Assistant Vice President & Chief Information Security Officer - 26806
The Office of Information Security (OIS) monitors and maintains the information security program for the University of Colorado in collaboration with the campus Information Security Officers (ISO).
The Assistant Vice President and Chief Information Security Officer is a service oriented and continuous improvement-minded executive with strong relationships skills and ability to successfully collaborate cross functionally. This position works continuously with all campuses and the system office, driving polices, solutions, and support to serve the mission of the university.
This position reports to the Associate Vice President and Chief Information Officer and is exempt from the State of Colorado Classified Staff system.
The University of Colorado has a requirement for COVID-19 vaccinations and full completion of the attestation form within the first 30 days after hire date. Information regarding this requirement, and exemptions can be found at https://www.cu.edu/vaccine-requirement
Duties & Responsibilities
Duties and responsibilities of the position include, but are not limited to:
- Responsible for the strategic leadership of the University's information security and compliance program.
- Provides guidance and counsel to AVP and CIO of UIS, campus IT leaders, and key members of the University Leadership team and key senior administrators, academic leaders, and the campus community to define objectives for information security and compliance .
- Build relationships with stakeholders listed above and respond to the missional needs of the organization.
- Provide day-to-day management for the university information security program. Review and report on program effectiveness to the President, Chancellors, and Cyber Risk and Compliance (CRC) Committee as appropriate.
- Promote collaborative, working environments across the campuses, removing barriers, and realizing new opportunities of partnership and innovation in an effective and compliant manner.
- Further define and manage institution-wide information security and compliance governance process, chair appropriate committees and act as liaison where appropriate.
- Maintain and review the overall CU cybersecurity maturity, including program roadmap, industry best practices, incident trends, to report progress to university leadership
- Provide day-to-day management of the Office of Information Security that provides the following services to the university:
- Cybersecurity governance including strategy, policy, standards, and risk management, multiple system-wide policies, and CU security standards.
- Employee security awareness and training program
- Threat intelligence and collaboration
- Information risk management
- Initial triage of third party or procurement security
- Security consulting and review
- License management and vendor relationships for some broadly used security technologies at CU.
- In cooperation with the CRC, provide security advice to the President, Chancellors, and campus Information Security Officers in accordance with Program goals and requirements.
- Oversee the development and maintenance of Administrative Policy Statements for IT security and advise campus Information Security Officers on the alignment of campus IT security policies with Administrative Policy Statements.
- Provide guidance to campus Information Security Officers on risk management processes to ensure that IT security safeguards are applied in a judicious and effective manner. Submit reports to the CRC on risk management decisions as appropriate.
- Maintain baseline IT security training and awareness for all university employees and establish training standards for supplemental or role specific campus IT security awareness and education programs.
- In collaboration with University Counsel and the campus Information Security Officers, respond to privacy related requests.
- When IT security incidents affect multiple campuses or involve breaches of highly confidential data, lead investigations and coordinate with and/or report to the President, Chancellors, , Legal, CRC, and others as appropriate.
- Mentor central and distributed Security and Compliance team members and collaboratively create professional development roadmaps.
- Maintain knowledge of applicable federal and state security laws, regulations, and standards and serve as the primary information security consultant for the campus.
- Develop comprehensive strategy (central and decentralized) for dealing with increasing number of compliance checks, external assessment processes and audit processes for PCI, ITAR, FERPA, HIPAA and FISMA for example
Who we are: System Administration, which also houses the Office of the President, is located in the uptown neighborhood of Denver with a few smaller offices located on the campuses. This position has the ability to work remotely within the United States. Many of our departments support the educational and research missions of the four University of Colorado campuses, but System Administration is not considered a campus. We provide diverse opportunities for professional development, innovation, and collaboration with talented staff and faculty. Learn more about CU System Administration .
What we offer:
Salary: The anticipated hiring salary range has been established at $210,000 - $225,000.
The salary of the finalist(s) selected for this role will be set based on a variety of factors, including but not limited to, internal equity, experience, education, specialty and training.
The above salary range (or anticipated hiring salary range) represents the University’s good faith and reasonable estimate of the range of possible compensation at the time of posting.
Benefits: The University of Colorado offers an excellent benefits package including:
- Medical: Multiple plan options
- Dental: Multiple plan options
- Additional Insurance: Disability, Life, Vision and Wellness
- Retirement 401(a) Plan: Employer contributes 10% of your gross pay
- Paid Time Off: Accruals over the year
- Vacation Days: 22
- Sick Days: 15
- Holiday Days: 10
- Tuition Benefit: System employees have the benefit on all campuses
- ECO Pass: RTD Bus and light rail service
- Additional Perks & Programs: Click here to access a few more Perks and Programs
Click here to access our Total Compensation Calculator to see what your total rewards could be at CU. This position is a University Staff position.
Additional taxable fringe benefits may be available.
More information on benefits programs, including eligibility, is available at www.cu.edu/employee-services/ .
Knowledge, Skills, and Abilities (KSAs)
To be successful in this position, candidates will need the following:
- Wide knowledge of technology and information security and compliance and its enterprise application.
