Associate Chief Information Security Officer for Research, Teaching and Learning - WUIT

Scheduled Hours40

Position SummaryThe Associate CISO for Research, Teaching & Learning supports university researchers and instructors to enable the secure use of information technology in research activities and teaching functions, ensuring compliance with information security contractual and regulatory obligations.

Primary responsibilities include the creation and maintenance of information security policies, leading cyber risk assessments, operating an effective information security program, and overseeing a team of information security professionals who together, maintain effective relationships and exert influence with key stakeholders across the campus. The position has secondary reporting relationships to the Deputy Chief Information Officer - Research, Clinical and Medical Education Technologies and the Deputy Chief Information Officer - Administrative and Academic Technologies.

Eighty percent of the Associate CISO for Research, Teaching & Learning’s time is expected to focus on Research, with 20 percent focused on Teaching. The Associate CISO for Research, Teaching & Learning is a key member of the Information Security team with leadership responsibility for information security in research and instructional systems including policy, compliance, audit, outreach, education, and training across the University. The position is a key collaborator and trusted advisor to University Information Technology leadership across the enterprise.

Job Description

Primary Duties & Responsibilities:

Research Policy, Compliance and Security Engagement and Leadership

• Provide critical leadership, support and guidance to research initiatives that require technology-related DoD CMMC Certification or regulatory compliance with DFARS 7012, NIST 800-171, NIST 800-53, export control and Common Rule of Human Research.
• Collaborate with research sponsors to define and direct security assessments, requirements, reviews and remediation recommendations.
• Define the strategy for technology related regulatory compliance impacting research at the University.
• Monitor and report the changes in regulatory requirements impacting research and refine strategies to address these changes. Keep University Chief Information Security Officer and other key stakeholders fully appraised of all changes and directions.
• Define and lead education and communication practices for the Research Community and IT on the overall approach and required action to be compliant to these technology-related regulations.

Outreach, Education and Training

• Work closely with senior IT leaders, technical experts, deans and administrative leaders across the University to provide them with an in-depth understanding of the wide variety of research-related security issues, and their required responsibilities.
• Create and deliver education and awareness programs, which inform and advise faculty and staff at the school and department on security issues, best practices, and vulnerabilities.
• Establish and deliver an ongoing program, which specifically relates to the extramural research funding agencies, and the regulations and requirements that pertain to their unit's research areas.
• Work with University-wide IT staff on an ongoing basis to build and maintain awareness and understanding of their responsibilities pertaining to information security.

Program Oversight

• Coordinate with University project managers and information security management teams to assess current project timelines that have tasks that impact information security resources.
• Oversee, and track all information technology and security-related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes.
• Lead the team that responds to third-party audits of research information security, mobilizing the Security and other IT professionals from around university.
• Monitor and report the overall resource constraints and task due dates to provide leadership a dashboard of information security utilization and involvement in the University.

Manage a Team of Information Security Professionals

• Manage a team within the University Office of Information Security, consisting of direct and indirect reports. This includes hiring, training, staff development, performance management and annual performance reviews.
• Develop the information security organization’s talent, engaging / managing third parties as needed to ensure the required capabilities are available either internally or externally.
• Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources. 

Perform other duties as assigned.

Working Conditions:

Job Location/Working Conditions

• Normal office environment.

Physical Effort

• Typically sitting at a desk or table.
• Repetitive wrist, hand or finger movement.
• Ability to move to on and off campus locations.

Equipment

• Office equipment.

The above statements are intended to describe the general nature and level of work performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all job duties performed by the personnel so classified. Management reserves the right to revise or amend duties at any time.

Required Qualifications

Education:

Bachelor’s degree or combination of education and/or experience may substitute for minimum education.

Certifications:

The list below may include all acceptable certifications and issuers. More than one credential or certification may be required depending on the role.

Certified Information Security Manager (CISM) - Information Systems Audit and Control Association (ISACA), Certified Information Systems Security Professional (CISSP) - International Information System Security Certification Consortium (ISC2)

Work Experience:

Information Technology (10 Years)

Skills:

Not Applicable

Driver's License:

A driver's license is not required for this position.

