Chief Information Security Officer.

Job Description

Job Summary: Responsible for the strategic leadership of the University of Tulsa’s information security program. The CISO has responsibility for but not limited to policy, compliance, awareness, incident response, risk management and operational IT security.

Essential Functions (Responsibilities): Provide guidance and counsel to the CIO and key members of the university leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security, while building relationships and goodwill. Work with campus leadership to oversee the formation and operations of a university-wide information security organization that is organized toward a common goal in information security. Provide leadership philosophy for the IT security team to create a strong bridge between departments, build respect for the contributions of all and bring groups together to share information and resources to create better decisions, policies, and practices for the campus.
Manage institution-wide information security governance processes Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire institution in support of academic, research, and administrative information systems and technology. Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the University’s information and technology systems. Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; create maturity models and a roadmap for continual program improvements. Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level, participate in national policy and practice discussions, and communicate to campus on a regular basis about those topics. Work with university leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements. Keep abreast of security incidents and act as primary contact point during significant information security incidents. Convene an Incident Response Team as needed, or requested, in addressing and investigating security incidences that arise. Develop, implement, and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk. Review new software or technology vendors to ensure they align with the University’s Vendor Cyber Risk Management requirements. In partnership with leadership and industry partners, to include IT vendors, to develop and implement the necessary project plans to mitigate cyber risks and remediate findings from audits and/or assessments within the required timeframes.
Mentoring and Leadership Mentor the security team members and implement professional development plans for all members of the team. Manage and lead initiatives around the Student Security Operations Center, including daily tasks, weekly training, and overall program management. Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities. Manage the Campus Card Services Team and provide oversight for technology systems and related projects to include physical access controls, video surveillance, and TU managed card payment systems. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Physical Security Ensure campus physical access and surveillance systems meet the needs of the University and provide appropriate risk mitigations. In partnership with university leadership, develop a refresh strategy and maintenance plan for the University physical access control and video surveillance systems, including the associated Dispatch Center, to mitigates risks and ensure the long-term viability of the systems. Required Qualifications Minimum Qualifications:
Knowledge/Skill/Ability Demonstrated track record in information security, including demonstrated skills in guiding and assisting organizations in implementing appropriate security technology products and practices Demonstrated experience building credibility with organization management and comfortable interacting at executive and board level Exhibits the ability to interact effectively with senior management, peers, and their direct reports Ability to set strategy and approve goals and objectives consistent with the organization’s strategic plan Demonstrates knowledge of security frameworks and how to deploy them within a complex environment Must be an articulate and persuasive leader who can serve as an effective member of the senior leadership management team and who is able to communicate security related concepts to a broad range of technical and non-technical staff Exhibits strong interpersonal skills, demonstrating the ability to navigate the political landscape of the organization Exceptional emotional intelligence to help manage complex relationships, partners, stakeholders, and leadership Demonstrated understanding of business constraints and an ability to independently develop and convey highly complex strategic concepts in a concise and consumable manner for various audiences Capacity to deliver on deadlines while contributing to various stakeholders, projects, and business relationships at once Ability to work independently or as part of a team and thrive in ambiguity, adjust quickly and professionally to changes, and withstand the tests of a dynamic environment with resilience and resolve Excellent verbal & written communications skills and high level of personal integrity Demonstrates executive presence, broad thinking and is articulate across all levels of the enterprise
Equivalent Education/Experience 8 or more years of information security experience, Including at least 5 or more years in a combination of risk management, information security and IT jobs Management, project management or leadership role related to IT security or equivalent combination of education and experience CISSP, CISM, or CISA certifications required or obtained within 3 months of hire Background in identifying, selecting, and implementing emerging and new security technologies Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST Developed a network of security providers, contacts, and knowledge of differing policies, procedures, and regulations in multiple arenas Demonstrates a high level of expertise in information security and a wide exposure to all aspects of information technology in a large, high transactional environment Recognizes the impact of security policies and procedures can have on strategic business decisions Experience in Incident Response management Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams Preferred Qualifications Preferred Qualifications Certified Identity and Access Manager (CIAM) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Certified Ethical Hacker (CEH) SANS Certifications (GCED, GISP, GCWN) Previous experience working in higher education Physical Demands Special Job Dimensions: Working with highly sensitive or confidential information.
Note: The essential job functions and associated qualifications contained in this document describe the general nature and level of the work performed. They are not intended to represent an exhaustive listing or be inclusive of all aspects of the job. The tasks and procedures involved in the performance of the essential job functions may vary from day-to-day. Major changes in areas of responsibility may occur, as directed by management, and will require revision of this job description.

---