Under the direction of the Vice President for Information Technology and Chief Information Officer provides proactive leadership for the portfolio of activities regarding university-wide assurance to protect institutional and personal information and systems. Maintaining a broad knowledge of University operations, interacts and ensures coordination with University executive administration, campus and department technology directors, University and external governance and judicial authorities to perform immediate analysis and critical decision-making in crucial situations as well as oversight of related institutional information policy analysis, trade-offs (e.g., security/policy/privacy/convenience), development and implementation. Serves as a member of the VP/CIO’s executive cabinet and provides leadership in cybersecurity application and research internationally.
Provides executive leadership and expert oversight for high-level strategies, plans, policies, and processes for security of technology and information systems (software, computers, networks, personal devices, etc.) and security of institutional and personal information regardless of media/medium (electronic, paper, etc.). Exercises independent authority and joint authority with other assurance leaders (chief privacy officer, chief compliance officer, chief audit officer, chief policy officer, etc.) to develop an environment and foster a culture supporting a high-level of security, compliance, privacy, and ethics in university activities, while ensuring actions are appropriately measured against university philosophies, attitudes, and its research and education missions. Works closely with faculty, the Chief Privacy Officer, and the leadership of the Research & Education Networking Information Sharing and Analysis Center (REN-ISAC), Center for Applied Cybersecurity Research (CACR), and the OmniSOC.
Master’s degree in Computer Science, Information Systems Management, Public Policy or Law and ten years of experience in assessing and mitigating technology information-related security risks, including five years of experience in management at an institution of sufficient size and complexity as to provide evidence of potential success in information security leadership at Indiana University.
Combinations of related education and experience may be considered.