Chief Information Security Officer

American University is a student-centered research institution located in Washington, DC, with highly-ranked schools and colleges, internationally-renowned faculty, and a reputation for creating meaningful change in the world. Learn more about American University

Department:

Information Technology

Time Type:

Full time

FLSA Status:

Exempt

Work Modality:

Hybrid 04 (On Campus 1 day/Month)

Union:

Excluded

Job Description:

Summary:

The Chief Information Security Officer (CISO) is responsible for developing, implementing, and maintaining American University’s information security and digital privacy program and associated strategies to support the AU community, improve posture and ensure compliance.  The CISO oversees the development of a university-wide strategy, architecture and implementation to meet the objectives developed under these plans.  The CISO will also help to establish and lead university-wide information security and digital privacy awareness and education programs and promote a security conscious culture and infrastructure at American University.

This position reports to the Vice President and Chief Information Officer.

Essential Functions:

• Protect and Defend AU Infrastructure, Systems, and Data. Respond and Report Security Incidents or Risks: (1) Manage incident response and recovery efforts, working to minimize the impact of security breaches and ensuring timely resolution. (2) Oversee the procurement and management of security technologies, tools, and solutions. (3) Provide regular updates and reports to senior leadership, the Board of Trustees, and other relevant stakeholders on the state of cybersecurity within the University.
• Design and Implement University Wide Information Security, Digital Privacy and IT Compliance Strategy: (1) Develop and execute a comprehensive information security strategy to protect the University's data, systems, networks and the University community itself. (2) Foster a culture of security and digital privacy awareness and responsibility throughout the university community through training and education initiatives. (3) Develop, implement and increase adoption of and compliance with security and digital privacy policies, standards, and procedures across the University. (4) Ensure compliance with relevant data protection regulations, such as FERPA, PCI, GLBA, GDPR, etc., and manage security audits and assessments. (5) Conduct regular risk assessments, vulnerability assessments, and penetration testing to identify and address security weaknesses. (6) Collaborate with various departments and stakeholders to ensure security requirements are integrated into all aspects of the University's operations, including research, teaching, and administration.
• Monitor Information Security Landscape and Maintain Technical Currency through Professional Development: Stay informed about emerging threats, vulnerabilities, and industry trends, and adapt the University’s security measures accordingly.
• Direct, Supervise, and Support the Information Security Team: Lead a team of cybersecurity professionals, providing guidance, mentorship, and overseeing day-to-day security operations.
• Support and Advise Risk Management, Legal, & Police Investigations: (1) Collaborate, advise, and support the annual cyber-insurance renewal process.(2) Advise, facilitate, and strategize General Counsel’s needs with regard to legal matters. (3) Support and partner with AU Police Department in police investigations.

Supervisory Responsibility:

• Reporting directly to this position will be the Director of Cyber Policy and the Director of Information Security, along with their three indirect reports.

Competencies:

• Acting Strategically.
• Building a Customer Focused Organization.
• Collaborative Leadership.
• Driving Continuous Improvement.
• Leading and Inspiring People.
• Thinking Broadly.

Position Type/Expected Hours of Work:

• Work schedule and modality: This position works 35 hours per week Monday through Friday with a one-hour lunch break in a hybrid modality with one day a month required to work from the office.
• After-hours availability: The position must be readily available outside of business hours and days to respond to emergencies and critical or time-sensitive security incidents. Potential for frequent interrupted nights and weekends.
• Essential personnel designation: This position is expected to be on call and available to work remotely to address emergency IT issues, during unplanned closures or weather emergencies.
• Leave blackout period: OIT staff are prohibited from taking non-emergency leave during the three-week period at the start of each semester, this includes the week before the start of the Fall and Spring term and the first two weeks of classes for the Fall and Spring term. Requests for support peak during these times and system availability is also critical, which requires all staff members to be working during these times. 

Salary Range:

• $225,000-$250,000/yr. (commensurate with experience).

Required Education and Experience:

• Bachelor's degree or equivalent.
• 10+ years of relevant experience.

Preferred Education and Experience:

• Master's degree or equivalent.
• 10+ years of relevant experience.

Travel Required:

• None, although professional development is encouraged.

Additional Eligibility Qualifications:

• Professional certifications, such as CISSP, CISM, or CISA, or willingness to attain within one year of hire.
• Knowledge of relevant laws, regulations, and standards, including FERPA, HIPAA, GLBA, PCI, etc.
• Exceptional leadership, communication, and interpersonal skills.
• Proven track record in developing and implementing effective security strategies.
• Experience working in an academic or educational institution is a plus.

Benefits

AU offers a competitive benefits package including a 200% matching retirement plan, tuition benefits for full-time staff and their families, several leadership development certificates, and has been recognized by the American Heart Association as a fit-friendly worksite. Click here to learn about American University's unique benefit options.

Other Details

• Hiring offers for this position are contingent on successful completion of a background check.

• Employees in staff positions at American University must deliver their services to the university from either the District of Columbia, Maryland, or Virginia, or perform work on-site at the university.

• Please note this job announcement is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

• American University is an E-Verify employer.

Current American University Employees

American University current employees must apply through their employee Workday account. If you are a current employee at American University, please log into Workday and select the Find Jobs report which will take you to our internal career listings.

Contact Us

For more information or assistance with the American University careers site, email theworkline@american.edu.

American University is an equal opportunity, affirmative action institution that operates in compliance with applicable laws and regulations. The university does not discriminate on the basis of race, color, national origin, religion, sex (including pregnancy), age, sexual orientation, disability, marital status, personal appearance, gender identity and expression, family responsibilities, political affiliation, source of income, veteran status, an individual’s genetic information or any other bases under federal or local laws (collectively "Protected Bases") in its programs and activities.