Chief Information Security Officer

Information Technology and Computing Services (ITCS) is the central agency that supports enterprise-wide computing at East Carolina University. ITCS, through innovative information technology initiatives and service, provides opportunities for the ECU community to excel in teaching, research, and service using state-of-the-market technology and collaborative environments. ITCS is first and foremost committed to providing excellent information technology support for faculty, staff, and students. ITCS partners with campus departments, other universities, and industry to make strategic investments in information technology infrastructure that will help maintain a competitive advantage in administrative applications, faculty research, and outreach to the state and nation. We will achieve this through increasing the core functions and deploying appropriate technology throughout the university.

The ITCS Information Security Office manages the ECU Information Security Program, which is composed of policies, processes and assigned responsibilities that collectively form an information security governance framework for the University. This governance framework provides an administrative structure that assists unit directors and administrators with protecting the information under their care, including the personal information of students, employees, clients, and healthcare patients. The Office works collaboratively with all University divisions and partners (e.g., Academic Affairs, Administrative Affairs, Health Sciences, Research and Graduate Studies, Athletics, etc.) to establish information security and information risk management functions that support the University in fulfilling its strategic goals, business obligations and compliance requirements.

The Chief Information Security Officer (CISO) reports to the University Chief Information Officer and serves as a senior advisor to executive leadership on information security vision, strategy and direction. The CISO works collaboratively with all university divisions and partners (e.g., Academic Affairs, Administrative Affairs, Health Sciences, Research, Athletics, partner health service organizations, etc.) to establish information security and IT risk management functions that support the University in fulfilling its strategic goals, business obligations and compliance requirements.

The CISO manages the University Information Security Program, which is composed of policies, processes and employee responsibilities. The Program provides administrative structure and direction to departmental heads and university administrators on protecting the information under their care. The CISO also manages the University’s Information Security Awareness Program, which delivers educational activities and resources to the ECU community to develop campus awareness of current best practices in information security. The CISO coordinates the University IT Risk Management Program and advises university leadership on the identification and understanding of information and IT-related risks. The CISO oversees the University’s response to and reporting of information security incidents, and provides guidance to incident investigations where appropriate.

The CISO also leads or contributes to compliance projects as assigned, such as for federal, international and state laws, as well as for contracts and other external requirements relevant to the handling of university information.

The CISO serves as the University point of contact for information security related requests from federal and state agencies, state auditors, and other external entities. The CISO collaborates with peers at UNC institutions as well as universities across the country to research, identify, and share solutions to common information security issues. The CISO is the official UNC Systems Information Technology Security Council (ITSC) representative for the University.

The CISO supervises the Information Security team, directs team projects and budget, and supports the implementation of CIOstrategies and directives.

Bachelor’s degree in Cybersecurity, Computer Science, Information Technology or a closely related field with 3 years of experience managing a comprehensive information security program or a Master’s degree and 1 year of experience.

N/A

Experience using an industry-recognized risk management framework, such as ISO 27005 or COSO ERM, for performing or directing risk assessments, risk planning and risk management activities.

Experience using an industry-recognized security framework, such as ISO 27002 or NIST 800-53, for developing policies, regulations, standards and guidance.

Experience managing a compliance program for the protection of individual privacy rights, such as those for FERPA, HIPAA Privacy, and GDPR.

Solid understanding of the information security industry, relevant technology trends, and the shifting regulatory landscape that influences an organization’s approach to and management of its information security risks.

The ability to communicate effectively with clients at all organizational levels on the understanding and handling of complex security risks, and to build client support for information security goals and objectives.

Professional certification in the field of Information Security or Information Risk Management, such as CISM, CISSP, and CRISC.

Experience working in a higher education environment.

East Carolina University requires applicants to submit a candidate profile online in order to be considered for the position. Candidates must also submit a cover letter, resume and a list of three references, including contact information, online.

In order to be considered for this position, applicants must complete a candidate profile online via the PeopleAdmin system and submit any requested documents. Additionally, applicants that possess the preferred education and experience must also possess the minimum education/experience, if applicable.

East Carolina University is an equal opportunity and affirmative action employer and seeks to create an environment that fosters the recruitment and retention of a more diverse student body, faculty, staff and administration. We encourage qualified applicants from women, minorities, veterans, individuals with a disability, and historically underrepresented groups. All qualified applicants will receive consideration for employment without regard to their race/ethnicity, color, genetic information, national origin, religion, sex, sexual orientation, gender identity, age, disability, political affiliation, or veteran status.

Individuals requesting accommodation under the Americans with Disabilities Act Amendments Act (ADAAA) should contact the Department for Disability Support Services at (252) 737-1016 (Voice/TTY).

Final candidates are subject to criminal & sex offender background checks. Some vacancies also require credit or motor vehicle checks. ECU participates in E-Verify. Federal law requires all employers to verify the identity and employment eligibility of all persons hired to work in the United States.

If you experience any problems accessing the system or have questions about the application process, please contact the Office of Human Resources at (252) 328-9847 or toll free at 1-866-489-1740 or send an email to employment@ecu.edu. Our office is available to provide assistance from 8:00-5:00 EST.