Chief Information Security Officer

Primary Purpose of Position

The Chief Information Security Officer (CISO) is a senior executive and strategic business partner responsible for establishing and leading a comprehensive, enterprise-wide information security and risk management program. The CISO provides the vision and leadership required to protect the organization’s information assets, intellectual property, and business operations against evolving digital threats.

Serving as a trusted advisor to the executive team and the Board of Directors, the CISO ensures that the security strategy is fully aligned and embedded in the broader business strategy. More than a guardian of digital assets, this leader is a key enabler of innovation, responsible for building a resilient and trustworthy digital environment that empowers the organization to achieve its goals, win customer confidence, seize new market opportunities securely, and act as a catalyst for sustainable, risk-aware growth.

Key Domains of Responsibility

• Strategic Leadership & Governance: Lead the development and execution of the enterprise security vision, strategy, and governance framework in alignment with business objectives. Serve as the primary security advisor to the C-suite and Board of Directors, translating complex technical risks into clear business implications and reporting on the enterprise security posture.
• Enterprise Risk & Compliance Management: Lead a holistic digital risk management program, encompassing technology, data, and third-party/supply chain risks. Ensure and demonstrate compliance with applicable legal, statutory, and regulatory requirements (e.g., GDPR, CCPA, HIPAA, SOX, PCI DSS) in collaboration with legal and compliance teams. Lead and maintain a robust Third-Party Risk Management (TPRM) program.
• Security Operations & Resilience: Provide executive oversight of Security Operations Center (SOC) functions, including threat detection, vulnerability management, and incident response capabilities. Lead crisis management during security incidents. Ensure robust business continuity and disaster recovery plans are in place and regularly tested through exercises such as tabletop simulations.
• Data Security & Governance: Partner with the Chief Data Officer, General Counsel, and other stakeholders to develop and enforce data governance, classification, and privacy policies. Implement technical controls, including encryption and Data Loss Prevention (DLP) solutions, to safeguard critical information assets.
• Technology & Innovation Security: Drive the security strategy for both foundational and emerging technologies to enable secure innovation.
  • Zero Trust Architecture: Lead a multi-year, enterprise-wide transformation toward Zero Trust architecture, enforcing principles of least privilege, micro-segmentation, and continuous verification.
  • Cloud Security: Architect and manage a comprehensive security program for multi-cloud and hybrid environments, focusing on secure configuration and cloud-native protection mechanisms.
  • AI Security & Governance: Establish a robust AI governance framework to manage risks associated with artificial intelligence. Develop policies to mitigate “Shadow AI” risks from unauthorized public tools and secure the proprietary AI/ML supply chain from threats like data poisoning.
  • DevSecOps: Champion a “shift-left” cultural transformation, partnering with engineering teams to embed automated security controls and a “security as code” mindset into the CI/CD pipeline.
  • Culture & Team Leadership: Build, mentor, and lead a high-performing, diverse cybersecurity team. Address skill gaps and foster a culture of continuous learning. Champion a pervasive culture of security awareness and shared responsibility across the organization through continuous training and simulated phishing exercises.

Nonessential Duties

Perform other duties as assigned.

Supervisory Responsibilities

Directly supervise a group of 5-7 professional staff.

Reporting Relationship

Reports to the Chief Information Officer.

Knowledge, Skills, and Abilities

Required:

• Executive Communication & Influence: World-class ability to articulate complex security concepts and risk analysis to non-technical audiences, including C-Suite and Board of Directors, in a clear, compelling, business-centric manner.
• Business & Financial Acumen: Strong grasp of business operations, financial statements, and budget management, with the ability to build a compelling business case for security investments and demonstrate return on investment (ROI).
• Collaborative & Empathetic Leadership: A proven “bridge-builder” with exceptional emotional intelligence and interpersonal skills, capable of fostering trust-based partnerships across all business and technology functions. A leader with “no ego” who is approachable and supportive of their team.
• Strategic Vision: Ability to anticipate future threats, technological shifts, and regulatory changes, and to craft a long-term, forward-looking security vision that actively enables and supports the organization’s strategic plan.
• Resilience & Decisiveness: Ability to lead with a calm, steady hand during high-stakes crises, make difficult decisions under intense pressure, and cope effectively with complexity and constant change.
• Proactive Problem Solving: Possess a proactive, can-do attitude, with a passion for their work and a relentless desire to learn, improve, and solve complex challenges.

Qualifications

Required:

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field.
• A minimum of 15 years of progressive experience in information security and risk management, including at least 7 years in a senior leadership capacity, managing cross-functional teams and influencing enterprise-wide strategy.
• Demonstrated success in developing, implementing, and executing a strategic, comprehensive information security program that is demonstrably aligned with business goals.
• Deep expertise in modern risk management methodologies and a strong command of major global compliance frameworks and regulations (e.g., NIST CSF, ISO 27001, GDPR, CCPA, HIPAA, SOX, PCI DSS).
• Proven experience in architecting and securing modern technology stacks, including multi-cloud environments (AWS, Azure, GCP), Zero Trust principles, and sophisticated Identity and Access Management (IAM) solutions.
• Extensive, hands-on experience with modern security operations, cyber threat intelligence, vulnerability management, and proven leadership experience in high-stakes crisis and incident response scenarios.
• Working knowledge of key security technologies, including firewalls, intrusion detection/prevention systems (IDPS), Security Information and Event Management (SIEM) platforms, and encryption protocols.

Preferred:

Advanced degree, such as an MBA or a Master’s in Cybersecurity

Professional Certifications such as:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Auditor (CISA)
• Experience developing and implementing governance and security controls for Artificial Intelligence and Machine Learning (AI/ML) systems and mitigating Shadow AI risks
• Experience leading a “shift-left” cultural transformation by successfully implementing DevSecOps principles and practices in an agile development environment.
• Knowledge of ethical hacking and penetration testing techniques.

https://fa-ewca-saasfaprod1.fa.ocs.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/job/1600?keyword=Chief+Information+&mode=location

Note: University Services reserves the right to assign reasonably related additional duties and to change or reassign job duties.