Chief Information Security Officer

The Chief Information Security Officer (CISO) will be responsible for overseeing the development, implementation, and use of information security and cybersecurity resources and practices throughout the organization. This position will play a crucial role in guiding the university’s strategic IT initiatives to enhance productivity, efficiency, and security. Minimum Education and Experience Master’s degree in Management Information Systems, Computer Science or Engineering or equivalent experience. Relevant industry experience, aptitude, and the ability to learn while applying knowledge and skill-sets is important. At least 10 years of experience in information security and/or network/security management. At least 7 years of experience in managing information security, technology risk or compliance personnel. Proven experience with technology risk assessment and regulatory compliance, such as FERPA, GLBA, HIPAA, PCI DSS, DMCA, GDPR, Illinois Personal Information Protection Act, and similar regulations. Familiarity with security concepts such as defense-in-depth, the principle of least privilege, access controls, risk management, and mitigating controls required. Demonstrated skills related to business continuity and disaster recover planning. Experience in Higher Education is a plus, but not required. Experience with IT frameworks such as NIST or the ISO 27000 series is a plus, but not required. Duties & Responsibilities General Responsibilities Strategic Oversight: Develop and implement an IT strategy that aligns with the organization’s business goals and objectives, ensuring the efficient and secure operation of all IT systems and processes. Leadership and Management: Lead and manage the IT department and/or unit, including hiring, training, and developing IT staff. Foster a culture of innovation, collaboration, and continuous improvement. Innovation and Emerging Technologies: Stay current with industry trends and emerging technologies, evaluating their potential impact on the organization and recommending strategic investments. Budgeting and Cost Control: Develop and manage the UISO’s budget, ensuring cost-effective use of resources and adherence to financial goals. Compliance and Risk Management: Ensure the organization’s IT systems comply with relevant regulations and standards, managing risks associated with technology use. Relationship Management: Establish and maintain relationships with IT vendors and service providers, negotiating contracts and ensuring the delivery of quality services. Position Specific Responsibilities Provide strategic and operational leadership of all functions for University Information Security Office (UISO). Demonstrate a commitment to Loyola’s mission and strategy by supporting the ITS core values of service excellence for university strategic initiatives and continuous development/improvement. Develop and implement plans to ensure institutional compliance with applicable laws, regulations and requirements related to information security. Create and manage the university’s information security program and establish relevant security metrics. Acts as an independent reviewer to ensure that technology compliance issues and concerns within Loyola University Chicago are being appropriately evaluated, investigated and resolved. Coordinates the creation, testing and execution of business continuity and disaster recovery plans across the Loyola University Chicago departments and schools. Regularly communicate in writing and in-person to end users and resource contributors about the state of information security, security expectations and on-going information risk status. Identify staff development/training plans, as well as succession planning, for the UISO staff. Participate in relevant professional activities, including involvement in university-wide and participation in external professional organizations. Perform other duties as required. #J-18808-Ljbffr