University Of Montana
Receive alerts when this company posts new jobs.
Chief Information Security Officer, Information Technology Department
at University Of Montana
The University of Montana invites applications for a Chief Information Security Officer. Reporting to the CIO, the Chief Information Security Officer will provide the vision and strategies necessary to perform a wide variety of duties including establishing and implementing a university wide IT security program, monitoring and enforcing information security standards to ensure confidentiality, integrity, and availability of information and technical assets across the university’s core mission in Education, Research and Clinical practices. The CISO oversees Incident Response, Risk Assessment, Security Operations for IT, and Identity & Access Management (IAM) functions, including inspiring and motivating staff, hiring, performance management, professional development and financial management of the IT security team. This position will oversee the creation and maintenance of information security policy, procedures, strategies, leads on-going IT security risk assessments and is responsible for the creation and roll-out of IT security awareness and training programs.
The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities at the campus level.
The CISO will assist the Chief Information Officer (CIO) and campus IT leadership in the strategic planning, management, and direction of IT programs, services, and policies and will represent the CIO and IT leadership in meetings and public forums. The CISO will represent the campus on system-wide projects or committees, participate in collaboration with other affiliate campuses and industry partners to develop and share information security best practices.
Information Security Strategic Direction and Planning:
- Responsible for the information security strategies, both short-term and long-range, in support of the University’s mission, vision and goals across the educational, research, service and clinical care domains.
- Provide leadership in the development of a University wide Information Security Program to help identify, report and control IT security incidents, monitor threats and take preventive measures to mitigate risks, mentor and train IT security staff and communicate continuously
- Provide guidance and counsel to the CIO and key members of the university leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security, while building relationships and goodwill.
- Manage institution-wide information security governance processes, including formation of an Information Security Advisory Committee and development of a department liaison program, to support campus-wide information security program and project priorities.
- Provide leadership philosophy for the Information Security Office Team to create a strong bridge between organizations, build respect for the contributions of all and bring groups together to share information and resources and create better decisions, policies and practices for the campus.
- Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Information Security Operations:
- Establish annual and long-range information security and compliance goals.
- Define security strategies, metrics, reporting mechanisms and program services; and create road-map for continual program improvements.
- Establish appropriate operations to ensure that proper protections are in place to include but not limited to application, cloud, network, endpoint, record search, intrusion detection, prevention systems, firewalls, effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.
- Stay abreast of information security issues and regulatory changes affecting the University at the state and national level.
Risk Management and Incident Response:
- Keep abreast of IT related security incidents and act as primary control point during significant information security incidents. - Collaborate and interact with the Security Response Team as appropriate or requested, in addressing and investigating security incidents that arise.
- Collaborate with the CIO on the development, implementation and administration of technical security standards, as well as a suite of security services and tools to address and mitigate IT security risk.
- Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
- Examine impacts of new technologies on the University’s overall information security posture.
- Establish processes to review implementation of new technologies to ensure IT security compliance.
- Evaluates IT related security incidents and determines what response, if any, is needed and coordinates the appropriate responses activities, including technical incident responses to security incident.
Policy, Compliance and Audit:
- Lead the development and implementation of effective and reasonable policies, processes and practices to safeguard data and ensure information security and compliance with University policies as well as FERPA, HIPAA, and other relevant state and federal regulations.
- Lead efforts to internally assess, evaluate and make recommendations regarding the adequacy of the security controls for the university’s information and technology systems.
- Work with university and external consultants as appropriate on required IT related security assessments and audits.
Outreach, Education and Training:
- Establish and maintain education and awareness programs on HIPAA, IT security issues, best practices, and vulnerabilities.
- Work with the University’s clinical units, which define the campus HIPAA hybrid entity status, to build awareness and a sense of common purpose around IT security.
- Position is full-time, 1.0 FTE, MUS Contract and includes a comprehensive and competitive benefits package including Insurance package, mandatory retirement plan, partial tuition waiver, and wellness program.
- Bachelor’s degree in Computer Science, Engineering, Information Systems, or a related field, as well as at least three (3) years of related work experience; or any combination of education and experience that would provide the competencies required to successfully discharge the duties assigned to this position.
- Demonstrated deep knowledge of a broad array of enterprise technologies including applications, networks, systems, databases, cloud computing, and data centers.
