The Division of Information Technology (DoIT) promotes Northern Illinois University (NIU) student career success through the creative and efficient use of information technology that supports teaching and learning, administration, and research at all of NIU's campuses. This central IT division manages administrative and academic computing, identity management and security, telecommunications, and the NIU network.
NIU is located approximately 55 miles from downtown Chicago and is a short drive from the vibrant western suburbs and Rockford metropolitan area. DeKalb is a safe and affordable environment with a high quality of life. The university’s main campus is set on 756 acres of rolling country land, featuring two lagoons, several museums, and a broad variety of cultural activities. NIU offers extensive benefits including expansive vacation and medical leave, educational resources, fitness programs, and child care. View www.niu.edu/hrs/benefitsfor more information.
Function of the Job
Northern Illinois University is seeking a highly skilled Chief Information Security Officer (CISO) who is driven to protect the university’s brand by safeguarding its information. NIU offers a complex operational environment in which over 20,000 faculty, students, and staff live, learn, work, and conduct far-ranging academic research. The NIU community also includes over 100,000 alumni and student applicant accounts and over 500 community anchor institutions such as schools, hospitals, and local governments who use NIU’s multiple broadband networks. NIU also has three extension centers located in Naperville, Rockford, and Hoffman Estates and contains 42 academic departments across seven colleges that offer 55 undergraduate majors, 80 graduate degree programs, 22 doctoral programs, and the Juris Doctorate. The CISO works continuously to protect NIU’s brand and maintain an optimal balance between the university’s tolerance for risk and the desire to have a business and residential environment in which it is easy to conduct both work and personal business. In this role, the CISO will assist other senior leaders in making NIU a premier student-centered, research-focused public university, contributing to the advancement of knowledge for the benefit of the people of the region, the state, the nation, and the world.
At NIU, the CISO has ownership and accountability for the information security policies, processes and procedures that ensure NIU compliance with applicable international, federal and state laws and regulations. The CISO partners with non-IT entities throughout the institution in order to foster compliance with regulations such as the Federal Information Security Modernization Act (FISMA); the Family Educational Rights and Privacy Act (FERPA); the Health Insurance Portability and Accountability Act (HIPAA); the Payment Card Industry (PCI) Data Security Standards; the Illinois Personal Information Protection Act (PIPA); and others. The CISO also works with the Internal Audit Department, the Office of General Counsel, the Ethics and Compliance Office, the NIU Board of Trustees, the Illinois Auditor General’s Office, and other outside consultants to support auditing efforts and remediate audit findings. The CISO continuously advocates for a perspective that puts the university in its best light and tracks to successful resolution any findings that may result.
As a senior leader in the university, this position guides and mentors managers and staff as needed in order to create, perform, manage, and optimize enterprise-wide IT services or operational processes. The CISO communicates frequently with executive stakeholders to create trust and transparency between IT and functional units. The CISO demonstrates his/her commitment to diversity, equity and inclusion by establishing a rapport with diverse populations, addressing concerns of diverse communities within NIU, and incorporating best practices in order to establish inclusive working groups and environments.
This position reports to the Associate Vice President for IT and Chief Information Officer and is responsible for a team budget of over a million dollars and directly manages a staff of five.
Duties and Responsibilities
The Chief Information Security Officer will be primarily focused on protecting and safeguarding NIU’s brand and information. Relevant duties include, but are not limited to:
Continuously Develops, Improves and Implements a Framework of Security Controls
Establishes and follows a multi-year plan for adopting and optimizing information security within and outside of the central IT division.
Defines, manages, and optimizes the IT architecture and security processes of the institution.
Establishes controls across the full spectrum of security and leads efforts to make recommendations regarding the adequacy of security controls.
Authors and wins approval for policies relating to information security and privacy.
Mentors and guides IT staff and managers in basic through advanced methods of assuring protection of assets from unauthorized modification, disclosure, or destruction.
Builds relationships through communication that lead to widespread adoption of established systems, practices, and policies.
Leads Administrative Proceedings and Information Security Investigations
Designs, promotes and ensures compliance with privacy standards, laws and regulations.
Designs, creates, and uses policies, plans, and procedures to conduct information security investigations in conjunction with campus leaders in the Office of General Counsel, the Department of Police and Public Safety, Human Resource Services, and others as required.
Ensures that security incidents and investigatory documents are properly documented, processed, and stored in accordance with university policy and applicable federal and state regulations.
Actively Supports and Coordinates Internal and External Audits and Assessments
Assesses internal compliance, both inside and outside the central IT division and prioritizes short, medium, and long-term plans to improve compliance.
Coordinates and tracks all IT and security related audits including scope, units involved, timelines, agencies, and outcomes.
As resources are available, brings business analyst capabilities into play to improve business practices as well as assure security.
Assists project managers and senior leaders in skillfully managing executive stakeholders across the entire project portfolio.
Assures Education and Awareness for End Users
Develops, designs, and provides staff training and awareness programs throughout campus to raise levels of knowledge and proficiency in best practices for IT work.
Chairs or participates in cross-functional governance and advisory committees to advance the incorporation of security systems and business practices in new projects and current operations.
Using an accepted framework for organizational change management, arranges security campaigns that use multimodal communication to move users from resistance to acceptance and behavioral change.
Builds Communities of Practice
Wins support for information security techniques even among those who are resistant.
Finds ways to spread good practices, both through formal and informal means.
Encourages and creates process development techniques to encourage wider adoption of good security practices.
The successful candidate will have achieved a Bachelors or advanced degree in computer science, information technology, MIS, engineering, or another technology or security field. The successful candidate will also have 15 years of work-related experience, with at least 10 years related to implementing security policies, security standards, security incident response and remediation, and enterprise risk management. The successful candidate will have demonstrated knowledge of federal security regulations such as FERPA, HIPAA, PCI DSS, and FISMA and possess at least one of the following certifications: CISSO, CISSP, CISM, CHP, CGEIT, CSCS, ISSAP, ITIL Foundations.
It is preferred the successful candidate will possess at least two of the following certifications: CISSO, CISSP, CISM, CHP, CGEIT, CSCS, ISSAP, ITIL Foundations. It is also preferred the successful candidate will possess ITIL Intermediate v3 certifications dealing with service strategy, service operations and continual service improvement. It is preferred the successful candidate will possess exceptional interpersonal, analytical, and communication skills. It is also preferred the successful candidate will demonstrate a proven ability to train and mentor teams in areas of security awareness, ethical hacking, security frameworks and standards, and similar disciplines.
Required Applicant Documents*
List of References
Copy of certifications
*Note, a copy of official college transcripts will be required at hire
Please submit application and documents through NIU online employment system at
In accordance with applicable statutes and regulations, NIUis an equal opportunity employer and does not discriminate on the basis of race, color, national origin, ancestry, sex, religion, age, physical and mental disability, marital status, veteran status, sexual orientation, gender identity, gender expression, political affiliation, or any other factor unrelated to professional qualifications, and will comply with all applicable federal and state statutes, regulations and orders pertaining to nondiscrimination, equal opportunity and affirmative action.
In compliance with federal law, all persons hired will be required to verify identity and eligibility work in the United States and to complete the required employment eligibility verification document from upon hire.