Chief Information Security Officer

Chief Information Security Officer

Duke University, a private, AAU-member, research-intensive university, seeks an accomplished and strategic leader to serve as its next Chief Information Security Officer (CISO). Reporting to the Vice President for Information Technology/Chief Information Officer (VPIT/CIO), the CISO will bring University stakeholders together in a commitment to Information Security best practices that appropriately balance mission, risk, and regulation.

The CISO is responsible for the ongoing development and delivery of a comprehensive University-wide Information Security strategy that adequately protects information assets, aligns with and supports the risk posture of the University, and meets applicable compliance and regulatory requirements. The CISO leads the Information Technology Security Office (ITSO) and Identity and Access Management (IAM) teams in working collaboratively with colleagues and partners across technology and user communities to protect Duke's information assets through the evaluation, development, implementation, management, and evolution of effective Information Security practices. The CISO aligns those programs and practices with institutional strategy, seeking to optimize the campus security technology practices amid changes in needs and environmental landscape, both internally and externally. This requires continually balancing of the need for added protections against the community's need for effective and easy to use IT services, as well as balancing the impacts of security with the University's commitments to protect privacy. Achieving this requires the CISO to stay abreast of changing regulatory, legal, and legislative requirements, monitor the threat landscape to anticipate new threats, and plan, take, and as appropriate mandate actions to advance the cybersecurity of the University. The CISO will operate in Duke's collaborative environment where faculty, students, and other stakeholders are regularly consulted as to the impact of the cybersecurity developments on their work.

Duke's next CISO will assume leadership of a mature, well resourced, and respected program stewarded by a talented, collaborative team. ITSO comprises 14 full-time professional staff. 10-15 students drawn from Duke and neighboring colleges and universities staff the SOC, typically on one- to two-yearlong internships. Equally mature and well-resourced is the IAM team, which comprises eight full-time staff who use sophisticated automated means for managing the electronic identity lifecycle for ~100,000 accounts across the University and Health System as well as the access control and authentication infrastructure.

A full version of the position description can be found here.

Qualifications

Success in the role requires a range of experiences and a core set of interpersonal skills that will ensure strategic leadership of the Information Security and Identity Management units and will enable effective engagement within OIT and across the University's decentralized organizational environment.

Required

• Bachelor's degree and a minimum of seven years of experience directly related to the duties and responsibilities specified, or an equivalent combination of education and experience
• Extensive knowledge of and experience in a leadership position in a higher education setting or in a similarly complex, decentralized, multi-stakeholder environment
• Knowledge of sound management and administration principles and practices for managing direct reports; effective interpersonal communication, human relations, and team-building skills
• Extensive background in and understanding of the spectrum of Information Technologies and how IT Security fits into it
• Advanced knowledge of IT Security best practices and developments
• A current and comprehensive grasp of IT Security risks and challenges in a global context
• Mature diplomacy skills and the ability to moderate between competing parties
• Knowledge of systems and project management principles and practices
• Demonstrated negotiation skills
• Ability to explain technical issues and policies to non-technical partners
• Excellent oral and written communication skills
• Ability to foster and maintain good working relationships with faculty, administrators, students, senior management, and other IT leaders
• Ability to develop and manage budgets and assess technical proposals

Preferred

• IT security management experience in a higher-education environment
• Professional credentials relevant to Information Security
• A graduate degree

To Apply

Duke University has retained Opus Partners (www.opuspartners.net) to support this recruitment. Craig Smith, Partner, and Abigail Maynard, Senior Associate are leading the search. Inquiries, applications, and nominations should be sent to abigail.maynard@opuspartners.net. The search process will unfold with the greatest possible attention to candidate confidentiality. Required application materials include a resume and cover letter. The cover letter should reflect how candidates' qualifications and experience match those described in the full position description.

Duke University prohibits discrimination and harassment and provides equal employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status. Duke is committed to recruiting, hiring, and promoting qualified women, minorities, individuals with disabilities, and veterans. For additional information about Duke's policies on an equal opportunity, affirmative action, and diversity, equity, and inclusion, see https://hr.duke.edu/policies/diversity.

Job Code: 00002431 SENIOR DIR, IT
Job Level: F

Duke is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status.

Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas-an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.

Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essential job functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.