Associate Vice President for Information Security/CISO
Primary Purpose: Reporting to the Vice President of Technology and Chief Information Officer, the Associate Vice President for Information Security provides strategic and policy leadership in the implementation and management of the university Information Technology (IT) Security program. Provides ongoing direction for developing, deploying, maintaining, operating, educating on, and evolving the University's IT security architecture, controls, standards, processes and procedures.
Essential Functions: 1. Serves as the Pacific Technology Chief Information Security Officer (CISO) supporting the Vice President/CIO and executive leadership team on matters of information security.
2. Provides technical leadership and non-technical leadership, including education, to ensure and increase university information security awareness.
3. Provides leadership in establishing University information security architecture, controls, standards, policies, processes and procedures.
4. Develop an information security vision and strategy that is aligned to the universitys priorities and enables and facilitates the institutions business objectives, and ensure senior stakeholder buy-in and mandate.
5. Create a risk-based process for the assessment and mitigation of any information security risk in the universitys ecosystem.
6. Provides academic and business units with information security risk assessments and provides or assists with the development and deployment of protective measures.
7. Work with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
8. Collaborate and liaise with the compliance officer(s) to ensure that data privacy and compliance requirements are enforced where applicable.
9. Oversees the monitoring of University-wide security tools and investigates breaches of security controls, taking action according to University established process and procedure.
10. Ensures that disaster recovery and business resumption plans exist in alignment with the business (i.e. Business Impact Analysis, Business Continuity, etc.) regulatory requirements (i.e. Health Insurance Insurance Portability and Accountability Act, Family Educational Rights and Privacy Act, etc.).
11. Works with the CIO, appropriate IT committees, regents, university executives, Deans and top administrators in administrative departments and divisions to ascertain University information security priorities. Works with the Pacific Technology budget office on funding for identified priorities.
12. Directs multiple complex information security development projects, information identity and access management processes, and manages information security systems so that the day-to-day IT functions of the University supporting teaching, learning, scholarship and administration can work securely.
13. Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
14. Create and manage a targeted information security awareness training program for all students, faculty and staff and establish metrics to measure the effectiveness of this security training program for the different audiences.
15. Understand and interact with university regents, administrative and academic units through committees to ensure the development of and consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
Certifications such as CISSP (Certified Information System Security Professional), CISM (ISACA Certified Information Security Manager) or CISA (ISACA Certified Information Security Auditor) are preferred.
Experience working in an IT department at higher education institutions preferred.
Skills/Knowledge and Expertise:
Proven and extensive experience in planning, organizing, developing and implementing IT security strategies and related initiatives.
Should have strong leadership, management and team building skills.
Proficiency in IT security management, industry best practices and standards.
Proven ability to identify, prioritize and communicate impact of IT security initiatives.
Substantial knowledge and exposure in developing and testing business continuity and disaster recovery plans.
Considerable experience in and knowledge of IT security auditing.
Proven ability to measure, monitor and report on the success of IT security related initiatives.
Understanding of effective IT security system and network architectures, concepts, techniques and tools.
Understanding and experience managing network and system security components such as firewalls and intrusion detection/prevention systems.
In depth knowledge of applicable IT security related laws and regulations.
Substantial exposure to the operation of institution wide networks, systems and applications.
Proven ability to work effectively in a coordinating role across multiple constituencies to achieve tactical and strategic goals.
Proven ability to direct the development and implementation of short-and-long-term cohesive IT security strategies.
Ability to work effectively with administrators, faculty and staff.
Excellent oral and written communication skills.
Self-motivated and self-directed/driven.
Excellent analytical, evaluative and problem solving capabilities.
Positive attitude, proven ability to work successfully with diverse populations and demonstrated commitment to promote and enhance diversity and inclusion.
Physical Requirements: The physical demands described here are representative but not definitive of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Requires extended periods of sitting and repetitive hand/wrist motion while using computer keyboard and phone. Occasional standing, walking, climbing stairs, bending, stooping and reaching. Occasional lifting up to 40 pounds.
Work Environment/Work Week/Travel: Work is primarily performed in a standard office environment with use of computer and phone. Exposure to noise, warmer and cooler temperatures when working in closets, data centers or construction environments. Work performed during standard business hours, additional work hours may be required to meet business needs and deadlines. Travel expected for purpose of meeting with clients, stakeholders or training.
Valid drivers license required. Incumbent must also be able to meet the Universitys fleet rules and be eligible to drive for University business. The University and its insurance carrier reserve the right to exclude applicants based on their driving record.
Hiring Range: Commensurate with experience, exempt
Background Check Statement: Applicants who are selected as final possible candidates must pass a criminal background check.
Drawing on its rich legacy as the oldest chartered university in California, Pacific is a student-focused, comprehensive educational institution that produces outstanding graduates prepared for personal and professional success. Our student body thrives in Pacific's small classes and dynamic cultural environment, while our distinguished alumni are transforming their communities every day.
University of the Pacific is a nationally ranked university with a long tradition of dedicated teaching, small class sizes, practical experience and vibrant residential life. The breathtaking main campus in Stockton, California is home to seven schools and colleges, with more than 80 majors and programs of study. Pacific also has the McGeorge School of Law in Sacramento and the Arthur A. Dugoni School of Dentistry in San Francisco. Total university enrollment is nearly 7,000, with 3,757 undergraduates in an average class size of 19 and a student/faculty ratio of 14:1. Eighty-seven percent of students come from California, with 35 other states and 25 foreign countries also represented.