Chief Information Security Officer

Austin Community College Austin, TX Full-time Information Services / Technology (IT)

Posted on April 18, 2024

Apply Now

Chief Information Security Officer

Austin Community College

Job Posting Closing Times: Job postings are removed from advertising at 12:00 A.M. on the closing date e.g., at midnight on the day before the closing date.

If you are a current Austin Community College employee, please click this link to apply through your Workday account.

Austin Community College is a public two-year institution that serves a multicultural population of approximately 41,000 credit students each Fall and Spring semester. We embrace our identity as a community college, as reflected in our mission statement. We promote student success and community development by providing affordable access, through traditional and distance learning modes, to higher education and workforce training, including appropriate applied baccalaureate degrees, in our service area.

As a community college committed to our mission, we seek to recruit and retain a workforce that:

Values intellectual curiosity and innovative teaching
Is attracted by the college's mission to promote equitable access to educational opportunities
Cares about student success and collaborates on strategies to facilitate success for populations including; first generation college students, low-income students, and students from underserved communities.
Focused on student academic achievement and postgraduate outcomes
Welcomes difference and models respectful interaction with others
Engages with the community both within and outside of ACC

Job Posting Title:
Chief Information Security Officer

Job Description Summary:
Reporting to the CIO, the Chief Information Security Officer (CISO) is a key role on the leadership team of the college's IT department. This position is responsible for the security of the college's data and information assets, including all student, financial and employee datasets. This role has purview over the operational day-to-day measures used to secure the college's data, applications and infrastructure. This role also owns the strategic initiatives undertaken to continually enhance the college's information security posture.

The CISO will be responsible and accountable for the successful implementation of well-defined security related projects, and the college's operational practices related to information security.

Job Description:

Description of Duties and Tasks

Leading and successfully completing projects aimed at improving the college's security posture with minimal supervision. Success means full scope of work completed on time, within budget and aligned with established acceptance criteria.
Building out and maintaining an information security team that is able to satisfy the cybersecurity needs of the college.
Mitigating risks associated with data breaches and data leaks.
Establishing, maintaining and continuously testing infrastructure aimed at operational recovery from outages related to cybersecurity incidents.
Continual testing of the college's environment for security vulnerabilities.
Staying current on risks and trends in the world of cybersecurity and reporting on such to the college's leadership team.
Providing overall day-to-day direction to a team of information security professionals and 3rd party providers.
Contributing to the development of the college's technology roadmap.
Partnering with peers, both within and outside of the IT department to accomplish shared goals.
Defining goals for the teams reporting to the CISO based on the goals of the broader IT organization.
Ensuring team goals are met and work is successfully completed (teams are meeting established operational targets)
Defining the operating model for the information security team using the ITIL framework and ITSM tools.
Reporting data in various formats showing the performance of the information security team and making recommendations for changes/improvements as needed to enhance performance.
Providing leadership and coaching for InfoSec team members as needed.
Establishing and managing relationships with 3rd party product and service providers as needed to accomplish defined goals.
Acting as technical sponsor for all projects within your areas of responsibility.
Ensuring information security project requirements, scope, budgets and timelines are well-defined.
Ensuring security projects are well-managed and are being executed as per established expectations.
Administrative aspects of people management for the InfoSec team including, but not limited to absence approval, performance management, hiring and termination.
Managing the operating budget for the InfoSec team as well as budgets for cybersecurity related projects.
Establishing and/or maturing formal standards and practices in the following areas:
Identity & Access Management (IAM)
Secure data capture
Secure data storage, transfer and retrieval
Data security policy development, training and risk management
Other related duties as assigned.

