Information technology empowers Indiana University's students, faculty, and staff to continually improve the quality of their research, education, and services. The Office of the Vice President for Information Technology, under the Vice President for Information Technology (VPIT), manages information technology across the Indiana University system.
This position will receive generous benefits as an Indiana University employee (see here) and be part of a vibrant information security community at Indiana University that includes the REN-ISAC, the Center for Applied Cybersecurity Research, the OmniSOC, and a rich set of research faculty. Indiana University is a strategic partner of Women in Cybersecurity (see here) and a strong participant in the EDUCAUSE Higher Education Information Security Council (HEISC).
Manage information security for the $4 billion Indiana University system that encompasses 118,000+ students, faculty and staff, and $500 million in research. Under the direction of the Associate Vice President for Information Security (AVPIS), the IU Chief Information Security Officer (CISO) works in collaboration with other IU assurance management (privacy, legal, data stewards, etc) to plan IU information security strategy and initiatives to maintain a secure, privacy-respecting, ethical, compliant environment that supports IU’s research, education and outreach missions. The main responsibility of the CISO is to provide day-to-day oversight of the 20-person University Information Security Office (UISO) and the information security initiatives supporting IU’s information security strategy and environment.
Specific responsibilities of the CISO include:
Providing project oversight and ongoing personnel management of the UISO, including maintaining an inclusive environment, ongoing professional development, and a diverse set of perspectives necessary to function in IU’s heterogeneous environment.
Communicating information security and other technical contexts in a variety of settings to IU administrators, faculty, researchers, staff, students who have a range of technical acumen in order to persuade them to support information security initiatives.
Maintaining relationships across IU to be aware of changes at the department level that could introduce risk, to be able to effectively persuade with varying levels of direct authority, and to coordinate information security university-wide.
Maintaining a broad knowledge of IU IT infrastructure and operations and how they apply to each of IU’s missions of education, research, and outreach, to be able to understand the trade-offs of risk and policy choices on IU’s risk posture and missions.
Making day-to-day risk management choices to resolve tensions between information security goals, IU’s mission, and other constraints.
Collaborating with information security faculty, the Research & Education Networking Information Sharing and Analysis Center (REN-ISAC), the Center for Applied Cybersecurity Research (CACR), and the OmniSOC as opportunities arise.
Ensuring, in collaboration with the UISO’s Incident Response Management and the AVPIS, that IU is prepared for information security incidents. During responses, provide oversight of incident response and play a pivotal role in communication to the AVPIS and CIO.
Degree in Computer Science, Information Systems Management, Public Policy or Law
5 years of information security or related experience
3 years of management experience
8 years of experience in assessing and mitigating information security risks
5 years of experience at a level of management at an institution of sufficient size and complexity as to provide evidence of potential success in information security management at Indiana University.
Combinations of related education and experience may be considered
LICENSES AND CERTIFICATIONS
Professional certification (e.g., CISSP, CISM)
Proficient communication skills
Maintains a high degree of professionalism
Demonstrated time management and priority setting skills
Demonstrates a high commitment to quality
Excellent organizational skills
Excellent collaboration and team building skills
Effectively coaches and delivers constructive feedback
Instills commitment to organizational goals
Demonstrates excellent judgment and decision-making skills
Effective conflict management skills
Builds and manages effective teams
Effective leadership skills
Ability to represent the company with external constituents
Ability to drive multiple projects to successful completion
Sufficient knowledge of information technology, information security technology, compliance programs, privacy, relevant legal doctrine, and education, research, and outreach processes to be able to oversee information security security initiatives and processes at IU.
Ability to assess information security risks and trade-offs in a complex university environment.
Ability to communicate information security technical matters effectively to a variety of audiences.
Ability to manage a 20-person, 3-tier team and associated budget.
Security and privacy of educational records (FERPA) and private health information.
Copyright and software piracy law.
Information security audit and control issues.
Facilitation of secure research, including compliance programs (HIPAA, 800-53, 800-171)
Information security issues arising from a diverse, 100,000+ person community in a highly open, collaborative environment.