Chief Info Security Officer

Job Level
Senior position
Job Category
C Level
Sector
  • Technology
  • Information Technology
Job Status
Full-Time
Areas of Responsibility
  • Information Technology
  • Security

The Opportunity:

The Chief Information Security Officer’s role is to provide vision and leadership for developing and supporting security initiatives such as development and implementation of the strategies, processes, tools, and policies necessary to prevent, detect, document, and counter threats to digital and non-digital information. The Chief Information Security Officer directs the planning and implementation of enterprise IT systems, business operations, and facility defenses against security breaches and vulnerability issues. This individual is also responsible for auditing existing systems, while directing the administration of security policies, activities, and standards.

Responsibilities:

Strategy & Planning

  • Develop and implement a long-term information security strategy and framework to ensure that Mines’ information assets are adequately protected.

  • Participate as a member of the senior management team in governance processes of the organization’s security strategies.

  • Lead strategic security planning, working with the institutional leadership to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies using a risk-based assessment methodology that goes beyond the traditional compliance only view to one that adopts a holistic approach to information security.

  • Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders.

  • Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.

  • Develop, implement, maintain, and oversee enforcement of policies, procedures, guidelines, and associated plans for system security administration and user system access based on industry-standard best practices and coordinate their approval and dissemination.

Acquisition & Deployment

  • Define and communicate institutional plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies.

  • Oversee the evaluation, selection, and implementation and maintenance of information security technologies.

Operational Management

  • Chair the institution’s information security steering advisory committee.

  • Act as advocate and primary liaison for the institution’s security vision via regular written and in-person communications with the leadership executives, department heads, and end users.

  • Work closely with the CIO and the IT department on institution-wide technology development to fully secure information, computer, network, and processing systems.

  • Identify, evaluate, and report on information security best practices and standards (e.g. FERPA, HIPPA, PCI, CMMC, NIST).

  • Manage the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, SIEMs, cryptography systems, and anti-virus software.

  • Develop and track the security services annual operating and capital budgets for purchasing, staffing, and operations.

  • Partner with teams within the IT department and across campus to ensure that technologies are developed and maintained according to security policies and guidelines and recommend and implement changes in security policies and practices in accordance with changes in local or federal law.

  • Creatively and independently provide resolution to security problems in a cost-effective manner.

  • Assess and communicate any and all security risks associated with any and all purchases or practices performed by the institution.

  • Collaborate with the CIO, privacy officer, and HR to establish and maintain a system for ensuring that security and privacy policies are met.

  • Where necessary, supervise recruitment, development, retention, and organization of security staff in accordance with the budgetary objectives and personnel policies of the institution.

  • Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, partner organizations, and internal and external IT audit groups.

  • Remain informed on trends and issues in the security industry, including current and emerging technologies. Advise, counsel, and educate executives, management teams, and all relevant stakeholders on their relative importance, financial impact and appropriate courses of actions.

  • Liaise with law enforcement and other advisory bodies as necessary to ensure that the organization maintains a strong security posture.

  • Help to foster a security-aware culture across the Mines community through the development of a comprehensive information security awareness campaign that engages with students, instructors, researcher, and administration.

  • Coordinate incident response planning and the investigation of security breaches and assist with any associated disciplinary, public relations and legal actions.

Minimum Qualifications:

  • Bachelor's degree in Computer Science or closely related field. Master’s or PhD degree in Computer Science, Information Security or related field preferred. Individuals without a degree may be considered if they demonstrate possession of substantially the same knowledge level found in a degree, but have attained the advanced knowledge through a combination of work experience and intellectual instruction. 

  • CEH (Certified Ethical Hacker), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) and CISA (Certified Information Security Auditor) certifications preferred.

  • 10 years’ experience managing and/or directing an IT and/or security operation, including information security governance and risk-based decision support. Experience working in higher education is preferred.

  • 10 years’ experience working in the cyber-security industry in higher education, government or private sector.

  • Demonstrated experience creating and driving enterprise security programs including but not limited to security awareness training programs and risk assessments programs.

  • Proven experience in planning, organizing, and developing IT security and facility security system technologies.

  • Experience in planning and executing security policies and standards development.

  • Excellent knowledge of technology environments, including information security, building security, and defense solutions.

  • Considerable knowledge of business processes, management, budgeting, and security risk reduction and mitigation operations.

  • Substantial exposure to data processing, outsourced systems, hardware platforms, enterprise software applications, including but not limited to SIEMs, Firewalls, Intrusion Prevention and Detection Systems, SOCaaS, and vulnerability assessment audits.

  • Experience running and managing a Security Operations Center (SOC).

  • Mastery of trends and benchmarks in the information security landscape.

  • Excellent executive level presentation and communication skills.

  • Experience with process improvement techniques and methodologies.

  • Excellent understanding of project management principles.

  • Superior understanding of the organization’s goals and objectives.

  • Demonstrated ability to apply IT in solving security problems.

  • In-depth knowledge of applicable laws and regulations as they relate to security including but not limited to security standards like NIST (National Institute of Standards and Technology) and CMMC (Cybersecurity Maturity Model Certification) compliance.

  • Proven enterprise leadership ability.

  • Superior analytical, evaluative, and problem-solving abilities.

  • Exceptional service orientation.

  • Ability to motivate in a team-oriented, collaborative environment.

About Mines & Golden, CO:

Mines is consistently ranked among the top engineering colleges in the United States and ranks number one as the best public school in the state for best value colleges. Mines is located in the heart of Golden, Colorado, a western suburb of Denver. The campus location offers a small-town ambiance with close proximity to all that the Denver metropolitan area has to offer with an abundance of cultural events, museums, theaters and sporting venues. An arid climate and an average 300 days of sunshine per year make the area an ideal place to live, work and play. We seek individuals who value a diverse and inclusive community – offering different perspectives, experiences, and cultures that enrich the educational and work experience.

Total Rewards:

Starting salary will be determined by the qualifications of the selected applicant balanced with departmental budget availability, internal salary equity considerations, and available market information. Mines provides an attractive benefits package including fully paid health and dental insurance. Part of Mines' mission is to create a family-friendly environment supported through our dependent tuition benefits, parental leave benefits, and dependent care assistance plan, as well as in special events, camps, and programming. For more information visit: family.mines.edu

Background Investigation Required:

Yes

How to Apply

Applicants will be asked to complete an online application (personal information, demographic information, veterans status) and upload a resume and cover letter (required).