The primary purpose of this position is to provide strategic leadership for the University’s information security program. Work with campus leadership to oversee the continual operations and improvement of university-wide information security program. This includes resources, governance and policies organized toward a common cause in information security. Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire institution in support of academic, research, and administrative information systems and technology. Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements. Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level, participate in national policy and practice discussions, and communicate to campus on a regular basis about those topics. Represent the university on committees and boards associated with the University of North Carolina consortia and in national and regional consortiums and collaborations. Develop and provide ongoing IT Security Awareness initiatives and communication for students, faculty and staff. Provide leadership, direction and guidance in development assessment and evaluation of information security risks and monitor compliance with security standards and appropriate policies and make appropriate recommendations. Responsible for working with appropriate agencies, coordinating and tracking all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes. Develop a strategy for cohesively dealing with audits, compliance checks and external assessment processes for internal / external auditors, PCI, ITAR, HIPAA, FISMA and other applicable standards. Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidents. Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk. Examine impacts of new technologies on North Carolina Central University’s overall information security. Establish processes to review implementation of new technologies to ensure security compliance. Use appropriate technologies to monitor, mitigate and respond to security and compliance events.
The successful candidate must possess knowledge of Internal Audit, System Auditors, outside consultants and/or Office of the State Auditor in a lead capacity to coordinate representation of institutional technology systems and practices is highly desired; knowledge of laws and standards governing Information Security compliance for example, ISO27002, ISO27005, NIST 800, FERPA, PCI, NC Identify Theft Protection Act, ediscovery, ADA, DMCA, GDPR; knowledge and experience in the policy and regulatory environment of information security, particularly in higher education, is highly desirable; knowledge of computes and information security, network security issues, and security incident response and recovery in a higher education environment is highly desirable; ability to exhibit maturity, reliability, composure, and stability under pressure as required for handling on-the-job challenges is essential; ability to give and receive constructive criticism and feedback; ability to advise and collaborate with senior management is required; ability to work in a team/collaborative environment with a broad range of constituencies is essential. The position requires an intelligent, articulate, consensus-building, and persuasive leader who can work effectively with senior administration, academic leaders, and the campus community and communicate information security-related concepts to a broad range of technical and non-technical staff.
A Bachelor’s Degree in Management Information Science or other related field and/or an advanced degree is preferred.
Professional certification (e.g., CISSP) is highly desirable. Candidates lacking such certification may be competitive if they present comparable credentials or involvement in continuous professional development.