Chief Information Security Officer

This is an executive position responsible for developing, implementing, managing, and ensuring compliance with the university information security program and leading the information security team. Responsible for providing professional advice, subject matter expertise, and problem-solving services on issues related to information security programs, practices, tools, enforcement and compliance. Works under minimal supervision with extensive latitude for the use of initiative and independent judgment. Reports to the Chief Information Officer.

1. Coordinates the development, implementation and maintenance of the university’s information security program, ensuring compliance with TAC 202, FERPA, HIPAA, PCI, and other security standards/requirements.

2. Develops and maintains the campus information security roadmap for ensuring the security of information resource, technology services, computer systems, data networks and data in collaboration with the university community.

3. Develops, maintains, and oversees process and control techniques to address applicable information security requirements and standards by establishing programs, educating stakeholders and monitoring progress on security initiatives.

4. Establishes and maintains policies, practices, and standards related to information security; information security assessments; information security awareness and training; incident response and management; and information technology risk management.  

5. Directs, provides vision to, and manages the information security team, including providing professional training and development opportunities.

6. Cultivates, reviews, and interprets new sources of information on current and emerging laws, rules, regulations, and industry practice relating to the information security plan to ensure compliance with federal and state Department of Information Resources (DIR) regulations.

7. Participates in the strategic planning and development of goals and objectives, with special attention to providing leadership for those related to information security.

8. Ensures the delivery of high-quality information security services to the university.

9. Works with internal and external auditors to assess or audit compliance.

Performs other related duties as assigned.

The individual must possess the following knowledge, skills, and abilities or be able to explain and demonstrate that the individual can perform the essential functions of the job, with or without reasonable accommodation.

1. Knowledge of, or the ability to learn, university policies and procedures.

2. Knowledge of federal, state, and local laws, statutes, regulations, codes and standards related to the area of responsibility.

3. Knowledge of information security standards, best practices, methodologies and tools for higher education.

4. Knowledge of security architecture and design principles.

5. Organizational skills in managing projects simultaneously while maintaining a satisfactory work product. 

6. Ability to communicate effectively in both oral and written form.

7. Ability to work collaboratively and build strategic relations with colleagues, coworkers and constituents.

8. Ability to present complex security concepts to a variety of audiences or groups.

9. Ability to exercise sound judgment in making critical decisions. 

10. Ability to work with and maintain confidential information.

11. Ability to train and supervise others. 

12. Ability to learn quickly and adjust to a changing environment.

13. Ability to maintain currency of knowledge and skills, including adapting to changes in technology related to the area of specialization.

Bachelor’s degree in a related field is required.

Five years of progressively responsible experience in information security is required. Experience with information security related issues involving identity and access management, intrusion detection, forensics, incident management, policy development, risk management and/or information security auditing is required. Experience designing security initiatives, developing, maintaining, and implementing an information security program, and managing projects or programs to achieve information security objectives is required. Supervisory experience is required.

Experience in a higher education environment is preferred. Certified Information Systems Security Professional (CISSP) is preferred.

This is a security-sensitive position subject to criminal record check.
This is a safety-sensitive position subject to drug and alcohol testing.
This is an IT-sensitive position subject to SFA’s computer and network security policy.

This position is eligible for participation in the Teacher Retirement System of Texas (TRS) retirement plan, subject to the position being at least 20 hours per week and at least 135 days in length.

Stephen F. Austin State University, an Equal Employment Opportunity and Affirmative Action Employer and Educator, is committed to excellence through diversity. All qualified applicants will receive consideration for employment without regard to sex, race, creed, color, age, national origin, religion or physical or mental disability as required by law. If, because of an impairment or disability, you need accommodation during any part of the employment process, please contact Human Resources at 936-468-2304.