Chief Information Security Officer

Job No: 554597; 01/22/2026

CHIEF INFORMATION SECURITY OFFICER

California State University Los Angeles invites applications for the above Administrator III position.

The University: California State University Los Angeles (Cal State LA) is one of 22 campuses within the California State University system. The University is the premier comprehensive public university in the heart of Los Angeles. We offer nationally recognized programs and our faculty have a strong commitment to scholarship research creative pursuits and service.

As a federally recognized Hispanic-serving (HSI) and Asian-American Native American and Pacific Islander-serving institution (AANAPISI) Cal State LA recognizes the transformative power of education and embraces its duty to identify and serve the needs of all of its students. The University is committed to creating a community in which a diverse population of students faculty and staff can thrive.

The Position:

The Chief Information Security Officer (CISO) is responsible for overseeing managing and safeguarding Cal State LAs information security posture and meeting the security control requirements of the applicable Federal State and local compliance mandates. This includes establishing information security visions strategies architecture governance and capability roadmaps developing and implementing comprehensive information security policies procedures and programs conducting regular security assessments audits and penetration testing and responding to security incidents. Reporting directly to the Vice President this pivotal role entails exercising enterprise-wide authority to ensure compliance with university information security policies and IT risk management practices consistent with industry standards and governmental regulations. The CISO also serves as a strategic advisor to the universitys executive leadership on information security matters.

This comprehensive role involves a strategic and multifaceted approach to information security data governance risk management and regulatory compliance contributing significantly to the universitys overall cybersecurity posture and resilience. As an advocate for Cal State LAs overall information security needs and awareness planning the ClSO provides vision and leadership for developing and supporting security and compliance initiatives.

The incumbent serving as the CISO directs the planning and implementation of security controls for enterprise IT systems business operations and facility defenses against security breaches and vulnerability issues. Additionally the CISO is responsible for auditing existing systems and overseeing the administration of security policies activities and standards to meet the applicable IT and regulatory compliance mandates.

The incumbent works closely with the legal audit and Human Resources Management (HRM) to assist with non-retention investigation e-discovery and litigation requirements. Incumbent serves as the campus security and compliance liaison on various committees including the CSU Information Security Advisory Committee (ISAC) and CSU system-wide information security initiatives.

Key Responsibilities of the CISO:

In collaboration with the universitys executive leadership the CISO plays a pivotal role in defining acceptable levels of information security risk aligning cybersecurity strategies with institutional objectives and ensuring the universitys overall resilience against cyber threats and regulatory compliance requirements. Key responsibilities encompass:

Identify risks and IT security and compliance requirements and priorities: Collaborate with executive management to establish acceptable risk profiles balance security measures with operational needs and business objectives identify and remediate security-related compliance gaps establish security and compliance governance processes to ensure security and compliance solutions are appropriate and resources are allocated based on the priorities of the university business objectives.

Protect the information assets and reputation of the university from cyberattacks: Design implement and maintain a comprehensive campus-wide information security management program encompassing policies procedures practices and capabilities to safeguard sensitive data and critical infrastructure. Conduct security awareness program to educate Cal State LA user community to protect themselves from phishing and/or cyberattacks.

Detect cyber threats attacks system vulnerabilities and security-related non-compliance issues: Enhance technical capabilities to improve cyber threat detection effectiveness. Develop IT security talents to identify symptoms of cyberattacks. Establish security threat detection processes to monitor cyber risks and vulnerabilities. Lead the assessments and security health check efforts on regulatory compliance mandates including FERPA PII GLBA GDPR PCI DSS and HIPAA.

Respond to security incidents and cyberattacks: Maintain up-to-date Incident Response Management Plans and improve the universitys incident response readiness via CSIRT training and tabletop exercises. Lead the incident response efforts perform investigation coordinate remediation activities and ensure effective communication with stakeholders during and after security breaches or cyberattacks. Collect evidence for cyber incidents to enable post incident activities.

Restore disrupted systems and business capabilities after cyber incidents: Coordinate with Infrastructure Team to back up critical systems and sensitive data to enable quick and comprehensive restoration of systems after cyber-attacks or system disruption.

Strategic Planning and Prioritization: Actively participate in IT strategic planning initiatives projects and resource allocation decisions prioritizing security investments and aligning cybersecurity strategies with the universitys evolving needs.

IT Audit Oversight: Oversee IT-related audit responses ensuring adherence to internal controls regulatory compliance requirements and industry best practices.


