"Security and Privacy Officer"

Collaborates with the Information Technology leadership team, and administrative leadership to develop and implement a vision and holistic strategy to protect the enterprise systems, data, assets, and users from external and internal threats.

Ensures the institution remains in compliance with the required regulations. Develops and maintain enterprise technology roadmaps that balance innovation with appropriate risk management and security controls.

Develops, documents, and promotes the necessary policies, practices, and critical incident response plans.

Partners with business stakeholders to understand their needs while guiding them toward secure technology solutions.

Provides direction and recommendations as a component of the University product review process to ensure compliance with security policies and standards. Oversees the evaluation and implementation of technology solutions that meet both operational needs and security requirements.

Leads, coaches, and develops a high-performance security team to develop and foster positive relationships and rapport with institutional stakeholders.

Collaborates with institutional leadership other stakeholders to coordinate the delivery of security and privacy related professional development for campus community.

Ensures ongoing compliance with applicable regulatory frameworks and industry standards by developing, implementing, and enforcing security policies and practices. Monitors adherence across the organization, conducts regular audits, and leads remediation efforts to address any gaps or violations.

Anticipates, assesses, and actively manages new and emerging threats. Responds to and assists in the remediation of data breaches and security incidents.

Serves as an emissary for all Information Technology security focused endeavors. Champions a proactive security mindset across all departments, ensuring teams understand how their decisions impact the organization's security posture.

Short Job Description:

Master's degree in related field from an accredited institution.

Five years' relevant experience.

Proven experience in collaborative and transformative Information Technology leadership.

Strong interpersonal, written, and verbal communication skills.

Experience with partnership-building and change management.

Direct experience in information security or privacy compliance within a complex organization.

Working knowledge of regulatory and security frameworks including Health Insurance Portability and Accountability Act (HIPAA), The Gramm-Leach-Bliley Act (GLBA), General Data Protection Regulation (GDPR), National Institute of Standards and Technology (NIST), Center for Internet Security (CIS).

CISSP (Certified Information Systems Security Professional) or CISSO (Certified Information Systems Security Officer) certification.