- Ability to listen, build rapport, and credibility as a strategic partner vertically within the IT units, as well as with leadership, including the President, Chancellors, and Board of Regents.
- Ability to establish and manage effective working relationships in a network / matrix environment with other departments, groups and staff with whom work must be coordinated or interfaced.
- Ability to map joint organizational vision and long-term thinking, imagination, and idea generation.
- Highly skilled and experienced at negotiating conflict and problem-solving.
- Ability to influence and break down silos within an organization as well as across organizations
- Leadership skills that reflect and value a team approach, demonstrated integrity, effectiveness, efficiency, and the ability to deliver high quality service with all constituents.
- Ability to work with faculty, staff, student, partners, and others of diverse backgrounds with a positive, optimistic, solutions-oriented attitude.
- Governance building with a highly distributed and collaborative organization.
- Desire and proven skill to develop programs of education and awareness.
- Strong verbal and written communication skills.
- Collaboration and networking skills, including the ability to work with others from different areas and backgrounds to reach a common goal by sharing knowledge and strategy and maintaining constant communication.
- Bachelor's degree from an accredited institution of higher education. A combination of education, technology training and industry certifications, and related experience may substitute for the degree on a year-for-year basis.
- Ten (10) years’ experience evaluating and providing guidance on information-security and compliance including elements of process and governance design and execution, software and hardware acquisitions, cloud-based solutions, mobility, execution of solutions and services in a complex environment.
- Seven (7) years’ experience including the following:
- Managing personnel, including developing/mentoring direct reports through performance reviews to ensure continuous improvement, high performance and employee retention
- Managing projects, services or processes within a department with proven ability to execute decisions using strategic and tactical skill-sets
- Working closely and effectively with a diverse group of administrators through projects and operations; strong interpersonal and leadership skills; proven ability to effect and influence change through a collaborative and inclusive style
- Experience with data security and compliance operations and governance for highly confidential data (eg. HIPAA, FERPA, FISMA, etc)
- Bachelor’s or post-baccalaureate degree from an accredited institution of higher education in a field directly related to the requirements above.
- Thirteen (13) years’ experience as detailed above.
- Nine (9) years’ progressive leadership including building senior executive relationships and experience setting the vision and strategy for a complex organizational portfolio.
- Prior successful experience managing and providing leadership in a matrix environment, where project resources do not report directly to the project lead for daily and performance management
- Proven ability to negotiate and/or facilitate agreements when parties have potentially conflicting needs
- Previous experience at an institution of Higher Education
Special Instructions to Applicants: The University of Colorado is committed to providing a safe and productive learning and living community. To achieve that goal, we conduct background investigations for all final applicants being considered for employment. Background investigations include a criminal history record check, and when appropriate, a financial and/or motor vehicle history. The Immigration Reform and Control Act requires that a verification of employment eligibility be documented for all new employees by the end of the third day of work. The University of Colorado is committed to diversity and equality in education and employment. We are committed to an inclusive and barrier-free search process. We provide accommodations for applicants requesting accommodation through the search process such as alternative formats of this posting. Individuals with disabilities in need of accommodations throughout the search process should contact the ADA Coordinator at: email@example.com. Application Materials Required: Cover Letter, Resume/CV Application Materials Instructions: For full consideration completed applications must be submitted by July 22, 2022. Reference checking is a standard step in our hiring process. You may be asked to provide contact information, including email addresses, for up to five references as part of the search process for this position. *Please note: All application materials must be submitted through CU Careers; emailed materials will not be considered.*
Department: S0001 -- System Administration - 53001 - IT Security
: Jul 20, 2022
Posting Contact Name: System HR
Posting Contact Email: SystemHR@cu.edu
Position Number: 00780551
Digital Marketing And Messaging Manager, Colorado Christian University, United States, about 5 hours ago
Description About the Job In collaboration with the College of Undergraduate Studies (CUS) Dean of Enrollment, Associate Dean for Marketing and Events, CUS Admissions senior staff, and the Univers...
Adjunct/Affiliate Faculty English College Of Adult And Graduate Studies, Colorado Christian University, United States, about 5 hours ago
Description About the Job An Affiliate Faculty position (often called Adjunct Faculty in higher education) with CCU can be for either our College of Adult and Graduate Studies (CAGS) or College of...
Training And Development Specialist, Colorado Christian University, United States, 22 days ago
Description About the Job The Training and Development Specialist (TDS) is a full-time, exempt position reporting to the Director of Retention in the College of Adult and Graduate Studies (CAGS). ...
Director Of Linux And Middleware (Remote Role), Embry-Riddle Aeronautical University, United States, about 3 hours ago
Job Description About Embry-Riddle Aeronautical University: Embry-Riddle Aeronautical University is an independent, culturally diverse institution providing quality education and research in aviat...
Senior It Security Engineer, Purdue University, United States, 1 day ago
What You'll Be Doing: As the Senior IT Security Engineer, you will assist in leading a team of professionals through security engineering projects; the detection, investigation, and remediation ...
Lead It Security Engineer, Purdue University, United States, 1 day ago
What You'll Be Doing: As the Lead IT Security Engineer, you will be responsible for leading a team of professionals through security engineering projects; the detection, investigation, and remedia...