Associate Vice President for Information Security and CISO – IT Connect (uw.edu)

University of Washington Information Technology (UW-IT) is the central IT organization for the University of Washington, supplying critical technology support and services to UW Bothell, UW Tacoma, UW Seattle, UW Medicine, and global research operations. UW-IT collaborates with university partners to support, enable, and advance teaching, learning, and research at the University. The Associate Vice President for Information Security and University Chief Information Security Officer reports to the UW Chief Information Officer (CIO) and will provide leadership for planning, developing, directing, and running an innovative, trusted, and reliable information security program to support the confidentiality, integrity, and availability of electronic institutional information.

As a senior executive and leader, strong leadership skills are necessary to recruit, develop, and keep top talent. The CISO must also embrace and model organizational diversity, equity, and inclusion (DEI) competencies. It is essential that the CISO understands the impact of technology on historically marginalized communities and ensure that security solutions are inclusive and accessible to all members of the University community. The CISO must work to promote a culture of DEI within their division and across the University, incorporating DEI principles into hiring, staff development, engagement, and decision-making processes. The CISO must also collaborate with other university leaders to ensure that technology and security solutions align with the University's DEI goals and values. The CISO must lead by example, modeling DEI principles in all aspects of their work and creating a culture of inclusivity and belonging within the team and across the University.

Through the information security program, the CISO promotes a culture of security throughout the institution, with a clear focus on delivering security measures, tools, and technologies to decentralized units in a federated system. These services are designed to enable UW units to understand and mitigate cyber risks and include, but is not limited to, deploying central and enterprise-wide security capabilities, analyzing and forecasting threats to information security, researching applicable information security laws, developing security policies, providing training, awareness, and education on safeguarding institutional information.

The CISO handles the development, implementation, and coordination of information and cybersecurity program efforts and related risk management activities across the University. Working with UW Vice Presidents/Provosts, Associate Vice Presidents/Provosts, Deans, Administrators, and other stakeholders, the CISO is responsible for establishing an appropriate University-wide information assurance strategy and vision. The CISO oversees the creation and maintenance of UW information security related policy, information security risk assessment efforts, a threat intelligence program, and the University's security awareness and training program.

The position advises and collaborates with UW units on the approach to related statutory, regulatory, and contractual compliance practices. The CISO is accountable for developing and maintaining incident response capabilities and activities for the management of information systems and data compromises as defined in Executive Order No. 63 and Administrative Policy Statement 2.4. The CISO works with the UW Facilities Security Officer (FSO) as appropriate, regarding the industrial security program strategies for the protection of national security information and the University's status as a cleared institution. Working closely with the UW Medicine Chief Information Security Officer and their team, this position assists and coordinates on shared program challenges and activities.

In general, the CISO is charged with the responsibility for building an information security-conscious culture and infrastructure for the University of Washington. In addition to all these duties, the CISO plays a significant role in facilitating and coordinating relevant cybersecurity industry-related engagements and activities with their regional private and public sector colleagues.

As the University of Washington continues to enhance its information security posture, a strategic shift in the delivery of security services to the institution is underway. The CISO will be pivotal in driving this transformation, encompassing the evaluation and realignment of services, optimizing the security workforce, effectively managing stakeholder expectations, and supporting Enterprise Risk Management functions for the institution.

REQUIREMENTS:

        Bachelor’s Degree in business administration, computer science, cyber security, or equivalent work experience.

        At least 10 years of progressively responsible information security leadership experience, including significant responsibilities in information security.

        A minimum of 5 years in a senior position for leading security analysts, cybersecurity engineers, and staff with similar competencies.

        Demonstrated experience in developing and implementing security strategies that align with business goals.

        Demonstrated experience managing a complex security ecosystem, including centralized and decentralized systems.

        Strong leadership and management skills with the ability to build and lead high-performance teams.

        Proven ability to develop staff and guide teams through major transitions in roles, competencies, and technical direction.

        Excellent communication skills with the ability to communicate complex technical concepts to a non-technical audience.

        Experience managing budgets and working with vendors and service providers.

        Proven operational and management skills in an entrepreneurial, fast-changing, and ambitious environment.

CONDITIONS OF EMPLOYMENT

This is an essential position and is required to report to work remotely when UW suspends operations.