Global University Chief Information Security Officer and Associate Vice President, Office of Information Security | #education | #technology | #techjobs


Telecommute
No

Location: US-NY-New York

Department: NYU IT

School/Division: NYU IT (WS1170)

Compensation Grade: Band 55

Category
Technology

Position Summary:

The
Role

The CISO serves as a member of the CIO’s senior leadership team and serves as the University’s subject matter
expert and internal consultative resource on technology security for the University’s global network and the integrity and safety of the
University’s significant intellectual property and research assets.

The CISO will set the strategic roadmap for the University
technology security initiatives directly impacting 20,000+ computers, over 60,000 technology users on the NYU NYC campus, as well as
computers and staff at 2 global campuses and 14+ global sites.

The CISO is accountable to the CIO, the EVP, and where appropriate,
the University Board of Trustees, for developing and implementing strategic and operational plans for the University wide technology
security programs and initiatives. The CISO must carefully balance such proactive efforts while ensuring appropriate cost and minimal
organizational risk, including potential damage to intellectual assets and unfavorable public relations consequences.

Scope
and Responsibilities:

With NYU senior leadership, the Chief Information Security
Officer (CISO) will lead the development and implementation of an information security strategy and program for the University. They will
plan and execute University wide technology security initiatives; create and maintain security policy in coordination with the Information
Security Advisory Group (ISAG) and NYU IT Policy and Compliance; lead security assessment efforts; lead security risk assessment efforts;
direct, advise and collaborate with NYU units on secure system development life cycle, and cyber security protection programs appropriate to
risks, business continuity & disaster recovery plans, and audit & governmental compliance practices; direct security operations of the
Office of Information Security group. The CISO communicates cyber security risks, issues and program status to University leadership and the
NYU community as directed.

As the University’s subject-matter expert in the technology security space, the incumbent will have the
decision-making authority and signatory responsibility for $5+ million to recommend comprehensive solutions at the University level that
will mitigate risk, protect intellectual capital, respond appropriately to security breaches or similar adverse issues, both for long-term
critical response planning and nimbly in response to emerging threats that require more immediate and creative problem-solving.

The
role is responsible for leading a team of approximately 20 people. The CISO will also regularly interact with the University leadership,
senior IT leadership, and where appropriate, the University Board of Trustees. Interactions will also include the Office of General Counsel,
Public Safety, Emergency Management, HIPAA Security Officer (CIO), HIPAA Privacy Officer (EVP), outside agencies (including governmental
agencies), vendors, NYU IT managers, faculty and researchers, business unit senior managers, and NYU Medical Center.

Specific
Responsibilities:

Global Security Program (35%)

Serve as an expert advisor to NYU senior management
in the development and implementation of a comprehensive, risk based institutional and global security program.

  • Work closely with
    senior administration, academic leaders, and the campus community to determine, identify key security program elements and determine which
    NYU departments or offices need to be involved in building a comprehensive information security program.
  • Convene and coordinate
    activities of the NYU Information Security Advisory Group (ISAG).
  • Provide guidance and advocacy regarding prioritization of
    infrastructure investments that affect security.
  • Foster a collaborative approach to IT security efforts across the global components
    of NYU.
  • Serve as security technology expert to University portal campuses, sites, schools, and departments by providing information
    and guidance regarding improved security needs.
  • Consult with University and department administrators to understand unique
    requirements and recommend security approaches and improvements.
  • Track industry and higher education developments and best practices
    to maintain a thorough understanding of current and future directions, systems, applications, and data security techniques for
    instructional, research and administrative needs, and select security technology appropriate to meet needs.
  • Establish annual and
    long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create a
    roadmap for continual program improvements.
  • Ensure broad communication to the NYU community about threats and measures to protect
    data and systems.
  • Create consistency in risk reporting for the University Audit Committee and ISAG.

Risk Assessment
Program
(25%)

Develop and maintain an ongoing risk assessment program for NYU IT’s information, data and technology
assets.

