Chief Information Security Officer

The Talent Acquisition department hires qualified candidates to fill positions which contribute to the overall strategic success of Howard University. Hiring staff “for fit” makes significant contributions to Howard University’s overall mission.

At Howard University, we prioritize well-being and professional growth.

Here is what we offer: 

• Health & Wellness: Comprehensive medical, dental, and vision insurance, plus mental health support
• Work-Life Balance: PTO, paid holidays, flexible work arrangements
• Financial Wellness: Competitive salary, 403(b) with company match 
• Professional Development: Ongoing training, tuition reimbursement, and career advancement paths
• Additional Perks: Wellness programs, commuter benefits, and a vibrant company culture

Join Howard University and thrive with us! 

https://hr.howard.edu/benefits-wellness

BASIC FUNCTION:           

The Chief Information Security Officer (CSIO) is accountable for information security and confidentiality strategy, evaluation, operations, and information security risk management at HU and HUH. The Information Security Supervisor is responsible for the administration and wellbeing of the core Howard University and Hospital enterprise information security requirements.

SUPERVISORY ACCOUNTABILITY:              

May oversee one or more Information Security Engineers and Information Security Analysts.

NATURE AND SCOPE:     

Internal contacts include administrators, faculty, students and staff of the department and University.  External contacts include vendors, consultants, visitors and the general public.  Interact(s) with staff, physicians, patients and their families, other healthcare providers, Hospital and University officials,

PRINCIPAL ACCOUNTABILITIES:

• Create and implement a strategy for the deployment of information security technologies; develop, implement, and enforce information security policies and procedure; monitor security vulnerabilities and intrusion threats in network and host systems; communicate with key stakeholders about IT security threats.
• Protect the intellectual property of the HU and HUH organizations; responsible for the integration of information security core competencies into daily functions, including: commitment to data availability, confidentiality, and integrity.
• Perform IT security risk assessments; identify security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives; develop, test and administers firewalls, intrusion detection systems, network and systems management technologies and software deployment tools.
• Propose and deploy solutions to manage information security risk; perform intrusion detection monitoring of networks and systems. Participate in computer security incident response activities and the technical investigations of security related incidents.
• Provide and participate in corrective action regarding security violations, attempts to gain unauthorized access, virus infections and other events that may affect the network and systems security.
• Performs product evaluations, recommend and implements products/services for network security; validate and tests complex security architecture and design solutions from recommended vendor technologies.
• Reviews, recommends and oversees the installation, modification or replacement of hardware or software components and any configuration change(s) that affects network and systems security.
• Perform, evaluates and remediate findings from vulnerability scans in a multi-platform, enterprise environment.
• Develop technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support for security policies, standards and guidelines.
• Develops scripts for system administration and security auditing functions.
• Responsible for aiding in own self-development by being available and receptive to any training made available by the department.
• Plans daily activities within the guidelines of ETS policy, job description and Supervisor's instruction in such a way as to maximize output.
• Other duties may be assigned.

CORE COMPETENCIES:  

• Strong communications skills, both written and oral.
• Organized, responsive and highly thorough problem solver
• Must have strong technical knowledge of IP networking, networking protocols and related technologies including encryption, IPSec, PKI, VPNs, firewalls, proxy services, DNS and electronic mail.
• Must have experience working with firewall, vulnerability scanning, intrusion detection products and authentication technologies.
• Would be a plus to have Network/packet-level examination experience (e.g. Wireshark, Snort, tcpdump, NMAP, etc.).
• Would be a plus to have working knowledge of hacking tools and techniques (e.g. buffer overflows, ARP poisoning, browser attacks, phishing, DNS poisoning), and SIEM.
• Must have experience and or working knowledge of federal regulations related to information security (FISMA, Computer security Act, NIST Special Publications, HIPAA, FERPA).
• System Administration experience in multiple operating systems including Linux, and Windows.

MINIMUM REQUIREMENTS:      

A Bachelor's degree from four-year college or university in computer science/ Information Technology with a security concentration. A Master's degree in business administration is highly desirable. Industry certifications in cybersecurity are preferred. 3 to 5 years of experience in information security. Minimum three years’ experience working with firewall, vulnerability scanning, intrusion detection products and authentication technologies and three years of experience with network security, incident response, auditing, intrusion detection, forensics, vulnerability assessments, and/or analytic tools; or equivalent combination of education and experience. One or more of the following: CISM, CISSP, CISA, CGEIT, CRISC, and, or other security certification; at a minimum Security + Certification. Must be able to stand, walk, sit, lift (12-25lbs), bend, write, type, file, speak, hear, see, calculate, compare, edit, evaluate, interpret and organize for extended periods of time.

Compliance Salary Range Disclosure

Expected Pay Range: $181,818 - $200,000