- Advanced knowledge of IT Security concepts, security assessments, associated security software tools and industry standards.
- The position requires an intelligent, articulate, consensus building, and persuasive leader who can work effectively with senior administration, academic leaders, and the campus community and communicate information security-related concepts to a broad range of technical and non-technical staff.
- Success in this position depends on ability to work effectively in a decentralized environment, without reliance on line authority. For this reason, excellent communication and social skills are required.
- Ability to exhibit maturity, reliability, composure, and stability under pressure as required for handling on-the-job challenges is essential.
- Adept in program management of strategic IT functions; skilled in short- and long- term planning; able to establish business value of IT decisions among Senior Management.
- Ability to effectively manage multiple large-scale projects using formal project management methods to ensure delivery within scope and budget.
- Advanced knowledge of security regulations and best practices, including federal and state laws, policies and standards.
- Ability to rapidly respond to critical incidents with equanimity and confidence while minimizing impact.
- Experienced in leading change management activities and managing their impact across multiple units or departments.
- Possess the business acumen and professional presence to be able to persuade, gain acceptance, and support of others in critical situations, while also fostering collaborative and productive professional relationships.
- Ability to effectively lead, inspire and manage diverse teams of technical and non- technical professionals including hiring, performance management and professional development.
- Possess the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization; ability to use English grammar and punctuation.
- Ability to effectively deliver presentations to large audiences in a clear and concise manner.
- Master’s degree in Computer Science, Engineering, or Information Systems
- Extensive knowledge of security regulations specifically relevant to higher education
- Professional certification (e.g., CISSP). Candidates lacking such certification may be competitive if they present comparable credentials or involvement in continuous professional development.
About UM and the Information Technology Department
The University of Montana is a unit of the Montana University System with more than 11,000 undergraduate and graduate students and 500+ full-time faculty members. It is located in Missoula, a culturally vibrant community of about 70,000, surrounded by mountain grandeur which was recently ranked in the “top 20 best college towns with a population of less than 250,000” by the American Institute for Economic Research and ranked 9th in Outside Magazine’s “The 16 Greatest Places to Live in America” in 2014. Many national publications recognize Missoula for its high quality of life. Abundant recreational opportunities in surrounding state and national forests and nearby Glacier National Park and Yellowstone National Park complement a thriving intellectual atmosphere.
Information Technology provides leadership in identifying and delivering IT infrastructure, services and support for The University of Montana-Missoula, the four campuses of the multi-campus University of Montana, and the Montana University System.
The University of Montana is an Affirmative Action/Equal Opportunity employer and has a strong institutional commitment to the principle of diversity in all areas. In that spirit, we are particularly interested in receiving applications from a broad spectrum of qualified people who would assist the University in demonstrating its five priorities for action: Place student success at the center of all we do; drive excellence and innovation in teaching, learning, and research; embody the principle of “mission first, people always"; partner with place; and proudly tell the UM story.
To learn more about the University of Montana, Missoula, and the State of Montana, please visit the links below.
- University of Montana
- City of Missoula
- State of Montana
Criminal Background Investigation is required prior to Offer of Employment.
In accordance with University policy, finalists for this position will be subject to criminal background investigations.
Reasonable accommodations are provided in the hiring process for persons with disabilities. For example, this material is available in alternative format upon request. As an Equal Opportunity/Affirmative Action employer, we encourage applications from minorities, veterans, and women. Qualified candidates may request veterans’ or disabilities preference in accordance with state law.
References *References not listed on the application materials may be contacted; notice may be provided to the applicant.
Testing Individual hiring departments at UM may elect to administer pre-employment tests, which are relevant to essential job functions.
Employment Eligibility. All New Employees must be eligible and show employment eligibility verification by the first date of employment at UM, as legally required (e.g., Form I-9).
How to Apply
Priority Application Date: October 14, 2019
Applications received by this date will be guaranteed consideration. Application review will begin after date above and continue until the position is filled.
Please submit the following application materials via "New Resume/CV" button below.
*Please note: only five (5) attachments are allowed per application. Please combine documents accordingly.
- Letter of Interest – addressing the stated required skills for the position
- Detailed resume listing education and describing work experience
- Three (3) professional references - Names and contact information