  • Research and report on information security threat profiles and system vulnerabilities.
  • Recommend appropriate
    technical controls or other actions to mitigate risks; conduct tests of information security controls.
  • Ensure mitigation strategies
    are aligned appropriately with the priorities and mission of the University.
  • Determine security impact of implementation of new
    University systems, review software proposals from vendors, and develop installation schedule and priorities for most secure
    outcome.
  • Propose and oversee the portfolio of IT investments in support of the University security program.

Information
Systems and Data Protection
(20%)

Direct all protection of information systems and data using technology security measures
and techniques appropriate to current and evolving technology.

  • Develop and implement security policies that are in compliance with
    federal & other statutes, and University policy.
  • Develop and oversee mechanisms to ensure compliance with these
    policies.
  • Develop short- and long-term strategic planning for the rapidly changing technical security field.
  • Advise NYU and
    NYU IT on effective technology security approaches.
  • Make recommendations regarding new services and procedures so as to maintain and
    continuously improve data and system security throughout the University.
  • Make recommendations regarding outsourcing of program
    components, as needed.

 Security Incident Management (15%)

Develop strategies to handle security incidents;
coordinate the incident response process and investigation resulting from these incidents.

  • Lead efforts to internally assess,
    evaluate and make recommendations to management regarding the adequacy of the security controls for the University’s information and
    technology systems.
  • Determine appropriate and effective response to technology security breaches affecting the
    University.
  • Supervise investigation of security breaches and assist with disciplinary and legal matters associated with such
    breaches as necessary.
  • Maintain relationships with local, state and federal law enforcement and other government
    agencies.
  • Work with Internal Audit and outside consultants as appropriate on required security audits.
  • Adhere to all
    policies regarding investigation practices.

 Team Leadership (5%)

Oversee a team of technology security
professionals and other technology security consultants as needed.

  • Provide mentoring and training to these individuals and
    distributed security staff across the University.
  • Determine staffing needs including hiring, training, and evaluating
    performance.
  • Identify and prioritize assignments to ensure deadlines are met and review work for
    accuracy.

Qualifications:

Key Selection Criteria

  • 10+ years
    progressively responsible experience with complex and technology security systems and issues (required).
  • The CISO must not only have
    a strong command of technology security protocols, best practices, and risk mitigation, but must have the ability to provide sound,
    practical technical and business solutions to highly complex and varying stakeholder needs (including, but not limited to, faculty,
    researchers, students, and staff, and their respective academic/work products).
  • Demonstrated ability to deliver security solutions
    that meet organizational needs. Experience creating a security program, using a security framework.
  • Demonstrated ability to create
    new models for virtual security teams that include stakeholder departments in a collaborative model.
  • Strong team leadership skills.
    Strong at hiring, mentoring, and developing staff to create a strong people and team-oriented culture.
  • Ability to identify critical
    business risks related to information security and advises senior leadership on risk acceptance and mitigation
    strategies.
  • Demonstrated ability to influence key stakeholders, and successfully manage risk, change and
    innovation.
  • Excellent organizational, communication, and problem-solving skills. Experience communicating complex subjects to
    executives.
  • Proven ability to measure, report, and publicly communicate complex security decisions, situations, and
    impacts.
  • Ability to work and effectively prioritize in a highly dynamic decentralized work environment.
  • Must be well versed
    in quality data collection to ensure adequacy, accuracy and legitimacy of data in NYU systems and be able to strictly follow data privacy
    and security procedures for data handling and analysis to ensure adherence to legal and institutional standards.
  • Must be familiar
    with security compliance requirements, such as PCI, FERPA, HIPAA, Sarbanes-Oxley, and Gramm-Leach-Bliley and with ISO 27001 and NIST 800-53,
    and emerging security standards for restricted and sensitive data.
  • Must have 5+ years’ experience managing technical
    staff.
  • Bachelor’s degree is required; a Master’s degree in Cyber Security or IT Risk Management
    preferred.

Additional Information:

NYU aims to be among the greenest urban campuses in the
country and carbon neutral by 2040. Learn more at nyu.edu/nyugreen.

EOE/AA/Minorities/Females/Vet/Disabled/Sexual Orientation/Gender
Identity

We can recommend jobs specifically for you!

Click here to get started.



Source link