Chief Information Security Officer and Senior Director of Information Security

Northwestern University (www.northwestern.edu) invites nominations and applications for the position of Chief Information Security Officer (CISO) and Senior Director of Information Security. The Senior Director of Information Security, who serves as Northwestern University’s Chief Information Security Officer (CISO), is responsible for the ongoing development and delivery of a comprehensive, University-wide information security strategy and program that adequately protects information assets, aligns with and supports the risk posture of the University, and meets related compliance and regulatory requirements.  Reporting to the Vice President of Information Technology (VPIT) and functioning as a senior leader of Northwestern Information Technology, the CISO advocates for the University’s total information security needs and works with business and technology leaders across the University to assess and manage risks while balancing security strategies with other University priorities.

In Northwestern’s decentralized environment, and leading a staff that represents only a fraction of the information-security resources working across the University, the CISO leads by influence and subject-matter expertise more than positional authority. The CISO will bring stakeholders together in a new level of commitment to best practices in information security that appropriately balance mission, risk, and regulation. Creating and sustaining this commitment will entail broad and proactive engagement across the University, active collaboration with IT partners and colleagues, a revamped governance structure for addressing information security, and the ability carefully to leverage the support of executive leadership and the Board of Trustees in their attention to enterprise risk, resource deployment, financial sustainability, and overall institutional strategy. Ultimately, the CISO will increase Northwestern’s information-security management by leading the development of appropriate new policies and practices, ensuring their broad adoption, and verifying a new level of adherence to policy and practice norms.

The success of the CISO will be evaluated against a number of primarily qualitative considerations, including the engagement and productivity of the information-security governance model, the efficiency with which relevant policy is updated and adopted, and degree to which policy and practice initiatives led by Northwestern IT improve the University’s overall information-security posture.

Candidate Profile

The ideal candidate will be an adaptable, innovative leader with the capacity to establish and deliver a measurable value proposition to current and future campus partners and customers within the overall vision for Northwestern IT in its role in advancing the University’s mission. Success in the role requires a range of qualities and experiences and a core set of interpersonal skills that will enable success in the University’s decentralized organizational model:

• BS degree in a technical discipline (e.g., Information Technology, Information Systems, Computer Science), or equivalent combination of training, education and experience from which comparable skills can be acquired.
• 10 years of experience in information security operations; seven years of experience in managing a team of information security specialists.
• Experience as a leader and/or developer of a comprehensive security plan.

• A strong background in developing and managing an information security program and a proven track record of implementing organization-wide solutions that adequately protect information assets.

• A solid understanding of information security concepts, threats, and technologies, including industry standards and best practices.
• Knowledge and understanding of relevant legal and regulatory requirements related to data and information.
• Proficiency in developing information security policies and procedures that adequately balance security concerns with the organization’s practices and priorities.
• A proven track record in recruiting, directing, motivating and guiding the development of a team of information security professionals.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and no technical audiences, including University senior management and the Board of Trustees.
• Ability to establish and maintain respectful and effective relationships with management, co-workers, and customers and to act calmly and competently in high-pressure, high-stress situations.
• Demonstrated ability to analyze problems from multiple points of view, to lead consensus building within groups with differing views in a decentralized institution, and to translate the final agreement into cooperative planned action.

Past experience in  developing and implementing information security practices in a university or in an equally highly-decentralized non-profit, corporate, or government environment.

Preferred Additional Qualifications

An understanding of university business and academic technology approaches and requirements; an advanced degree in information technology; information security certifications such as CISSP, CISM, CIPP.

Northwestern University is an Affirmative Action / EEOC employer. Women and members of minority groups are encouraged to apply. Northwestern has retained Opus Partners to support this search.

Please email expressions of interest, applications, and nominations to Craig Smith, Partner (craig.smith@opuspartners.net) or Jeffrey Stafford, Senior Associate (jeffrey.stafford@opuspartners.net).  

To access a fuller account of the role, click on https://adobe.ly/2kql5Ic. Every effort will be made to ensure candidate confidentiality through the search process.