Chief Information and Security Officer

Chief Information Security Officer Chief Information Security Officer Position SummaryThe Chief, Information Security Officer (CISO) is a senior-level leader responsible for establishing and maintaining the enterprise vision, strategy, and program to protect information assets and technologies vital in advancing the institution’s commitment to transforming lives and communities through higher education. The CISO ensures the organization’s academic and administrative resources are secured against breaches and are in full compliance with applicable regulations. This is an on-campus, in-person position. Required Knowledge, Skills, and AbilitiesMust demonstrate strong interpersonal and verbal communication skills, with the ability to communicate broadly across the organization and develop and maintain effective relationships with a wide range of constituencies.Must also demonstrate strong written communication skills.Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.Must possess strong problem-solving skills to effectively influence decision-making in key negotiations.Ability to perform hands-on, operational work when necessary.Ability to maintain the security or integrity of the critical infrastructure of the institution.QualificationsMinimum QualificationsBachelor's degree and additional education in Information Security.Prior managerial experience in Information Technology and service context.Professional IT security management certification (e.g., CISSP, CISM).10+ years’ experience in information security and/or IT risk management, with focus on security, performance, and reliability.Experience running a security program in a complex environment.Strong understanding of security protocols and operations.Knowledge of current IT risks and experience implementing security solutions.Experience with NIST 800-53 Framework implementation and compliance, and familiarity with Texas public sector cybersecurity requirements, including TX-RAMP.EO Specific Language (IT specific) - Ability to maintain the security or integrity of the critical infrastructure of the organization.Bilingual or multilingual preferred.***Will be subject to a criminal background check. Some positions may be subject to a fingerprint check.*** Key ResponsibilitiesIT Leadership: Collaborate with peers and key constituents, contribute directly to the organization’s mission, and set the IT and IT Security direction.IT Risk Management: Develop, implement, and monitor a comprehensive information security and IT risk management program for the integrity, confidentiality, and availability of organizational assets. Conduct architecture reviews, risk assessments, business impact analyses, and develop risk management plans to anticipate and neutralize threats.Policies and Procedures: Establish and maintain security policies, standards, and procedures in line with best practices and regulatory requirements, including the NIST 800-53 Framework (Texas Cybersecurity Framework).Security Architecture and Operations: Lead strategic security planning with IT leaders, contributing to infrastructure design, application development, and disaster recovery. Establish and operationalize a Security Operations Center (SOC) for 24/7 monitoring and threat detection. Advise and assist with network and endpoint security, cloud strategy, vulnerability scanning, and incident response.Compliance and Audit: Ensure compliance with FERPA, HIPAA, GLB, PCI, and other regulations. Respond to audits and oversee remediation efforts.Vendor and Relationship Management: Manage security aspects of vendor relationships, assist with vendor compliance, and build relationships with internal and external partners, professional organizations, and agencies.Training: Develop and implement security training for faculty and staff.Incident Response and Forensics: Oversee incident response planning and investigations and assist with disciplinary and legal matters related to breaches.Governance and Strategic Initiatives: Participate in governance committees and collaborate across departments to embed data security into organizational operations.Strategic Security Roadmap: Develop and maintain a security roadmap that balances protection and recovery strategies, ensuring business continuity and resilience.Insurance and Risk Transfer: Work with Risk Management to ensure cyber insurance procurement, maintenance, and claims response.Exercises full discretion and decision-making authority in the recruitment, selection, hiring, mentoring, coaching, development & termination of staff, ensuring alignment with organizational goals, budgetary constraints, and workforce planning strategies.Drive high performance by administering the performance management process timely, setting clear expectations, conducting performance evaluations, and implementing initiatives that enhance employee engagement, motivation, and retention.Completes required Professional Development training hours as well as 16 additional leadership development hours per academic year. The intent of this job description is to provide a representative summary of the major duties and responsibilities performed by incumbents of this job and shall not be construed as a declaration of the total of the specific duties and responsibilities of any particular position. Incumbents may be directed to perform job-related tasks other than those specifically presented in this description. Position requires regular and predictable attendance. Physical RequirementsNormal physical job functions performed within a standard office environment. Reasonable accommodation may be made for individuals with physical challenges to perform the essential duties and responsibilities.