More About This Job

Preferred Qualifications:

• Bachelor's degree in computer science, information management, science, business, or a related field, or equivalent experience.
• Ten or more years of experience in information technology, with a solid knowledge of information security regulations, issues, and technologies. This includes a deep understanding of information security policy, compliance, audit, data privacy laws, and accepted industry practices.
• Experience working with IT security guidelines and requirements outlined or as driven by HIPAA, NIST, NSPM-33, EU GDPR, DoD CMMC, DFARS 7012, etc.
• Demonstrated effectiveness in advising senior management on information security strategy, risk posture, policy, and governance.
• Ability to develop and maintain highly effective, collaborative, and consultative relationships as a leader and trusted advisor.
• Experience in attaining operational success managing security functions in complex settings that include academic or applied research activities.
• Demonstrated ability to successfully communicate information security-related concepts to technical and non-technical university stakeholders in writing and verbally.
• Ability to successfully work and effectively prioritize operations and demands in a highly dynamic work environment.
• Demonstrated ability to innovate, think strategically and to lead through influence and negotiation.
• Excellent problem solving and analytical skills in complex, new, or evolving situations.

Preferred Qualifications

Education:

Master's degree

Certifications:

No additional certification beyond what is stated in the Required Qualifications section.

Work Experience:

No additional work experience beyond what is stated in the Required Qualifications section.

Skills:

Analytical Thinking, Client Communication, Collaborative Partnerships, Computer Science, Information Management, Information Security, Innovation, Leadership, Leading by Influence, Prioritization, Problem Solving, Relationship Building, Security Governance, Security Management, Security Risk, Security Strategy, Stakeholder Communications, Strategic Advising, Strategic Thinking, Team Dynamics, Technical Communication

GradeG19

Salary Range$155,700.00 - $274,000.00 / Annually

The salary range reflects base salaries paid for positions in a given job grade across the University. Individual rates within the range will be determined by factors including one's qualifications and performance, equity with others in the department, market rates for positions within the same grade and department budget.

Questions

For frequently asked questions about the application process, please refer to our External Applicant FAQ.

Accommodation

If you are unable to use our online application system and would like an accommodation, please email CandidateQuestions@wustl.edu or call the dedicated accommodation inquiry number at 314-935-1149 and leave a voicemail with the nature of your request.

All qualified individuals must be able to perform the essential functions of the position satisfactorily and, if requested, reasonable accommodations will be made to enable employees with disabilities to perform the essential functions of their job, absent undue hardship.

Pre-Employment ScreeningAll external candidates receiving an offer for employment will be required to submit to pre-employment screening for this position. The screenings will include criminal background check and, as applicable for the position, other background checks, drug screen, an employment and education or licensure/certification verification, physical examination, certain vaccinations and/or governmental registry checks. All offers are contingent upon successful completion of required screening.

Benefits Statement

Personal

• Up to 22 days of vacation, 10 recognized holidays, and sick time.

• Competitive health insurance packages with priority appointments and lower copays/coinsurance.

• Take advantage of our free Metro transit U-Pass for eligible employees.

• WashU provides eligible employees with a defined contribution (403(b)) Retirement Savings Plan, which combines employee contributions and university contributions starting at 7%.

Wellness

• Wellness challenges, annual health screenings, mental health resources, mindfulness programs and courses, employee assistance program (EAP), financial resources, access to dietitians, and more!

Family

• We offer 4 weeks of caregiver leave to bond with your new child. Family care resources are also available for your continued childcare needs. Need adult care? We’ve got you covered.

• WashU covers the cost of tuition for you and your family, including dependent undergraduate-level college tuition up to 100% at WashU and 40% elsewhere after seven years with us.

For policies, detailed benefits, and eligibility, please visit: https://hr.wustl.edu/benefits/

EEO/AA StatementWashington University in St. Louis is committed to the principles and practices of equal employment opportunity and especially encourages applications by those from underrepresented groups. It is the University’s policy to provide equal opportunity and access to persons in all job titles without regard to race, ethnicity, color, national origin, age, religion, sex, sexual orientation, gender identity or expression, disability, protected veteran status, or genetic information.

Diversity StatementWashington University is dedicated to building a diverse community of individuals who are committed to contributing to an inclusive environment – fostering respect for all and welcoming individuals from diverse backgrounds, experiences and perspectives. Individuals with a commitment to these values are encouraged to apply.