About University at Albany: Established in 1844 and designated a University Center of the State University of New York in 1962, the University at Albany's broad mission of excellence in undergraduate and graduate education, research and public service engages a diverse student body of more than 17,900 students in nine schools and colleges across three campuses.
Located in Albany, New York, New York State's capital, the University is convenient to Boston, New York City and the Adirondacks.
Job Description: The Chief Information Security Officer (CISO) is a senior-level position in Information Technology Services (ITS) that represents the Chief Information Officer (CIO) on information security/cybersecurity issues across the University, working closely with senior administration, academic and research leaders, and the campus community. The CISO is responsible for the development, implementation, and operations of a comprehensive, enterprise-wide information security strategy and program for the University. The incumbent sets security policies, standards, and processes, utilizes a risk-based methodology to inform work, anticipates threats and identifies potential impact. S/he designs and implements roles, responsibilities, and operational efforts supporting a clear vision and strategy for information security throughout the University.
Develops and sets information security policy for the University
Responsible for planning and reviewing periodic risk assessments to drive security program prioritization
Responsible for developing, documenting, and directing implementation of a comprehensive information security program and prioritized roadmap to protect communications, systems, information, and assets from anticipated threats, both internal and external
Work proactively to define and prioritize the implementation of physical, administrative, and technical controls appropriate for the University's security program and in compliance with policies, applicable laws, and regulations
Leads the implementation of security controls, practices, and policies through collaboration with technical staff inside and outside ITS
Directs the use of external, third-party resources to scan for vulnerabilities and conduct penetration tests
Continuously ensures compliance with laws and regulations applicable to academic, research, and business data and systems
Determines and oversees periodic security audits
Manages projects associates with ITS' security audits
At the direction of human Resources and/or the Office of General Counsel, leads ITS activities related to data access reporting, data collection, and securing evidence in disciplinary and legal matters, security breaches, and policy violations of union and non-union employees
Provides strategic and tactical security guidance for programs, projects, and data management and use agreements that may involve security controls, including evaluation of the architecture, hardware, software and technical controls
Leads enterprise information security incident response services and activities
Directs the development and delivery of a security awareness training program for employees, contractors, and other parties
Establishes a metrics-driven dashboard to evaluate the effectiveness of the information security program
Maintains a current understanding of the IT threat landscape for the industry
Oversees and manages ITS' Information Security unit, supervising security operations staff and identity and access management staff
Manages institution-wide information security governance processes
Must be available to provide support and consultation outside normal business hours, including occasional evenings, holidays, or weekends, within reasonable professional obligation and expectation
This has been designated as an essential position based on the duties of the job and the functions performed. Positions that are designated as such are required to report to work/remain at work even if classes are cancelled and the campus is working on limited operations in an emergency.
Requirements: Minimum Qualifications:
Bachelor's degree from a college or university accredited by a U.S. Department of Education (DOE) or internationally recognized accrediting organization
At least 7 years full-time experience in information security/cybersecurity
Experience developing or contributing to the development of security policies
Ability to plan, manage, and maintain a complex, long-term, organization-wide program
Demonstrated experience working, collaborating, and establishing credibility and relationships with senior leadership, colleagues, and customers
Excellent oral, written, and interpersonal communication skills as evidenced in the cover letter, resume, and interview process
Familiarity with cyber security frameworks, including NIST
Applicants must clearly address in their cover letter their ability to work with a culturally diverse population.
At least 2 years supervisory experience
Experience working in higher education
Experience with common security and privacy legislation and regulations (e.g., PCIDSS, FERPA, HIPAA, etc.)
Experience coordinating with key stakeholder groups, such as legal counsel and internal audit
Professional certification (e.g. CISSP)
Experience managing complex IT projects
Additional Information: Professional Rank and Salary Range: Director of University Systems Analysis, Management/Confidential (MP3)
Special Notes: Visa sponsorship is not available for this position.
The Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act, or Clery Act, mandates that all Title IV institutions, without exception, prepare, publish and distribute an Annual Security Report. This report consists of two basic parts: disclosure of the University's crime statistics for the past three years; and disclosures regarding the University's current campus security policies. The University at Albany's Annual Security Report is available in portable document format [PDF] by clicking this link http://police.albany.edu/ASR.shtml
Pursuant to NYS Labor Law 194-A, no NY State entity, as defined by the Law, is permitted to rely on, orally or in writing seek, request, or require in any form, that an applicant for employment provide his or her current wage, or salary history as a condition to be interviewed, or as a condition of continuing to be considered for an offer of employment, until such time as the applicant is extended a conditional offer of employment with compensation, and for the purpose of verifying information, may such requests be made. If such information has been requested from you before such time, please contact the Governor's Office of Employee Relations at (518) 474-6988 or via email at email@example.com
THE UNIVERSITY AT ALBANY IS AN EO/AA/IRCA/ADA EMPLOYER