Chief Information Security Officer

Chief Information Security Officer

About the Department:

The Security & Compliance Unit (S&C) within the Office of Information Technology (OIT) oversees the cybersecurity of the University's systems and data in a manner consistent with industry best practices and the University's IT compliance and IT risk management obligations. S&C develops and ensures compliance with cybersecurity policies/regulations/procedures, supports and oversees implementation of strategic information security initiatives, provides operational security services, and provides campus-wide vendor risk and license management. S&C is also the functional lead for the university's identity and access management program.S&C's overall responsibilities include the following:

• Development/maintenance of the university's cybersecurity strategic plan and roadmap
• Implementation of strategic cybersecurity initiatives
• Operational security services
• Coordination of IT resilience efforts and change management processes
• Manage the University wide operational cybersecurity services
• Establish, review, and enforce university-wide IT and cybersecurity policies, standards, and procedures, while also ensuring compliance with federal/state regulations and contractual obligations.
• Campus-wide IT vendor risk and license management

Essential Job Duties:

Office of Information Technology

The Security and Compliance (S&C) unit within the Office of Information Technology (OIT) oversees the cybersecurity

of NC State's systems and data in a manner consistent with industry best practices and the university's IT compliance and IT risk management obligations. S&C develops and ensures compliance with cybersecurity policies, regulations, and procedures, supports and oversees implementation of strategic information security initiatives, provides operational security services, and provides campuswide vendor risk and license management. S&C is also the functional lead for the university's identity and access management program.

S&C's overall responsibilities include:

• Developing and maintaining the university's cybersecurity strategic plan and roadmap
• Implementing strategic cybersecurity initiatives
• Managing the university-wide operational cybersecurity services
• Establishing, reviewing, and enforcing university-wide IT and cybersecurity policies, standards, and procedures while also ensuring compliance with federal and state regulations and contractual obligations
• Leading campuswide IT vendor risk and license management
• The Opportunity
• OIT invites applications for the position of chief information security officer (CISO).
• Position Overview
• The CISO reports to the vice chancellor for information technology and chief information officer and leads S&C. The CISO is a member of the OIT leadership cabinet and works closely with senior administration, academic leaders, and the campus community to optimize the security posture of the university.
• The CISO is responsible for leading the university's comprehensive cybersecurity program to ensure the confidentiality,integrity, and availability of university data and technology resources. This program utilizes industry best practices and employs a range of policy, procedural, and technological controls to manage risk to NC State's information assets. The CISO leverages campuswide collaboration, promotes effective cybersecurity governance, advises senior leadership on strategic cybersecurity direction and resource investments, and develops policies to effectively manage IT and cybersecurity risks. The role manages the S&C portfolio with an operating budget exceeding $5 million and oversees vendor risk and license management, which maintains and negotiates licenses totaling over $12 million.
• The CISO is expected to lead the following:
• Security and Compliance Leadership
• Provide leadership and oversight of S&C activities and services. The current structure is comprised of:
• Cybersecurity Operations (Director and 9 staff, including Security Operations Center)
• Provides secure computing services, including data protection, network security monitoring, security incident
• response and support services to help safeguard the university's technology environment.
• Information Security, Risk and Assurance (Director and 7 staff)
• Provides strategic planning to ensure reliable IT security and program compliance while supporting internal
• security audit and assurance activities.
• Vendor Risk and License Management (Associate director and 2 staff)
• Provides license management services, procurement, and IT contract negotiations. Manages the IT purchase
• compliance process and oversees software management to ensure efficient and compliant software use across the university.
• University, State, and National Leadership and Collaboration
• Facilitate ongoing collaboration with OIT units, colleges, administrative units, and key constituents, such as data stewards, data trustees, Office of General Counsel, Internal Audit, and Emergency Management and MissionContinuity, regarding overall cybersecurity requirements.
• Serve on several committees as a co-chair, member, or in an advisory capacity (e.g., Research Controlled
• Unclassified Information Security Compliance Committee, Strategic IT Committee, Campus IT Directors,
• Enterprise Risk Management Advisory Team, Data Steward Committee, Data Governance Council).
• Provide leadership to the Cybersecurity Awareness Team and ensure functionality of the Cybersecurity Liaisons program to assist with maintaining a secure university landscape.
• Serve on the UNC Information Security Council and establish collaboration and partnerships with institutions in the UNC System.
• Be an active participant in appropriate national organizations, such as EDUCAUSE.
• Strategic Practice and Policy
• Provide executive responsibility and expert oversight for strategies, plans, policies, and operations to secure all university information and technology systems.
• Lead the continuous enhancement of a 3-5 year university cybersecurity strategic plan and roadmap, prioritizing
• needs (people, processes, technology) through a risk management process.
• Engage with university leaders to integrate information security vision and programs into all business processes.
• Manage the university's information security governance processes and lead the Information Security Advisory
• Group.
• Security Operations, Risk Management, and Compliance
• Collaborate with university leadership to promote a strong environment of cybersecurity and compliance that
• aligns with the university's research, education, and outreach missions.
• Provide leadership and guidance to support the secure and responsible use of artificial intelligence.
• Work closely with the research community to explore novel cybersecurity approaches in networking, data
• management, software development, identity management, and research platforms.
• Minimum Education and Experience Requirements:
• Requires a relevant post-baccalaureate degree with a minimum of three (3) years or greater of related professional experience, or a relevant undergraduate degree and a minimum of five (5) years or greater of relevant experience may be substituted for the advanced degree, or equivalent professional training in a closely related field and level of leadership.
• Require leadership skills:
• Demonstrated ability to balance the business, technical, compliance, and cultural risks to help make decisions
• that support the university's mission and improve success.
• Relevant experience in a senior cybersecurity information and technology leadership position (CISO, deputy
• CISO, or other key leadership experience in cyber-related leadership) managing and supporting a staff of
• professionals dedicated to cybersecurity, or the ability to address ways in which current experience is relevant.
• Proven leadership, communication, presentation, and problem-solving skills.
• Proven ability to enhance and/or implement an enterprise-wide information security education and awareness
• program.
• Excellent written and verbal communication skills and a high level of personal integrity.
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
• Required Technical Skills
• Demonstrated experience in overseeing the establishment, implementation, and management of an established
• information security program.
• In-depth knowledge of cybersecurity principles, information auditing principles, cybersecurity policy and
• compliance, and IT risk management.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, NIST
• Cybersecurity Framework and, 800 series, CIS Controls.
• Broad understanding of IT and cybersecurity-related compliance obligations, such as FERPA, GLBA, HIPAA, PCI,
• DFARS/CMMC, and federal/state records retention requirements.
• A broad understanding of all IT service functions, such as technical security, network engineering, application
• development, server administration, database administration, user account administration, identity and access
• management, endpoint device management and academic support.
• Preferred Qualifications
• A minimum of eight (8) years of full-time experience in information security management and leadership.
• Experience in academia, with experience at a Research 1 university is a plus.
• Possess the relationship skills, cultural awareness and organizational prowess required to work effectively in a
• university setting.
• Professional security certification from at least one of the currently acceptable information security certification
• programs, such as Certified Information Systems Security Professional (CISSP), Systems Security Certified
• Practitioner (SSCP) or Certified Information Security Manager (CISM).
• How to Apply
• Inquiries and nominations are invited and may be directed to: NC State Executive Search Services: Justin Lang, at (919) 513-1963 or [email protected] . Confidential review of applications will begin in November 2025 and will
• continue until the position is filled. Candidates should provide a resume/CV, cover letter, and the names and contact information of three (3) professional references. References will not be contacted without prior knowledge and
• approval from candidates. These materials must be submitted online at jobs.ncsu.edu/ (position #00001696)
• About NC State
• At NC State, we Think and Do — and the world takes notice. As a Research I university, NC State is a key part of the Research Triangle region, which is home to industry leaders such as NC State partners SAS, Cisco, IBM, GlaxoSmithKline and Lenovo. Raleigh and the surrounding area are consistently rated among the best places to live
• and work in the United States, and NC State is a driving force for the local, state and national economies.
• 40,500+ students, 2,500+ faculty and 7,700+ staff
• Educating more North Carolinians than any other university
• Student-faculty ratio 16:1
• 12 colleges representing all major academic fields
• More than 300 undergraduate and graduate degree programs offered through 68 departments
• NC State Extension serves citizens in all 100 counties and the Eastern Band of Cherokee Indians
• $2.22 billion endowment, among the top 90 largest higher-education endowments in the country
• North Carolina's rapid growth makes the state a leader and top spot for young professionals and families.
• Raleigh reflects statewide growth as a city on the rise:
• No. 8 among the best places to live in North Carolina (U.S. News & World Report, 2025)
• No. 2 among the best-performing cities in the U.S. (Milken Institute, 2025)
• With Durham and Chapel Hill, the capital city anchors the Research Triangle, a national hotspot for high-tech
• enterprise. The region's top companies — including IBM, Cisco Systems, SAS Institute, Biogen Idec and GlaxoSmithKline — rank among the country's best employers.
• About Raleigh and North Carolina
• Celebrating its 138th year in 2025, NC State continues to make its founding purpose a reality. Every day our career-
• ready graduates and world-leading faculty make the fruits of learning, discovery and engagement available to people across the state, throughout the nation and around the world.
• NC State also maintains strong agricultural partnerships with Bayer, BASF, Novozymes and Syngenta, companies that lead the way in hiring new NC State graduates. The region maintains a robust startup ecosystem with numerous
• engineering and sciences startups - many from NC State - along with abundant venture capital.
• NC State University is an equal opportunity employer. All qualified applicants will receive equal opportunities for employment without regard to age, color, disability, gender identity, genetic information, national origin, race, religion, sex (including pregnancy), sexual orientation, and veteran status. The university encourages all qualified applicants, including protected veterans and individuals with disabilities, to apply. Individuals with disabilities requiring disability- related accommodations in the application and interview process are welcome to contact 919-515-3148 to speak with a representative of the Office of Equal Opportunity.
• 
  
