Skip to Main Content

Chief Information Security Officer

Below you will find the details for the position including any supplementary documentation and questions you should review before applying for the opening.  To apply for the position, please click the Apply for this Job link/button.

If you would like to bookmark this position for later review, click on the Bookmark link.  If you would like to print a copy of this position for your records, click on the Print Preview link.

Position Information

Position Information

Job Posting Number S00497
Position Title Chief Information Security Officer
Department VP of Information Technology-1133
Job Category Staff Posting
Position Type Full-Time
Position Details

This position is shared between Trinity College and Wesleyan University, reporting jointly to their respective Chief information Officer.

The Chief Information Security Officer (CISO) is responsible for establishing and maintaining an information security management program that meets compliance and regulatory requirements and aligns with the risk posture at each institution.

The CISO will work with executive management to determine acceptable levels of risk for each organization, and will collaborate with functional areas to implement practices that meet defined policies and standards for information security.

The ideal candidate is a thought leader, a consensus builder, and an integrator of people and processes.

While the CISO is the leader of the security program, s/he must also be able to coordinate disparate drivers, constraints, and personalities, while maintaining objectivity and a strong understanding that security is just one of the college’s activities.

The CISO should have a track record of competency in the field of information security or risk management, with several years of relevant experience, including some in a significant leadership role.

Responsibilities

Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.

Work directly with the functional areas to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout Trinity and Wesleyan to align security controls with business processes. Provide regular reporting on the current status of the information security program to enterprise risk teams and senior leaders as part of a strategic enterprise risk management program.

Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.

Facilitate information security governance through the implementation of a governance program, including the oversight of an information security advisory board.

Develop, maintain, and publish information security policies, standards, and guidelines. Oversee the approval, training, and dissemination of security policies and practices.

Ensure that security policies and programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.

Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.

Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security program.

Manage security incidents and events to protect corporate information assets, including intellectual property, regulated data and the colleges’ reputations.

Liaise with external agencies, such as law enforcement and other advisory bodies as necessary to ensure that the organization maintains a strong security posture.

Minimum Qualifications

Bachelors degree in business administration or technology related field and at least 5 years of experience or an equivalent combination of education and related work experience.

Related work experience includes a combination of risk management, information security and IT jobs with some in a leadership role. Employment history must demonstrate increasing levels of responsibility.

Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.

Poise and ability to act calmly and competently in high-pressure, high-stress situations.

Must be a critical thinker, with strong problem-solving skills, a high degree of initiative, dependability, and ability to work with little supervision.

Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard, Family Educational Rights and Privacy Act (FERPA).

Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.

Preferred Qualifications

Project management skills: financial/budget management, scheduling and resource management.

Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST.

Experience with contract and vendor negotiations.

Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.

Management Competencies Not Applicable
Competencies Customer focus, Decision quality/ judgment, Flexible/receptive to change, Functional/technical skills, Respects diversity, Service to the Wesleyan community, Commitment to sustainability
Special Instructions to Applicants
Additional Information

Any and all offers to external applicants are contingent on the candidate’s completion of a pre-employment background check screening to the satisfaction of Wesleyan University.

Supplemental Questions

Required fields are indicated with an asterisk (*).

  1. * Please tell us how you specifically heard about this position? ( e.g CareerBuilder, LinkedIn, Higher Ed, InsideHigher Ed, CT.Jobs etc.)

    (Open Ended Question)

Optional & Required Documents

Required Documents
  1. Cover Letter
  2. Resume
Optional Documents