Positions in this job profile are responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the university. Responsibilities include developing, implementing, and evaluating strategy, programs, and, short- and long-range goals and objectives. Employees develop, implement, and enforce plans, systems, programs, and performance standards. They participate in strategic planning efforts as part of the management team. Positions possess authority to formulate and carry out management decisions or represent management's interests to taking discretionary actions that control or implement employer policy. They review and assesses impacts or implications of exceptions to policy; responsible for determination of exceptions to policy. They are responsible for managing staff and equipment. They determine resource needs and priorities and make recommendations to executive management. They determine training needs and make appropriate arrangements for provision of training.
The distinguishing characteristic of the Executive 3-Chief Information Security Officer profile is the strategic oversight and responsibility for university-wide IT security policy, programs, and operations including incident response, monitoring, detection, and awareness training and outreach. Positions develop long and short term planning for multiple functions within University IT including system and service expansion and/or improvement; budget development; policy development; and a full range of personnel decisions. The position reports to the university Vice Provost-Chief Information Officer and serves as a member of the Information Services Executive Team.
1. Responsible for the strategic leadership of the University's information security program with the goal of effectively managing the university’s information security risk. 2. Provides guidance and counsel to the CIO and key members of the university leadership team, working closely with senior administration, academic leaders, and the university community in defining objectives for information security, while building relationships and goodwill. 3. Manages institution-wide information security governance processes, chair the Information Security Advisory Committee. 4. Establishes annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements. 5. Leads the efforts to internally assess, evaluate and make recommendations to administration regarding the adequacy of the security controls for the University's information and technology systems. 6. Supervision of classified and professional faculty that support the staffing strategy and operations of the department. Planning, hiring/firing, defining competencies and performance objectives, planning, assigning and approving work, responding to grievances, disciplining/rewarding and preparing and signing performance appraisals or reviews. Identifies training needs and coordinates professional development opportunities.
Problems are highly varied, complex and often non-recurring; require novel and creative approaches to resolution. New concepts and approaches may have to be developed. Decisions have significant, broad implications for the management and operations of a division/entire organization; contributes to decisions on the overall strategy and direction of the entire organization. Decisions impact: • Entire University • Functions across the University • Department • Direct team • Student/Parents • Other External Agencies and Institutions
Results are defined by division and university mission, vision and strategies. Incumbent sets own goals and determines how to accomplish results with few or no guidelines to follow, although precedents may exist; supervisor/manager provides broad guidance and overall direction. Typically reports to a Vice Provost, Vice President, Assistant/Associate Vice President, Dean, or other senior level administrator. Supervises work of other supervisors/managers, including planning, assigning, scheduling and reviewing work, ensuring quality standards. Is responsible for hiring, terminating, training, and developing, responding to grievances, reviewing performance, and administering corrective action for staff. Plans organizational structure and job content. Develops and approves department/unit budget and exceptions to program budget. Assists in the development of the division/college/overall organization
Collaborates and interacts within the Dept/Unit, University Wide, and Externally to: • Exchange routine, factual information and/or answer routine questions. • Exchange detailed information or resolve varied problems. • Identify needs/concerns of others, determine potential solutions, resolve or redirect appropriately. • Persuade, gain cooperation and acceptance of ideas, or collaborate on significant projects. • Resolve conflict, negotiate, or collaborate on major projects. • Develop and maintain relationships with key contacts to enhance workflow and work quality. Collaborates and interacts within the Dept/Unit and University Wide to: • Access and/or work with sensitive and/or confidential information. • Handle sensitive issues and facilitate collaboration at the highest level.
Master’s degree in Information Services, Science, Engineering, or related field. 10 years of experience in management responsibilities directly related to the role.
The above statements are intended to indicate the general nature and level of work performed by positions within this job profile. They are not designed to contain or be interpreted as an exhaustive list of all duties, responsibilities, skills, and qualifications required of all employees within positions covered by this job profile.