At CampusWorks, we are dedicated to empowering higher education institutions to achieve student success by safeguarding their data. We’re looking for forward-thinking, early career Chief Information Security Officer (CISO) to join our dynamic Center of Excellence (CoE) Information Security team. We're seeking an individual with 5 years of proven work experience in cybersecurity, including a minimum of 1-2 years' prior CISO experience. This pivotal role will support our Managed Services client portfolio and drive excellence in information security.
In this role you will help lead the charge in protecting our client institutions' data and security systems, ensuring they can focus on their primary mission: student success. Your key responsibilities will include:
Strategic Security Coordination: Seamlessly manage site security programs and collaborate with client leadership and technical support teams to ensure alignment and effectiveness.
Policy Development & Best Practices: Develop and enforce security policies while adhering to industry standards and best practices.
Risk & Compliance Management: Conduct risk assessments, manage compliance, and oversee the development and execution of action plans to address security concerns.
Operational Excellence: Prioritize and operationalize security measures, ensuring objectives are met and effectively communicated to stakeholders.
What You’ll Bring:
Deep Security Expertise: A thorough understanding of the evolving threat landscape in higher education, with the ability to adapt to emerging challenges and technologies.
Effective Communication: The skill to present complex technology solutions to senior leaders and non-technical stakeholders in a clear and accessible manner.
Strategic Alignment: The capability to connect client institutions' strategic goals with technical team activities, ensuring short-term objectives are achieved while advancing long-term security program maturity.
Collaborative Environment: The ability to work closely with diverse stakeholders and cybersecurity experts to drive continuous improvement in security posture.
Why CampusWorks?
Join us in making a meaningful impact on higher education institutions by leading their information security efforts. If you are a proactive individual with a passion for security and a knack for translating technical concepts into strategic advantages, we want to hear from you!
Apply Now
Take the next step in your career and help us shape the future of information security in higher education.
This is primarily a virtual/remote role, with the potential for some travel to key client locations.
Reports To: Director, Information Security Center of Excellence
Accountabilities
- Ability to coordinate and cross-collaborate across 4-5 client sites at one time.
- Develop and coordinate a comprehensive cybersecurity program that aligns with industry frameworks and standards across multiple client sites.
- Facilitate communication between client stakeholders and the CoE to advance information security programs, focusing on vulnerability management, incident response, and remediation planning.
- Conduct ongoing risk and compliance assessments to verify the effectiveness of client security measures and ensure regulatory compliance.
- Review security controls to identify threats to information systems and infrastructure, and implement appropriate responses based on findings.
- Monitor, analyze, and interpret site security operations, procedures, and data to address deficiencies and drive continuous improvement in client security posture.
- Assess the impact of planned changes, ensuring adequate review, preparation, and testing to prevent security or stability issues.
- Collaborate with sites to create and implement information security strategies that minimize risk exposure and safeguard technology infrastructure and data, including MFA/SSO, backup solutions, email security, asset inventory, configuration and patch management, and encryption.
- Work with other cybersecurity professionals, including CISOs, penetration testers, security engineers, and incident response experts, to ensure a coordinated response to security incidents.
- Investigate and analyze security incidents, and prepare executive and tactical reports with recommendations for control improvements.
- Coordinate the development and execution of institutional information security awareness and training programs.
- Review and manage site third-party vendor contracts and security procedures.
- Develop and execute comprehensive test plans, including tabletop exercises, to evaluate security controls and identify gaps.
- Serve as the designated Qualified Individual for assigned client sites across the CoE.
- Produce and deliver tactical and strategic board-level reports and presentations on Information Security, both remotely and onsite as needed.
Education & Experience
- Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity or related field, or other relevant combination of training and experience.
- 5+ years of proven work experience in cybersecurity-related role(s), including minimum of 2 years prior CISO experience.
- Preferred training and certification, e.g., CISSP, CISM, CISA, CRISC.
- Experience conducting risk/compliance assessments and business impact analyses and providing recommendations for improving an organization's security posture based on assessment findings.
- Experience in developing and implementing security policies, procedures, best practices, and security awareness training programs.
- Experience with investigating and responding to security incidents, e.g., ransomware, breaches.
- Experience in information security consulting and/or higher education security challenges and the application of technology solutions to resolving those challenges, a plus.
Special Skills, Knowledge, & Abilities
- Strong understanding and ability to stay current and adapt with the evolving cybersecurity landscape including security principles, technologies, techniques, best practices, protocols, and tools.
- Demonstrated experience with Information Security Program development, management, and operations.
- Proven ability to advise on security strategies.
- Strong knowledge of information security principles and industry-standard security frameworks such as CIS Controls and Risk Framework, NIST CSF, and ISO 27001/27002.
- Working knowledge of regulatory requirements and compliance standards, such as GLBA, GDPR, FERPA, PCI-DSS, HIPAA, and breach notification.
- Knowledge of business impact assessment and disaster and business continuity planning.
- Knowledge and understanding of security infrastructure technologies and capabilities.
- Knowledge of network and system architecture, including cloud-based environments and virtualization technologies.
- Knowledge of vulnerability assessment, attack surface management (ASM), and penetration testing methodologies and tools.
- Knowledge of industry security threat detection and response solutions, including SIEM, SOAR, MDR/XDR.
- Ability to foster supportive relationships, champion service excellence, and communicate effectively, positively, and professionally with clients, stakeholders, peers, executives, and third-party system vendors.
- Ability to maintain the highest knowledge of cyber security by pursuing continuing education and/or achieving new certifications.
- Ability to work independently and manage multiple tasks and priorities across multiple sites effectively.
- Resourceful, detail-oriented, and self-starter in developing and completing work projects.
- Strong presentation and public speaking skills and ability to deliver presentations tailored to the level and type of audience.
- Excellent interpersonal skills, including effectively listening and communicating verbally and in writing.
- Must possess and have proven problem-resolution and critical-thinking skills.
- Must be flexible and work with a high level of initiative.
