL, COBIT and ones from NIST.

Experience with contract and vendor negotiations.

Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials

Review of applications will begin April 8, 2019 and will continue until the position is filled.

Any and all offers to external applicants are contingent on the candidate’s completion of a pre-employment background check screening to the satisfaction of Wesleyan University.