Aligning with the University Information Security Office, execute a risk-based informationÂ security program for the BSD, including items such as: access management, deviceÂ security, incident response, policies, training, risk management, security architecture,Â vulnerability management, PCI/HIPPA compliance, support data governance, dataÂ stewardship, and technical architecture review programs.
Guide and counsel the Assistant Dean BSD Information Technology Services andÂ organizational leaders on information security and its role in enabling mission activities andÂ managing IT Security risk, in both strategic and tactical contexts.
Review hardware, software, and services being considered for purchase or implementationÂ by BSDIS and other campus departments to assess security issues (strengths/risks) and assure proper information security features are incorporated to support university businessÂ needs; provide security requirements to be included in RFPs for software and services.
Review Data Use Agreements and Procurement Contracts for the BSD to ensure securityÂ measures are appropriately identified and managed.
Establish annual and long-range security and compliance goals. Define security strategies,Â metrics, reporting mechanisms and program services. Create maturity models and a roadmap for continual program improvements.
Engage with external communities and activities to maintain good perspective on information security practices at peer organizations and the threat environment, and toÂ promote and increase inter-organizational ability to address common problems.
Oversee the management and administration of all security systems and theirÂ corresponding software, including firewalls, VPNs, intrusion detection, cryptography,Â content filters, and anti-malware systems.
Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM).
Manage teams that research security alerts and anomalies and develop plans forÂ remediation. Regularly develop advance hunt techniques for the identification of threatÂ actors across the internal network. Create penetration testing plans, execute and remediateÂ findings.
Assume responsibility for digital forensics and eDiscovery tools, as well as perform dataÂ gathering to support internal and external litigation. Summarize and report results.
Ensure Information Security Programs are in compliance with the Family Education RightsÂ and Privacy Act (FERPA), HIPAA and FISMA, where appropriate.
Lead the development and implementation of effective and reasonable policies andÂ practices to secure protected and sensitive data and ensure information security andÂ compliance with relevant legislation and legal interpretation.
Lead efforts to assess, evaluate and make recommendations regarding the adequacy ofÂ security controls for the BSDâ™s information and technology systems, and establish aÂ process that guarantees rigorous and appropriate vetting and risk assessment.
Coordinate and track all information technology and security related examinations, auditsÂ and compliance assessments including scope, units involved, timelines, and outcomes.Â Work to keep focus in scope, maintain excellent relationships with these entities andÂ provide a consistent perspective that continually puts the BSD in its best light.
Develop a strategy for dealing with increasing number of examinations, audits, complianceÂ checks and external assessment processes.
Liaise with auditors, regulators and other examiner groups.
Partner with leaders of research activities, serve on leadership committees and be aÂ resource to others to offer solutions that proactively minimize security risk, liability, orÂ concerns utilizing a broad and inclusive view to help the organizational activities beÂ successful.
Pursue security initiatives to address unique needs in protecting identity theft, mobile socialÂ media security and online reputation program.
Promote and develop BSD awareness programs, e.g., identity theft pamphlets, phishingÂ awareness, and more.
Maintain strong working relationships with leadership and their teams to align information security practices across the campusâ™ IT infrastructure and services offices.
Proactive community involvement, with other industry and university groups, for addedÂ threat intelligence.
Motivate and lead a high performing ISO team, utilizing effective talent managementÂ practices to attract and retain team members. Ensure growth in cybersecurity skills withinÂ the team.
Manage cybersecurity personnel dedicated to research programs with advance dataÂ security requirements such as FISMA.
Manage relationships with third parties (vendors, suppliers, contractors, partners, etc.),Â external stakeholders (DHS, FBI) and others.
Maintain awareness of security threats, breaches and incidents in the industry and beyond,Â to proactively assess emerging threats to the BSDâ™s constituency, data and itsÂ environment.
Ensuring Â through the change management process that all technology changes are in complianceÂ with Security and Regulatory standards and appropriately identify risk and impact to theÂ organization.
Provide strategic direction for the Identity & Access Management standards for the delivery of identity and access for BSD employees and vendors to the organizationâ™s systems and applications.
Keep abreast of security incidents and act as primary control point during significantÂ information security incidents. Convene a security incident response team as needed, orÂ requested, in addressing and investigating security incidences that arise.
Convene Ad Hoc Security Committee as appropriate and provide leadership for breachÂ response and notification actions.
Conduct a continuous assessment of current IT security practices and systems and identifyÂ areas for improvement.
Manages managers and professional staff. Establishes performance goals, allocates resources and assesses policies for direct subordinates.
Executes functional business plans and helps determine functional strategy. Develops strategy for new technologies that address current and future needs.
Advises the development and delivery of data network and infrastructure options to the University that supports teaching, research, and administration. Directs the design, development, operation, extension, and maintenance of central IT infrastructure.
Performs other related work as needed.
Â Bachelorâ™s Degree in Information Technology, Information Systems Security, Cybersecurity, orÂ related field.
Must be an intelligent, articulate, consensus building, and persuasive leader who can serve as an effective member of the senior management team and communicate informationÂ security-related concepts to a broad range of technical and non-technical team members atÂ all levels of the organization.
Seven to ten years in a leadership role of combined IT and security work experience, with a broad exposure to infrastructure/network, cloud, endpoint and multiplatform environments.
Deep experience in all dimensions of Information Security and in leading within large,Â complex environments.
Proficiency in creating security and architectural strategy spanning enterprise organizations including web-scale environments, applications, and systems such as: ecommerce, onlineÂ marketing, online advertising, digital media, content management systems, content publishing systems, etc.
Overall knowledge of application and operating system hardening, vulnerabilityÂ assessments, security audits, intrusion detection, data-leak protection, firewalls,Â networking, VPN.
Understanding of risk assessment procedures, policy formation, role-based authorizationÂ methodologies, authentication technologies, and security attack pathologies.
Well versed in the implementation of security controls and understands key business andÂ technological processes, implementing effective risk mitigation strategies to protect theÂ confidentiality, integrity, and availability of information assets.
Direct experience or strong working experience managing security infrastructure â” e.g.,Â firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpointÂ protection, SIEM and log management technology.
Skilled in information security risk management, including but not limited to risk and gapÂ analysis, risk evaluation and ranking, mitigation strategy recommendation, and reporting onÂ the risk profile, and residual risk.
Licenses and Certifications:
Certified Information Security Manager (CISM),
Certified Information Systems Security Professional (CISSP),
Certified Ethical Hack (CEH), or
Certified Cloud Security Professional (CCSP),
Certified in Risk and Information Systems Control (CRISC)
Innovator - entrepreneurial in thinking, planning, and execution. Showcases proven analytical and problem-solving ability, particularly as it pertains to security platforms andÂ tools, non-disruptive implementation, risk assessment, compliance, analytics and reporting.
Communicator - Communicates consistently and transparentlyâ¦early and often. Seeks toÂ understand the needs, feelings, and capabilities of others. Is tactful, honest, and treatsÂ others with respect.
Catalyst for Change - Adapts, evolves and transforms through thoughtful experimentation and continuous learning. Seeks out opportunities to differentiate BSD and offer the highestÂ level of value.
Collaborator - Works with teams to deliver on BSDâ™s vision and shared goals. FindsÂ common ground with a wide range of stakeholders. Seeks the mutually beneficial solutionÂ for all constituencies.
Results Driven - Leads by setting challenging goals and aligning team members to them.Â Owns and delivers results. Tracks and validates accomplishments using appropriate metrics.
Talent Developer - Motivates and guides others to reach personal and organizationalÂ goals. Coaches, mentors and challenges in a way that inspires people to reach their fullÂ potential.
Â Â Â Ability to use a computer for extended periods.
Cover Letter (preferred)
The University of Chicago is an Affirmative Action/Equal Opportunity/Disabled/Veterans Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national or ethnic origin, age, status as an individual with a disability, protected veteran status, genetic information, or other protected classes under the law. For additional information please see the University's Notice of Nondiscrimination.
Staff Job seekers in need of a reasonable accommodation to complete the application process should call 773-702-5800 or submit a request via the Applicant Inquiry Form.
The University of Chicago's Annual Security & Fire Safety Report (Report) provides information about University offices and programs that provide safety support, crime and fire statistics, emergency response and communications plans, and other policies and information. The Report can be accessed online at: securityreport.uchicago.edu. Paper copies of the Report are available, upon request, from the University of Chicago Police Department, 850 E. 61st Street, Chicago, IL 60637.
One of the world's premier academic and research institutions, the University of Chicago has driven new ways of thinking since our 1890 founding. Today, UChicago is an intellectual destination that draws inspired scholars to our Hyde Park and international campuses, keeping UChicago at the nexus of ideas that challenge and change the world.