Chief Information Security Officer
Special Instructions to Applicants
When applying you will be required to attach the following electronic documents:
1. A resume/CV and;
2. A cover letter indicating how your qualifications and experience have prepared you for this position.
You will also be required to submit the names of at least three professional references, their e-mail addresses, and telephone numbers as part of the application process.
Any application missing the above documents/information may be considered incomplete.
If you would like to view the complete position description including the duties please send an email to haddock@uoregon.edu and reference the job title and job number in the subject line.
If you have questions regarding this position, please send an email to haddock@uoregon.edu and reference the job title and job number in the subject line.
Department Summary
Information Services (IS) is the central information technology unit at the University of Oregon and provides wide-ranging services to campus. Information Services consists of four major functional areas: Customer Experience, which serves as the key contact point for interactions with campus clients and customers; Applications & Middleware, which manages and supports applications, integration services, identity management and data management; Information Security, which helps protect virtual or physical information; and Technology Infrastructure, which provides administration and support for the software, hardware, and services needed to support the campus IT environment. Information Services also includes the Advanced Network Technology Center. IS works closely with the Network for Education and Research in Oregon.
Established in 1876, the University of Oregon offers a breadth and depth of curricula with more than 270 academic programs and provides the opportunity to work at a respected research university with a strong holistic, liberal arts foundation. The UO also has a history of political and social involvement that embraces diverse beliefs, cultures, and values, and it is committed to environmental responsibility.
Eugene is the home of the University of Oregon. Located in the lush Willamette Valley, Eugene is well-known for outdoor pursuits like running, cycling, rafting, and fishing, as well as arts, music, crafts, brewing, wine-making, and community-supported agriculture. With branches in Portland and on the Oregon coast, the UO is deeply connected to Oregon's natural and cultural treasures.
Position Summary
Reporting to the Vice Provost/Chief Information Officer (CIO), the Chief Information Security Officer (CISO) is responsible for overall planning, development, implementation, and oversight of the University’s campus-wide information security initiatives and program. The CISO is responsible for managing and mediating information security incidents at the University of Oregon. The CISO works collaboratively with legal counsel, data stewards, data custodians, and the campus community to establish information security programs, including: information security policy, practices, and standards; information security awareness and training; information security response and management risk assessment and management of information security related IT architecture.
In collaboration with the campus community, the CISO will assume overall responsibility for developing and maintaining the Campus information security road-map for ensuring the security of Campus technology services, computer systems, data networks, and data. This position will also develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. The CISO will coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. In addition, the CISO will provide direction, support and in-house consulting in these areas.
The CISO will develop and lead outreach, communication, and education efforts to raise campus-wide awareness of information security risk, requirements and solutions; provide strategic and technical guidance and assistance in the design and implementation of appropriate security processes for campus-wide information systems, recommend and monitor computing practices to prevent and recover from security breaches and handle breaches when they occur with the appropriate sense of urgency.
The CISO serves as the primary information security liaison to federal, state, local and professional organizations. This position serves on the Information Services (IS) Leadership Team and will supervise information security staff, lead cross-functional teams, and will have budget authority for the Information Security Group
Minimum Requirements
• Bachelor’s degree or equivalent skills and experience.
• 5 years of experience in an IT position with significant information security responsibilities.
• 5 years of leadership experience providing supervision, coaching and mentoring of information technology professionals.
• Experience in laws and guidance that impact information technology
• Extensive knowledge of and experience in information security.
• Experience in managing as well as in negotiating vendor contracts and agreements with end users, service providers and regulatory agencies.
Professional Competencies
• Ability to work effectively with faculty, staff, and students from a variety of diverse backgrounds.
• Demonstrated problem solving skills.
• Ability to adapt within a rapidly changing technical environment.
• Excellent verbal and written communication skills, including the ability to explain technical concepts to audiences with a wide range of technical skills.
• Ability to work independently as well as in a team-oriented, collaborative environment.
• Ability to deal efficiently and effectively with a wide range of vendors.
• Ability to operate and communicate effectively while meeting deadlines and completing projects.
• Successful experience working, collaborating and establishing credibility and relationships with senior leadership, colleagues and customers.
Preferred Qualifications
• Advanced degree.
• CISSP or equivalent certification.
• Experience working in Information Security in Higher Education.
• Demonstrated experience with developing and providing an information security awareness and training program.
• Demonstrated experience with developing and maintaining information security policies.
• Experience with information security related issues involving identity and access management, intrusion detection, forensics, incident management, risk management and/or auditing.
• Technical experience in network administration, system administration, application development, database administration, and/or data center operations.
• Knowledge of information security and compliance related issues involving FERPA, HIPAA, PCI-DSS, ITAR, copyright and software piracy, and similar policies and laws.
• Experience leading and managing information security services in a medium/large research university or similar environment.
• Experience with ITIL or ITSM.