• Job Description

  Req#: 224979
  The Chief Information Security Officer (CISO) reports to the Vice Chancellor for Information Technology and Chief Information Officer (CIO) and leads the Security and Compliance Unit (S&C) in the Office of Information Technology (OIT). The CISO is a member of the OIT Leadership Cabinet and works closely with senior administration, academic leaders, and the campus community to optimize the security posture of the university.
  
  
  The CISO is responsible for developing, implementing and maintaining the university’s comprehensive cybersecurity program that ensures the confidentiality, integrity, and availability of university data and technology resources. This program utilizes industry best practices and employs a range of policy, procedural, and technological controls to manage risk to NC State University’s information assets. The CISO leads a cybersecurity program that harnesses collaborations and campus-wide resources, promotes effective cybersecurity governance, advises senior leadership on strategic cybersecurity direction and resource investments, and develops policies to effectively manage IT and cybersecurity risks. The CISO is responsible for managing the S&C portfolio within its operating budget of over $5 million as well as overseeing VRLM’s maintenance and negotiation of licenses totaling over $12 million.
  
  List of Primary Responsibilities:
  
  
  Leadership, Training and Collaboration (40%)
  • Provide leadership and oversight of activities and services related to the S&C unit. The current structure is comprised of:
    • Cybersecurity Operations (Director and 9 staff including Security Operations Center):
      • Secure Computing
        • Data Protection
        • Intrusion Detection/Prevention
        • Logging, Monitoring, Alerting
        • Multi Factor Authentication Solutions
        • Network Security Monitoring
        • Password Vault Management
        • SIEM (Security Information & Event Management) Operations
        • Endpoint Security: Endpoint Detection and Response, Antivirus
        • SSL Certificate Management
        • Vulnerability Scanning and Pen Testing
        • Web Application Security Testing
      • General Security Consultation, Security Architecture and Review
      • Security Incident Response and Investigation
        • Digital Forensics
        • Security Incident & Response
        • Security Operations Center (Manager and 3 staff)
    • Information Security, Risk and Assurance (Director and 7 staff):
      • Security Consulting and Education
        • Data Management
        • IT Risk Management
        • Security Awareness and Training
        • Security Liaison Team Program Management
      • Identity and Access Management
      • Security Policy and Compliance
        • Access Reviews
        • Internal & External OIT Audit Coordination
        • Litigation Holds/eDiscovery and Records Retention
        • Research Data Security Consultation & Evaluation
        • Security Compliance Program Development, Management and Continuous Assessment
        • Security Policy, Regulations, Rules, and SOP Development
  • Vendor Risk & License Management (Associate Director & 2 staff)
    • License Asset Management
      • Analyzes campus needs, interests and directions, and then tailors the software licensing program to meet those needs
      • Lead enterprise license coordination
      • Collaborates with UNC-System Office on university system-wide software licenses
      • Manages OIT licensing maintenance reviews and renewals
      • Manage the software inventory management system
      • Manage the software distribution to stakeholders
    • License Risk Assessment
      • Click-wrap Agreement Risk Assessment
      • Non-Negotiable Hard Copy License Review
    • IT Purchase Compliance Management
      • Manage the review process to ensure that IT purchases comply with university, State and Federal regulations and/or guidelines.
    • Manage the SAS Grant Administration
      
      
  • Ensure ongoing collaboration with OIT units, colleges, administrative units and key constituents such as data stewards, data trustees, the Office of General Counsel, Internal Audit, and Emergency Management & Mission Continuity regarding overall cybersecurity requirements.
  • Provides regular updates to the VCIT/CIO and other University leaders regarding cybersecurity matters, including ongoing program reporting and incident reporting.
  • Serve as co-chair of the Research Controlled Unclassified Information (CUI) Security Compliance Committee and Guest/Affiliate Steering Team.
  • Serve on a number of committees as a member or in an advisory capacity (e.g., Strategic IT Committee (SITC), Campus IT Directors, Enterprise Risk Management Advisory Team, Data Steward Committee, Data Governance Council, etc.).
  • Serve on the UNC Information Security Council and establish collaboration and partnerships with the colleges/universities in the UNC system.
  • Facilitate NC State’s annual self assessments with the UNC security framework and policy requirements
  • Be an active participant in the appropriate national organizations such as EDUCAUSE and be involved with collaboration and engagement in security initiatives.
  • Provide leadership to the Cybersecurity Awareness Team and ensure functionality of the Cybersecurity Liaisons program to assist with maintaining a secure university landscape and resulting project priorities.
  • Lead the development of the annual presentation to the University Board of Trustees regarding the university’s security threat and risk landscape
    
    
  Strategic Practice and Policy (35%)
  • Provide executive responsibility and expert oversight for strategies, plans, policies, processes and operations that safeguard the security of technology systems and university information, regardless of format or medium (electronic, paper, etc.).
  • Lead the continuous enhancement of a 3-5 year university cybersecurity strategic plan and roadmap that addresses needed resources (people, processes, technology) for a secure university environment and is prioritized using a developed risk management process.
  • Engage with university leaders to communicate vision and drive information security programs and concepts into all business processes and programs. Partners with executive leadership in achieving successful delivery of the following functional areas of Security: Governance and Policy, IT Risk Management, Compliance Management, Identity and Access Management, Endpoint Security, Security Operations, Vulnerability Management, Security Training and Awareness, Application Security, Cybersecurity Assessments and Testing, Cybersecurity Analytics and Cybersecurity Portfolio Management.
  • Manage the university’s information security governance processes and provide leadership to the Information Security Advisory Group
    
    
  Security Operations, Risk Management and Compliance (25%)
  • Collaborate with university leadership to develop and foster a culture supporting a high-level of cybersecurity and compliance in university activities, while ensuring actions are appropriately measured against university philosophies, attitudes, and its research and education missions. Provide leadership and guidance for the secure use of Artificial Intelligence (AI).
  • Work closely with the research community in exploring new and novel approaches to cybersecurity within networking, data management systems, software development, federation and identity management, and other research instruments and platforms.
  • Develop and maintain strategic external relationships and partnerships to support and improve cybersecurity and compliance.

• About the company

  North Carolina State University is a public land-grant research university in Raleigh, North Carolina.

Notice