• Minimum Education and Experience:
• 
  
• Other Required Qualifications:
• Required Leadership Skills Clear demonstration of balancing the business, technical, compliance and cultural risks to help make decisions that support the university mission and improve success.
• Relevant experience in a senior cybersecurity information and technology leadership position (Chief Information Security Officer or Deputy Chief Information Security Officer or other key leadership experience in Cyber related leadership) managing and supporting a staff of professionals dedicated to cybersecurity, or the ability to address ways in which current experience is relevant.
• Proven leadership, communication, presentation and problem solving skills.
• Proven ability to enhance and/or implement an enterprise-wide information security education and awareness program.
• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
• 
  
• Required Technical Skills Demonstrated experience in overseeing the establishment, implementation, and management of an established information security program.
• In-depth knowledge of cybersecurity principles, information auditing principles, cybersecurity policy and compliance and IT risk management.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, NIST Cybersecurity Framework and 800-series, CIS Controls, etc..
• Broad understanding of IT and cybersecurity related compliance obligations such as FERPA, GLBA, HIPAA, PCI, DFARS/CMMC and federal/state records retention requirements.
• A broad understanding of all IT service functions, such as technical security, network engineering, application development, server administration, database administration, user account administration, identity and access management, endpoint device management and academic support.
• 
  
• Preferred Qualifications:
• A minimum of eight (8) years of full-time experience in information security management and leadership
• Experience in academia, with experience at a Research 1 university a plus
• Possess the relationship skills, cultural awareness, and organizational prowess required to work effectively in a University setting
• Professional Security Certification from at least one of the currently acceptable information security such as:
• Certified Information Systems Security Professional (CISSP)
• Systems Security Certified Practitioner (SSCP)
• Certified Information Security Manager (CISM)
• 
  
• Posting Number: PG194334EP
• Position Number: 00001696
• Anticipated Hiring Range: Salary commensurate with experience (anticipated hiring range: $200,000 - $227,000)
• To apply, visit https://jobs.ncsu.edu/postings/224979
• 
  
• Copyright ©2025 Jobelephant.com Inc. All rights reserved.
• Posted by the FREE value-added recruitment advertising agency
• 
  
• jeid-007d7e109f84da43b478da2de9a279b2