Knowledge

Strong working knowledge of various data security frameworks, including NIST, ISO and SOC.
Working knowledge of a wide range of technologies and best practices in securing them, including working knowledge of key concepts in:
Database encryption
Integration security
Server security and patch management
Firewalls and network security
Application security
Mitigating common infrastructure vulnerabilities
Expert knowledge of the key concepts in user and identity access management.
Working knowledge of security governance risk and compliance (GRC).
Working knowledge of the concepts of data privacy regulations, including FERPA requirements or similar regulated data classifications.
Knowledge of best practices in security training and awareness.
Strong knowledge of tools and techniques for data security and data recovery.
Working knowledge of technology budget planning and budget management concepts is critical.
Knowledge of standard accounting practices.
Knowledge of formal PMI-based project management practices.
Knowledge of ITIL-based IT Service Management (ITSM) concepts.

Skills

Extremely strong people management skills are required
Demonstrated expertise in IT project planning, development and implementation. Must be able to own multiple initiatives as a project sponsor and see them through to completion.
Highly skilled at vulnerability assessment, testing and reporting.
Managing external partners in the completion of project work as well as outsourced operational work.
Strong business and financial acumen.
Demonstrated expertise is various aspects of data security including access management, data obfuscation and data breach avoidance.
Excellent analytical, conceptual thinking and strategic planning skills.
Influencing skill, including the ability to show the business value of technical initiatives or extrapolate conceptual technical solutions for business problems such that non-technical audiences can see that value.
Excellent presentation skills.
Must be a self-starter who can not only operate with minimal direction, but who can also bring new ideas to the table and successfully lead and complete approved initiatives with minimal supervision.
Maintaining an established work schedule.
Effectively using interpersonal and communications skills.
Effectively using organizational and planning skills with attention to detail and follow-through.
Maintaining confidentiality of work-related information and materials.
Establishing and maintaining effective working relationships, including the ability to coordinate the work of others.

Required Work Experience

Five years of experience in Information Security roles of progressively increasing responsibility.
Five years of related work experience leading a Cybersecurity organization.
Five years experience in a technology leadership role where both project and operational budgeting was a key component of the job.

Preferred Work Experience

Fifteen years of experience in IT roles of progressively increasing responsibility with at ten of those years being in information security.
Seven years of related work experience leading Cybersecurity teams.
Five years experience leading a security team in a highly regulated industry such as healthcare or finance.

Required Education

Bachelor's degree in a technology or Business related field of study such as Computer Science, Information Technology, Business or Business Information Systems.
Experience cannot be substituted for required, applicable educational level.

Special Requirements

Valid Texas Driver's License and reliable transportation for travel in the Austin area as required.

Other Preferred Qualifications

Certified Information Systems Security Professional (CISSP) certification.
ITIL Foundation-level certification or above.
Unexpired PMP or equivalent PMI-based Project Management certification.

Physical Requirements

Work is performed in a standard office or similar environment.
Subject to standing, walking, sitting, bending, reaching, pushing, and pulling.
Occasional lifting of objects up to 10 pounds.

Safety

Supervise safe operation of unit. Facilitate safety inspections. Take reasonable and prudent actions to eliminate identified hazards. Ensure employees receive appropriate safety training and foster a workplace safety culture.

Number of Openings:
1

Job Posting Close Date:
May 2, 2024

Clery Act

As required by the US Department of Education, employees are required to report violations under Title IX and, under the Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act (Clery Act), select individuals are required to report crimes. If this position is identified as a Campus Security Authority (Clery Act), you will be notified, trained, and provided resources for reporting.

Disclaimer

The above description is an overview of the job. It is not intended to be an all-inclusive list of duties and responsibilities of the job, nor is it an all-inclusive list of the skills and abilities required to do the job. Duties and responsibilities may change with business needs. ACC reserves the right to add, change, amend, or delete portions of this job description at any time, with or without notice. Employees may be required to perform other duties as requested, directed, or assigned. In addition, reasonable accommodations may be made by ACC at its discretion to enable individuals with disabilities to perform essential functions of the job.

To apply, please visit: https://austincc.wd1.myworkdayjobs.com/en-US/External/job/Highland-Business-Center/Chief-Information-Security-Officer_R-5933

Apply Now