Chief Information Security Officer and Senior Director of Information Security
Northwestern University (www.northwestern.edu) invites nominations and applications for the position of Chief Information Security Officer (CISO) and Senior Director of Information Security. The Senior Director of Information Security, who serves as Northwestern University’s Chief Information Security Officer (CISO), is responsible for the ongoing development and delivery of a comprehensive, University-wide information security strategy and program that adequately protects information assets, aligns with and supports the risk posture of the University, and meets related compliance and regulatory requirements. Reporting to the Vice President of Information Technology (VPIT) and functioning as a senior leader of Northwestern Information Technology, the CISO advocates for the University’s total information security needs and works with business and technology leaders across the University to assess and manage risks while balancing security strategies with other University priorities.
In Northwestern’s decentralized environment, and leading a staff that represents only a fraction of the information-security resources working across the University, the CISO leads by influence and subject-matter expertise more than positional authority. The CISO will bring stakeholders together in a new level of commitment to best practices in information security that appropriately balance mission, risk, and regulation. Creating and sustaining this commitment will entail broad and proactive engagement across the University, active collaboration with IT partners and colleagues, a revamped governance structure for addressing information security, and the ability carefully to leverage the support of executive leadership and the Board of Trustees in their attention to enterprise risk, resource deployment, financial sustainability, and overall institutional strategy. Ultimately, the CISO will increase Northwestern’s information-security management by leading the development of appropriate new policies and practices, ensuring their broad adoption, and verifying a new level of adherence to policy and practice norms.
The success of the CISO will be evaluated against a number of primarily qualitative considerations, including the engagement and productivity of the information-security governance model, the efficiency with which relevant policy is updated and adopted, and degree to which policy and practice initiatives led by Northwestern IT improve the University’s overall information-security posture.
The ideal candidate will be an adaptable, innovative leader with the capacity to establish and deliver a measurable value proposition to current and future campus partners and customers within the overall vision for Northwestern IT in its role in advancing the University’s mission. Success in the role requires a range of qualities and experiences and a core set of interpersonal skills that will enable success in the University’s decentralized organizational model:
Past experience in developing and implementing information security practices in a university or in an equally highly-decentralized non-profit, corporate, or government environment.
Preferred Additional Qualifications
An understanding of university business and academic technology approaches and requirements; an advanced degree in information technology; information security certifications such as CISSP, CISM, CIPP.
Northwestern University is an Affirmative Action / EEOC employer. Women and members of minority groups are encouraged to apply. Northwestern has retained Opus Partners to support this search.
To access a fuller account of the role, click on https://adobe.ly/2kql5Ic. Every effort will be made to ensure candidate confidentiality through the search process.