Oregon State University is seeking applications and nominations for Chief Information Security Officer.
ABOUT OREGON STATE UNIVERSITY
Oregon State University (OSU) is an international, public research university in the northwest United States, located in Corvallis, Oregon. The university offers more than 200 undergraduate degree programs along with a variety of graduate and doctoral degrees. It is also the largest university in the state, with a total enrollment exceeding 30,000 students. The Carnegie Foundation designates Oregon State University as a "Community Engagement" university and classifies it as a doctoral university with a status of "Highest Research Activity." OSU earned $441 million in external research funding in 2017, a third consecutive year of record-breaking growth. It is the state’s largest comprehensive public university, preeminent for both scholarly achievement and the direct impact of applied development, fulfilling the land-grant mission to serve the public good. Oregon State’s researchers are top-ranked in their fields, hold leadership positions in international and national professional organizations and have earned prestigious honors.
The Chief Information Security Officer has been elevated to the AVP role providing leadership and oversight in the strategic planning, execution, and assessment of all OSU cyber security strategies, policies, procedures, guiding governance and practices to be implemented at OSU. The Chief Information Security Officer will manage and continuously modify when necessary a comprehensive information security program to ensure that all information assets are adequately protected against current/future internal and external threats. This position reports to the University Vice Provost /Chief Information Officer and serves as a member of the Information Services Executive Team.
Provide the strategic leadership of the University’s information security program with the goal of effectively managing the University’s information security risk. Provide guidance and counsel to the CIO and key members of the University leadership team, working closely with senior administration, academic leaders, and the University community and defining objectives for information security while building relationships and goodwill.
Manage institution wide information security governance processes and share the information with the Security Advisory Committee.
Create maturity models and roadmaps for continual program improvements.
Effectively present, communicate, and update the University Board and executive leadership on the formal findings of risk assessments and suggested strategic plans and roadmaps to address risk commensurate with the University’s risk tolerance.
Lead the efforts to internally assess, evaluate and make recommendations to administration regarding the adequacy of the security controls for the University’s information and technology systems.
Responsible for planning, hiring/firing, defining competencies and performance objectives, assigning, and approving work as well as responding to grievances, disciplining/rewarding and preparing and signing performance appraisals and reviews of staff. Also, consistently and continuously identify the training needs and coordinate professional development opportunities.
Partner with University leadership, faculty, student body, and information technology leadership to execute a cohesive information security program which encompasses strategy, policy, guidelines, process, operating procedures and a technology roadmap to continue OSU’s security and governance excellence.
Establish appropriate scorecards to measure and deliver on the effectiveness of the security function.
Collaborate with peers on IT leadership team to influence IT strategic direction and to shape solutions developed to protect University assets, people, data, systems, and intellectual property.
Ensure that the University is compliant with applicable regulations and anticipate potential legislation at federal and state levels to develop proactive responses.
Serve as the University champion to promote information security disciplines.
Establish processes to ensure that all users receive appropriate information security training to perform duties along with periodic information security awareness training.
Ensure continuous monitoring and tracking of all University systems against potential threats including hackers, software flaws, viruses, spyware, phishing, and self-adaptive or mutilating computer threats.
Demonstrated commitment to diversity.
Demonstrated, progressive, significant, and successful experience in information security leadership.
Experience with implementing IT security standards and frameworks.
Knowledge of IT security standards and frameworks such as National Institute of Standards and Technology Cyber Security Framework (NIST), ISO, NZISM, COBIT, etc.
Certification as a Certified Information Security Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), or like certification.
Oregon State University has retained the services of Diversified Search to assist in this search. To apply, applicants should submit a resume or curriculum vitae as well as a letter that explains how their experience has prepared them to fulfill the position requirements and each of the core competencies to: CISOOSU@Divsearch.com
This position is designated as a critical or security-sensitive position; therefore, the incumbent must successfully complete a criminal history check and be determined to be position qualified as per OSU Standard 576-055-0000 et seq. Incumbents are required to self-report convictions and those in youth programs may have additional criminal history checks every 24 months. Offers of employment are contingent upon meeting all minimum qualifications including the criminal history check requirement.