Chief Information Security Officer (CISO)

Caltech is a world-renowned science and engineering institute that marshals some of the world's brightest minds and most innovative tools to address fundamental scientific questions. We thrive on finding and cultivating talented people who are passionate about what they do. Join us and be a part of the diverse Caltech community.

The Chief Information Security Officer (CISO) directs the Information Security team and related policy efforts for Caltech. In addition to exhibiting organizational management skills, the successful candidate should exhibit strong Information Security operations skills that require extensive, expert-level, up-to-date technical knowledge of security and privacy technologies and best practices, and use of appropriate security controls, tools, and methods. Additionally, the role requires familiarity with evolving IT security and privacy legislation and related policy issues that are applicable to Tier 1 Higher Education research institutions. The role is expected to interact with and support campus leadership groups such as the Office of the General Council (OGC), Research Compliance, Audit, and the Caltech Board of Trustees (BoT) IT Security Working Group. 
This is a Campus Critical position. An employee designated as campus critical is expected to be aware of the campus emergency management plan and to report to Campus as soon as possible to assist in campus wide response and recovery efforts.

• Manage Information Security budget and staff
• Develop and oversee new strategic Information Security initiatives
• Oversee identity and access management service
• Advise on IT governance, IT-related policy, privacy, compliance matters
• Provide a periodic report to the the Caltech Board of Trustees
• Provide data preservation/hold order assistance for OGC and Research Compliance
• Conduct security reviews of hosted applications proposed for use by campus
• Oversee application security testing of in-house campus web applications
• Oversee responses to IT audits against IMSS-run systems and services
• Assist Audit Services and Institute Compliance upon request
• Create and implement procedures for complying with IT policies and regulations
• Assist with reviewing contractual language for site licensed software
• Oversee account management for deceased personnel, including faculty
• Preservation of materials for Caltech Archives
• Participate in routine Information Security operations as needed: analyze network traffic using netflow and pcap data, system logs, and intrusion detection tools
• Block problem traffic, send and respond to alerts and/or investigate when suspicious activity is detected
• Oversee and participate in handling of Information Security tickets and problem reports of all kinds
• Communicate with users at all levels, including internal and external security personnel, system administrators and/or end users (faculty, students, staff, guests) about incidents and recommended recovery measures
• Perform other related duties as assigned

• Bachelor’s degree
• 10 years of full-time professional work experience in Information Security or related Information Technology areas, including significant experience in computing systems security, network security, and security incident response and recovery
• A working knowledge of current security aspects of multiple platforms, operating systems, applications, firewalls, network protocols, and secure application development practices
• Related systems security experience and appropriate subject-area knowledge, including managing security services such as intrusion detection and network sensors, conducting application security assessments and/or penetration testing, and handling security incidents of all kinds
• Excellent written and oral communication skill
• Demonstrated organizational leadership and previous experience in managing IT organizations
• Ability to work and influence effectively in the federated organization

• Expert knowledge of security issues and controls pertaining to cloud IaaS and PaaS platforms, including Amazon AWS and Microsoft Azure 
• Work experience as CISO, deputy CISO, or other relevant experience
• Experience with Tier 1 Higher Education institutions or research laboratories
• Systems security experience and expertise, with a thorough knowledge of current security aspects of multiple platforms, operating systems, applications, firewalls, network protocols, and secure application development practices
• Experience with Oracle databases and Oracle web applications security; Windows, Macintosh, Linux (especially Red Hat) operating system hardening; secure web application development
• Experience with Endpoint Detection and Response (EDR) solutions such as Crowdstrike
• Experience with Splunk, Cloudflare, and Nessus 

• Resume
• Cover Letter (optional)