Required Qualifications & Experience:

Bachelors degree from an accredited four-year college or university in information security computer science or a related field.
Minimum of 8-10 years of progressive experience in information security cybersecurity or a related field.
Proven experience in a leadership role overseeing comprehensive information security programs and managing security initiatives in a complex organizational environment preferably in higher education.

Leadership and Communication:
Demonstrated ability to provide strategic vision and leadership in information security.
Strong communication skills with the ability to effectively convey complex security concepts to both technical and non-technical stakeholders.
Experience collaborating with executive management and presenting to governing boards.

Technical Proficiency:
In-depth knowledge of information security principles cybersecurity technologies and risk management frameworks.
Experience with the implementation and management of security operations centers (SOCs) and security monitoring systems.
Familiarity with industry-accepted information security standards frameworks and best practices.

Compliance and Governance:
Expertise in developing implementing and maintaining information security policies procedures and standards.
Experience with information security governance and ensuring compliance with applicable industry standards and governmental regulations.

Incident Response and Risk Management:
Proven experience leading and managing incident response teams in. addressing security breaches and cyberattacks.
Strong background in conducting risk assessments and implementing risk management strategies.

Vendor Management:
Experience managing relationships with security-related vendors and overseeing security services.
Knowledge of vetting and reviewing security practices and controls of third-party service providers.

Data Governance and Compliance:
Familiarity with data governance frameworks and the ability to enforce data classification rules and procedures.
Experience with overseeing compliance efforts including audits and assessments related to FERPA GLBA HIPAA and other relevant regulations.

Strategic Planning:
Track record of developing and implementing strategic plans for information security programs.
Ability to align information security initiatives with organizational goals.

Continuous Learning and Industry Engagement:
Demonstrated commitment to staying abreast of the latest trends emerging threats and best practices in information security.
Participation in professional organizations conferences and networking events in the cybersecurity field.

Team Management:
Experience in leading and developing a diverse team of information security professionals.
Ability to foster a collaborative and inclusive team culture.

Legal and Regulatory Knowledge:
Understanding of legal and regulatory requirements related to information security particularly in the context of higher education.

Incumbent must demonstrate an interest or ability in working in a multicultural/multiethnic environment. A background check (including a criminal records check) must be completed satisfactorily before any candidate can be offered a position with the CSU. Failure to satisfactorily complete the background check may affect the application status of applicants or continued employment of current CSU employees who may apply for the position.

California State University Los Angeles as part of the CSU system is a State of California Employer. As such the University requires all employees upon date of hire to reside in the State of California. As of January 1 2022 the CSU Out-of-State Employment Policy prohibits the hiring of employees to perform CSU-related work outside the state of California.

Desired Qualifications:

Five (5) or more years of experience in leading teams in a management or leadership role particularly in a fast-paced service-oriented environment.
Experience working in higher education information technology.
Familiar with CSU security and compliance policies and procedures.
Familiar with Agile Software Process and Management.
Understanding of Cal State LAs mission and values.
Commitment to diversity equity and inclusion.

Compensation: Salary is commensurate with experience and qualifications. Salary range is $6891 - $22191/monthly. (Budgeted Hiring Salary Range $6891-$15000/Monthly). A comprehensive benefits package is provided.

Appointment: The Administrator III appointment will be made under the guidelines for management and supervisory employees of the California State University. All rights and benefits associated with this appointment are governed by the Management Personnel Plan.

This position is a designated position in the California State Universitys Conflict of Interest Code. The successful candidate accepting this position is required to file Conflict of Interest forms subject to the regulations of the Fair Political Practices Commission.

Closing Date: Review of applications will begin on February 15 2026 and will continue until the position is filled; however the position may close when an adequate number of qualified applications are received. Please apply using the link below:

Chief Information Security Officer Apply Here

The person holding this position is considered a mandated reporter under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 revised July 21 2017 as a condition of employment.

In addition to meeting fully its obligations under federal and state law California State University Los Angeles is committed to creating a community in which a diverse population can live and work in an atmosphere of tolerance civility and respect for the rights and sensibilities of each individual. To that end all qualified individuals will receive equal consideration without regard to economic status race ethnicity color religion disability national origin or cultural background political views sex or sexual orientation gender or other personal characteristics or beliefs.

Candidates must demonstrate ability and/or interest in working in a multicultural/multiethnic environment. Certain positions require fingerprinting. The University actively encourages qualified minorities women and persons with a disability to apply. Upon request reasonable accommodation will be provided to individuals with protected disabilities to (a) complete the employment process and (b) perform essential job functions when this does not cause an undue hardship. We are an Equal Opportunity/Title IX Employer.

To obtain employment information for the impaired call:
TDD Line
24-hour Dial-A-Job Line