About Us:
Boise State University, powered by creativity and innovation, stands uniquely positioned in the Northwest as a metropolitan research university of distinction. Learn more about Boise State and the City of Boise at https://www.boisestate.edu/about/
Boise State University is building an inclusive community of faculty and staff whose unique skills, cultural contributions, work history, and perspectives create a rich and rewarding academic experience for our students. Research demonstrates that people thrive when they feel welcome, respected, and inspired. We seek applicants who are committed to helping us achieve our vision of a diverse and inclusive community. Applications from members of historically marginalized groups, including women, BIPOC (Black, Indigenous, and People of Color), those with disabilities, members of the LGBTQ+ community, those who have served in the military, and members of other underrepresented communities are strongly encouraged.
The screening of complete applications will begin July 10, 2023, and continue until the completion of the search process.
Job Summary/Basic Function:
The Chief Information Security Officer will be responsible for overseeing Boise State’s information security, cybersecurity, and IT risk management programs based on industry-accepted information security and risk management frameworks. This individual is an integral part of the Information Technology organization reporting directly to the CIO to improve and communicate the maturity levels of information security, state of cybersecurity, and IT risk practices across the University.
Department Overview:
As a department within the Office of Information Technology, ITGRC’s mission is to leverage industry standard GRC processes to establish and maintain a regulatory framework to satisfy IT governance requirements, identify, evaluate and manage IT risks across the Boise State enterprise and monitor and report on Boise State IT compliance as it relates to state and federal laws.
Level Scope:
Oversees through subordinate Managers a large, complex organization with multiple functional disciplines/occupations, OR manages a program, regardless of size, that has critical impact upon the campus. Significant responsibility for formulating and administering policies and programs, manages significant human, financial, and physical resources, and functions with a very high degree of autonomy. Frequently influences business decisions made by senior leadership. Oversees through subordinate Managers the accountability and stewardship of campus resources and the development of systems and procedures to protect organizational assets. Negotiates and influences others to understand and accept new concepts, practices, and approaches
Essential Functions:
University and Program Leadership
• Responsible for the strategic leadership of the University’s information security program.
• Provide guidance and counsel to the CIO and key members of the university leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security while building relationships and goodwill.
• Manage institution-wide information security governance processes.
• Lead information security planning processes to maintain and enhance an inclusive and comprehensive information security program for the entire institution in support of academic, research, and administrative information systems and technology. Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms, and program services; and create maturity models and a roadmap for continual program improvements.
• Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level, participate in national policy and practice discussions, and communicate to the campus community on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
• Act as ombudsman for disputes, requests for exceptions, and complaints regarding University-wide information systems security policies, practices, and related issues.
• Directly manage ITGRC professional staff and student employees, facilitate staffing, compensation, performance management, and employee development.
• Represent Boise State University on committees and boards associated with the State of Idaho and in national and regional consortiums and collaborations.
• Perform special projects and other duties as assigned.
Policy, Compliance and Audit
• Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Lead efforts to internally assess, evaluate and make recommendations to administration regarding the adequacy of the security controls for the University’s information and technology systems.
• Work as a liaison with local, state, and federal authorities requiring information and reports on security incidents that include campus police, FBI, or other law enforcement agencies.
• Assist IT management and staff with audits and facilitate management response and remediation efforts. Ensure overall IT compliance with regulatory requirements through proactive planning and communication, ownership, and relationships.
• Work with university leadership, general counsel, and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements as well as the research landscape and federal regulations that pertain to research.
Outreach, Education and Training
• Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
• Work with the campus to build awareness and a sense of common purpose around security.
• Pursue student security initiatives to address unique needs in protecting identity theft, mobile social media security, and online reputation programs.
Risk Management and Incident Response
• Keep abreast of security incidents and act as the primary control point during significant information security incidents. Convene the security incident response team as needed in addressing and investigating security incidents.
• Provide leadership for breach response and notification actions for the University.
• Develop, implement, and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
• Provide leadership, direction, and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
• Provide leadership and support of Boise State’s existing System Architecture Review Board (SARB) to examine the impacts of new technologies on the University’s overall information security.
Knowledge, Skills, Abilities:
• Experience in risk, compliance, and information security policy development.
• Knowledge and understanding of higher education, governmental agency, or corporate/industry information security, governance, risk, and compliance practices and standards.
• Knowledge of IT processes and controls. Strong understanding of risk and control frameworks (e.g., CoBIT, ISO, NIST, ITIL, PCI).
• Knowledge of laws and regulations including but not limited to: Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability Accountability Act (HIPAA), Gramm-Leach-Bliley (GLB) Act, and Sarbanes-Oxley.
• Knowledge of information security regulatory requirements and standards such as ISO 27001/2, Critical Security Controls, and NIST 800-171.
• Direct Boise State efforts to implement and support the National Security Presidential Memorandum 33 (NSPM-33) on national security strategy for government-supported research and development.
• Experience with the development of educational programs in the area of security awareness.
• Knowledge of current information technologies and their risk and compliance impact on enterprise processes.
• Strong understanding of the application, network, operating system, database, and core infrastructure security concepts.
• Proven problem solver with an ability to provide in-depth analysis of complex problems, manage risk and provide timely and accurate decisions.
• Experience managing budgets and leading a team of information technology professionals.
• Excellent organizational and communication skills (both oral and written).
• Strong interpersonal skills and the ability to effectively communicate with a wide range of individuals and constituencies in a diverse community.
• Possess, or obtain within the first six months, Certified Information Systems Security Professional (CISSP) or other information systems security certifications.
Minimum Qualifications:
Bachelor’s degree or equivalent in Computer Information Systems, Management Information Systems, or Computer Science plus 8 years of work experience in the same type of work and 5 years of supervisory experience.
Preferred Qualifications:
Master’s degree or equivalent. The emphasis of this position is on leadership and judgment, with a sophisticated ability to work with other leaders and to set the best balance between security strategies and other priorities at the campus level. Experience as an Information Security Officer, developing and administering an information security program in a complex higher education environment, is highly desirable. Salary and Benefits:
Starting salary is $154,086.40/per year, commensurate with experience. Boise State University is committed to offering a benefits package that provides health and financial protection plans as well as resources to promote health and well-being. Our program provides flexibility so you can choose the benefits that are right for you and your family. Learn more about our benefit options at https://www.boisestate.edu/hrs/benefits/ .
Required Application Materials:
Please submit a cover letter indicating your interest and qualifications for the position. Attach a resume that includes employment history (including dates of employment) and provide contact information for three-five professional references.
Advertised: June 13, 2023 Mountain Daylight Time
Applications close: