Chief Information Security Officer

Position Summary
The CISO has enterprisewide leadership responsibility for establishing and maintaining information security policies and standards executing IT risk management processes guiding efforts to identify detect and respond to security threats and maintaining the confidentiality integrity and availability of University information resources. The CISO will: Develop and implement a strategic longterm information security strategy to ensure that UNC Greensboros information resources are adequately protected. Lead the development of comprehensive information security policies procedures standards and guidelines and oversee their approval dissemination and maintenance. Ensure that the information security management program enforces compliance with applicable policies laws regulations and contractual requirements. Lead efforts to monitor and maintain compliance with FERPA HIPAA GLBA PCI DMCA GDPR and other applicable laws and regulations as well as University and UNC System policies. Work to strike an optimal balance between the necessity for business and pedagogical functionality with the need for security safety and data privacy in all aspects of University operations. Identify evaluate and report on information security risks program developments and improvement projects to the executive committees and the Board of Trustees and provide subject matter expertise on security standards and best practices. Work with senior leaders across the university to identify and assess IT risks establish risk tolerance navigate risk acceptance processes monitor remediation efforts and implement mitigating and compensating controls necessary to reduce IT risks to acceptable levels. Act as the champion for the enterprise information security program and foster a securityaware culture through creative and effective efforts towards ongoing Security Awareness Training & Education SATE . Develop mentor lead and manage a highperforming crossfunctional team of information security risk and compliance professionals. Be an active participant and take a leadership role in relevant councils committees and working groups in areas related to IT Governance Information Security Data Governance Identity & Access and Privacy. Supervise all aspects of security operations for the daily defense of the University including monitoring detection investigation and response to attacks vulnerabilities and emergent threats. Oversee the evaluation selection and implementation of information security solutions that are innovative costeffective and minimally disruptive. Partner with enterprise architects infrastructure engineers and application development teams to ensure that UNCG technologies are developed and maintained according to security policies frameworks and guidelines. Supervise efforts to satisfy regulatory requirements including of internal and external IT audit activities and implementation of remediation actions. Develop businessfocused metrics to measure the effectiveness of the information security program and work to increase the maturity of the program over time. Monitor the industry and external environment for emerging threats and advise relevant stakeholders on appropriate postures in response to the changing threat landscape. Liaise with law enforcement and other advisory bodies as necessary to ensure that the organization maintains a strong security posture. Oversee incident response planning and the investigation of security breaches and assist with any associated disciplinary public relations and legal matters. Oversee and lead the creation communication and implementation of a process for managing vendor risk and other thirdparty risk.

Minimum Qualifications
Bachelors Degree or higher with a major in computer science information technology business or public administration or related disciplines; OR equivalent combination of education and/or experience Deep expertise and technical knowledge in the information security and risk management domains 10 years of experience managing an information security area program or office with a proven track record of creating and maintaining information security practices and/or services Demonstrated recent experience and achievements with managing and prospering a comprehensive information security program including wellknown IT and information security standards (i.e. ISO 27001/2 COBIT auditable compliance policy governance data management and risk management Ability to effectively communicate security concepts and strategies and influence bestpractice adoption to a wide variety of audiences Knowledge of Higher Education policies and best practices in regard to FERPA HIPAA FISMA GLBA and other regulations Strong customer service ethic Demonstrated recent experience in a senior leadership role with accountability to executive management Outstanding communication abilities both written and verbal

Work Environment
Inside c