Chief Information Security Officer (CISO)
Posted on Aug 20, 2020 by West Virginia Network for Educational Telecomputing (WVNET)
Chief Information Security Officer (CISO)
The West Virginia Network for Educational Telecomputing (WVNET) is a dynamic service organization providing telecommunications and computing services to state and local government agencies within the state of West Virginia.
Work Location: Morgantown, WV, 26505 (Required)
Classification: Salary, Full-Time Benefits, FLSA Exempt
Salary: Salary range commensurate with experience.
Application Deadline: Open Until Filled.
The Chief Information Security Officer (CISO) reports to the Director and is a member of the senior leadership team. The CISO is responsible for the development, implementation and maintenance of the organization's information security program, facilitating information security compliance, advising senior leadership on security direction and resource investments, and establishing and implementing appropriate policies to manage information security risk. The CISO is an advocate for effective cyber security practices and is responsible for the development and delivery of a comprehensive information security plan to optimize our security posture.
DUTIES & RESPONSIBILITIES
Responsible for the strategic leadership of WVNET's information security program.
Provide guidance and counsel to the Director and senior leadership in defining objectives for information security, while building relationships and goodwill across the organization and among our customers.
Manage the information security governance process, including chairing the Information
Security Advisory Committee, to support an information security program and project priorities.
Manage the information security planning process to establish an inclusive and comprehensive information security program for the entire organization. Identify and advocate annual and long- range security goals and strategies.
Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level, and communicate to senior leadership on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Manage third-party relationships and technology vendors that provide information security functions to ensure contract compliance. Facilitate communication between staff, administration, vendors, and other technology resources within and outside of the organization
Policy, Compliance and Audit
Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
Lead efforts to internally assess, evaluate and make recommendations to administration regarding the adequacy of the security controls for all information and technology systems.
Work with state auditors, WV Office of Technology, and outside consultants as appropriate on required security assessments and audits.
Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.
Risk Management and Incident Response
Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidents. Provide leadership for breach response and notification actions.
Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
Examine impacts of new technologies on WVNET's overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
Outreach, Education and Training
Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
Work with department leaders to build awareness and a sense of common purpose around security.
REQUIRED KNOWLEDGE, SKILLS, AND ABILITIES
Demonstrate current knowledge of emerging privacy legislation, security threats, technical challenges, and developments in system protection and IT security standards.
Demonstrate current knowledge of latest security regulations, adversaries, alerts, and vulnerabilities.
Advanced knowledge of information security management frameworks.
Demonstrated experience advising and collaborating with senior management.
Working knowledge and experience in the policy and regulatory environment of information security, particularly in higher education, is highly desirable.
Experience with risk mitigation and management preferred.
Demonstrated project management skills, financial/budget management, and resource management.
Excellent written and verbal communication skills and high level of personal integrity, innovative thinking and leadership with an ability to lead and motivate diverse, cross-functional teams.
Significant experience in computing and information security, network security issues, and security incident response and recovery is required, preferably in a higher education environment.
- Required: Bachelor's degree in computer science, information system, information assurance, cyber security, or a technology-related field.
- Preferred: Master's degree in the same fields of study.
- 10 years experience working in an information technology organization.
- 5 years experience working in an information security role or department.
- Preferred: Experience working in higher education.
- Preferred: Professional security certification (eg, CISSP, CISM/A).
Starting salary range is commensurate with experience. Additionally, WVNET offers an excellent benefits package which includes comprehensive health, retirement, and insurance plans as well as generous amounts of vacation, sick, and holiday leave.
Equal Opportunity/Affirmative Action Employer/Veterans/Disabled
The West Virginia Network for Educational Telecomputing (WVNET) is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, or protected veteran status and will not be discriminated against on the basis of disability. WVNET provides a collegial, respectful and inclusive environment that values the diversity, creativity and contributions of its staff.
Set up alerts to get notified of new vacancies.