Apply on Employer Site

Another Source · 1 hour ago

Chief Information Security Officer - Cal State LA

US-CA-Los Angeles

Full-time

Onsite

Director/Executive

$0/yr - $180K/yr

8+ years exp

Another Source is partnering with Cal State LA, a mission-driven public university in Los Angeles, to recruit a Chief Information Security Officer (CISO). This high-visibility leadership role is responsible for shaping and advancing the university’s enterprise information security, risk management, and privacy program while working closely with executive leadership and IT to protect institutional data.

ConsultingHuman ResourcesStaffing Agency

Responsibilities

In collaboration with the university's executive leadership, the CISO plays a pivotal role in defining acceptable levels of information security risk, aligning cybersecurity strategies with institutional objectives, and ensuring the university's overall resilience against cyber threats and regulatory compliance requirements. Key responsibilities encompass:

Identify risks and IT security and compliance requirements and priorities: Collaborate with executive management to establish acceptable risk profiles, balance security measures with operational needs and business objectives, identify and remediate security-related compliance gaps, establish security and compliance governance processes to ensure security and compliance solutions are appropriate, and resources are allocated based on the priorities of the university business objectives

Protect the information assets and reputation of the university from cyberattacks: Design, implement, and maintain a comprehensive campus-wide information security management program, encompassing policies, procedures, practices, and capabilities to safeguard sensitive data and critical infrastructure. Conduct security awareness program to educate Cal State LA user community to protect themselves from phishing and/or cyberattacks

Detect cyber threats, attacks, system vulnerabilities, and security-related non-compliance issues: Enhance technical capabilities to improve cyber threat detection effectiveness. Develop IT security talents to identify symptoms of cyberattacks. Establish security threat detection processes to monitor cyber risks and vulnerabilities. Lead the assessments and security health check efforts on regulatory compliance mandates including FERPA, PII, GLBA, GDPR, PCI DSS, and HIPAA

Respond to security incidents and cyberattacks: Maintain up-to-date Incident Response Management Plans and improve the university's incident response readiness via CSIRT training and tabletop exercises. Lead the incident response efforts, perform investigation, coordinate remediation activities, and ensure effective communication with stakeholders during and after security breaches or cyberattacks. Collect evidence for the cyber incidents to enable post incident activities

Restore disrupted systems and business capabilities after cyber incidents: Coordinate with Infrastructure Team to back up critical systems and sensitive data to enable quick and comprehensive restoration of systems after cyber-attacks or system disruption

Strategic Planning and Prioritization: Actively participate in IT strategic planning initiatives, projects, and resource allocation decisions, prioritizing security investments and aligning cybersecurity strategies with the university's evolving needs

IT Audit Oversight: Oversee IT-related audit responses, ensuring adherence to internal controls, regulatory compliance requirements, and industry best practices

Qualification

Information SecurityCybersecurityRisk ManagementLeadership ExperienceSecurity Operations Centers (SOCs)Compliance StandardsRisk AssessmentsSecurity PoliciesTeam DevelopmentVendor ManagementIncident ResponseCommunication SkillsCollaboration

Required

Bachelor's degree in information security, computer science, or a related field

Minimum of 8-10 years of progressive experience in information security, cybersecurity, or a related field

Proven experience in a leadership role, overseeing comprehensive information security programs, and managing security initiatives in a complex organizational environment, preferably in higher education

Strong communication skills with the ability to effectively convey complex security concepts to both technical and non-technical stakeholders

Experience collaborating with executive management and presenting to governing boards

In-depth knowledge of information security principles, cybersecurity technologies, and risk management frameworks

Experience with the implementation and management of security operations centers (SOCs) and security monitoring systems

Familiarity with industry-accepted information security standards, frameworks, and best practices

Expertise in developing, implementing, and maintaining information security policies, procedures, and standards

Experience with information security governance and ensuring compliance with applicable industry standards and governmental regulations

Strong background in conducting risk assessments and implementing risk management strategies

Experience managing relationships with security-related vendors and overseeing security services

Knowledge of vetting and reviewing security practices and controls of third-party service providers

Experience with overseeing compliance efforts, including audits and assessments related to FERPA, GLBA, HIPAA, and other relevant regulations

Ability to align information security initiatives with organizational goals

Demonstrated commitment to staying abreast of the latest trends, emerging threats, and best practices in information security

Participation in professional organizations, conferences, and networking events in the cybersecurity field

Experience in leading and developing a diverse team of information security professionals

Ability to foster a collaborative and inclusive team culture

Understanding of legal and regulatory requirements related to information security, particularly in the context of higher education

Benefits

Emphasis on maintaining a healthy work-life balance with ample PTO and flexibility, which includes up to 24 vacation days per year (based on employee group/or services).

Enjoy the vibrant campus life with access to athletic and gym facilities, renowned sporting events, artist events, and world-renowned speakers.

Numerous professional development opportunities to advance your career including tuition waivers for yourself, a spouse, registered domestic partner or an eligible dependent child across any of the 23 CSU campuses.

Two different retirement plans catered to fit your personal saving goals: CalPERS Retirement Plan or 403(b) Supplemental Retirement Plan (Similar to a 401k plan)

Medical benefits tailored to support various life stages

We recognize that transportation to and from work can be expensive and we are here to help support you with pre-tax commuter benefits.