Body
Reporting to the Chief Information Officer, the Chief Information Security Officer (CISO) provides administrative leadership to the IT Security Department, a department within the Division of Information Technology. The CISO plays a pivotal role in safeguarding the institution's digital assets and sensitive data, and requires a deep understanding of cybersecurity principles, risk management, and compliance with data protection regulations. The CISO is responsible for crafting and executing a robust cybersecurity strategy aligned with the college's mission and objectives, leading a well-trained and equipped cybersecurity team, providing leadership toward a secure digital environment, preserving the integrity of student and staff information, and protecting against cyber threats. This position manages the IT Security budget which includes staff, professional development, and related contractual services. As part of the IT Leadership Team, the CISO must effectively communicate and collaborate with leadership, faculty, and staff across the College to support strong partnerships between IT and the campus community. The CISO represents the Division of Information Technology on College committees and working groups, ensuring that IT is positioned to meet the current and future needs of GRCC.
Requisition ID:
Position Number: 00001931
Employee Group: APSS CEBA GRCC Police Adjunct Faculty Professional, Management and Administration
Schedule: 40 hours/52 weeks
Compensation:
Benefits: Full-time Part-time Limited Benefits
Reports to:
Posting Opens:
Posting Closes:
ESSENTIAL FUNCTIONS
-
Collaborate with senior management to align security strategies with overall business objectives
-
Maintaining the trust of students, staff, and stakeholders while facilitating the institution's continued growth and innovation
-
Provide guidance and leadership to IT teams to ensure security measures are integrated into all technology solutions
-
Work closely with legal and compliance teams to ensure adherence to relevant regulations and data protection laws
-
Assist in assessing and mitigating security risks within the organization
-
Establish and maintain relationships with external security organizations, vendors, and partners
-
Oversee the recruitment, training, and management of information security professionals
-
Develop and enforce security policies, standards, and procedures throughout the organization
-
Lead the response to security incidents and coordinate activities to minimize damage and recover from breaches
-
Oversee the development and implementation of security awareness programs for employees
-
Manage regular security assessments, penetration testing, and vulnerability management processes
-
Establish and oversee policies and procedures related to risk management
-
Oversee the evaluation and deployment of security technologies and solutions
-
Develop and manage the information security budget, ensuring cost-effective allocation of resources
-
Analyze the return on investment for security initiatives and technologies
-
Ensure the confidentiality, integrity, and availability of the organization's data and information assets
-
Maintain the organization's reputation and customer trust by safeguarding against data breaches and cyber threats
-
Ensure adherence to relevant data protection laws and industry regulations, mitigating potential legal and financial risks
-
Lead incident response efforts to minimize security breaches and recover from incidents
-
Ensure the organization's compliance with relevant regulations and standards (e.g., GLBA, HIPAA, FERPA)
-
Evaluate, implement, and manage security technologies, including firewalls, intrusion detection systems, and encryption, in collaboration with the Infrastructure Department
-
Promote a culture of security awareness and training throughout the organization
-
Identify, assess, and mitigate security risks to protect the organization from cyber threats
-
Develop and maintain departmental IT procedures and contribute to IT Division and GRCC policies
-
Contribute to and provide leadership in the creation and review of the Division of Information Technology service catalog, goals, priorities, and strategic plan
-
Participate in the development and maintenance of the disaster recovery plan for the College’s computing and telecommunications infrastructure
-
Prepare responses to mandated audits
-
Regular attendance during normal scheduled hours is required. Being present is essential for serving customers and performing the essential functions of this position
-
Performs other related duties as assigned
JOB SPECIFICATIONS
Educational Credentials
-
Bachelor's degree in Information Technology, Information Security or related discipline required
-
Masters in related field preferred
-
1 or more certifications desired: CISSP, GCIA, GSLC, Security+, Server+, GCFE, GCFA
- National Career Readiness Certificate (NCRC) preferred
Work Experience
Skills
-
A deep understanding of cybersecurity principles, technologies, and best practices is crucial. The CISO should have expertise in areas like network security, threat analysis, encryption, and risk assessment
-
Ability to develop and implement a comprehensive cybersecurity strategy that aligns with the organization's business objectives
-
Strategic thinking, anticipating emerging threats, and planning for long-term security
-
Strong leadership skills are necessary for building and leading a skilled cybersecurity team; recruiting, training, retaining talent, and fostering a culture of security within the organization
-
Assessing and mitigating cybersecurity risks, identifying vulnerabilities and making informed decisions
-
Understanding relevant data protection laws and industry-specific standards., ensuring adherence
-
Ability to communicate complex cybersecurity concepts to non-technical stakeholders, executive team, and the board of directors
-
Building relationships with internal and external partners
Physical Demands
-
Precise hand-eye coordination and fine motor skills are necessary for tasks such as configuring security settings, typing detailed reports, and performing data analysis
-
While the job is predominantly desk-based, the CISO may occasionally need to move within the office to attend meetings, collaborate with colleagues, or access equipment in server rooms or data centers. This may involve walking, standing, or climbing short flights of stairs
-
The role may occasionally require lifting or carrying lightweight equipment such as laptops, mobile devices, or cables
Mental Demands
-
Must manage stress effectively to make sound decisions under pressure such as during security incidents
-
Must be able to maintain confidentiality and use good judgment in handling sensitive or difficult situations
-
Must possess strong analytical skills to evaluate complex systems, identify vulnerabilities, and assess potential threats
-
Must be detail oriented and be meticulous in your work
-
Must be adept at troubleshooting and finding innovative solutions to resolve security issues promptly
Working Conditions
-
GRCC will comply with any mandated health and safety requirements. Compliance information is available on our policies website.
-
The work environment is typically indoors, within a climate-controlled office setting. The CISO may occasionally need to work in server rooms, which may have specific environmental conditions such as temperature and noise control
-
Extensive use of a computer, including typing, using a mouse, and viewing a computer screen, is a fundamental aspect of the job
-
Job duties may necessitate the CISO to be available for on-call and/or reachable during emergencies, such as cybersecurity incidents