General Summary of Position:
The Chief Information Security Officer (CISO) at UMass Lowell is the information security leader on campus, responsible for the overall planning, development, implementation, and oversight of the UMass Lowell information security program. This position is an enthusiastic advocate for information security best practices with an intense interest in the ways information security can secure UMass Lowell.
The CISO works collaboratively with Information Technology leadership, senior academic and administration leaders, and the campus community to establish information security programs. This includes information security policy, practices, and standards; information security awareness and training; information security incident response and management; risk assessment and management; and information security-related IT architecture. The CISO directly manages a team of five professionals.
The CISO is the go-to source for information security advice, direction, guidance, and leadership for the CIO, directors, managers, faculty, and staff at UMass Lowell. The CISO also serves as the primary information security liaison to federal, state, local, and internal audit organizations, including the UMass system-wide Information Security Sub-Committee and the Office of the General Council.
The environment at UMass Lowell is collaborative, collegial, and dynamic, both challenging and rewarding. The CISO reports to the Chief Information Officer (CIO) and is a key member of the CIO’s senior staff. The CISO will supervise a team of very experienced information security staff consisting of full-time employees, part-time employees, and contractors. The CISO will lead cross-functional teams and will have budget authority for the Information Security Group.
Minimum Qualifications (Required):
- Bachelor’s degree and a minimum of 7 - 10 years of combined experience in information security, information technology and related services and management
- Minimum of 5 - 7 years of direct management experience of highly skilled staff
- Master’s degree in business, management, or technology, or a willingness to work toward a degree, is preferred
- CISSP, CISM, or other appropriate certification required. CISSP and cloud security certification preferred
- Experience with strategic IT planning, budget execution, and delivery of responsive technical services required
- Exceptional communication, policy development, project management, problem solving, analytical, and organizational skills Demonstrated experience working with constituent groups at all skill/management levels
- Ability to work effectively with multiple constituencies, establish consensus on common technology goals and balance centralized policies with decentralized but compatible applications
- An affinity for problem solving and a willingness to seek out new opportunities to improve processes and overall security in the environment
- Knowledge and understanding of relevant legal and regulatory requirements, such as Health Insurance Portability and Accountability Act (HIPAA), GDPR, GLBA, Payment Card Industry/Data Security Standard (PCI/DSS), NIST Cybersecurity Framework, CMMC, FERPA, NIST SP800-171, NIST SP800-53, CIS Benchmarks, and/or equivalent frameworks
- Hands-on technical experience in areas such as desktop computing, networking, enterprise-level security, email systems, antivirus/spam countermeasures, authentication and authorization, enterprise identity management, policy development, and business continuity planning
- Demonstrated experience managing incidents and the ability to communicate lessons learned to avoid similar mishaps
- Demonstrated experience with vendor relations, purchasing, budget administration, and capital planning
- Experience with a variety of information security tools systems including but not limited to: Proofpoint, MS Office 365 (Defender, Purview, InTune), Qradar, Tenable, Palo Alto, detection and response tools
Additional Considerations:
- Experience in R1, R2, or D/PU universities is a plus, but not required
- Given the nature and responsibilities of the position, only U.S. persons (any individual who is a citizen of the United States, a permanent resident alien of the United States, or a protected individual as defined by 8 U.S.C.1324b(a)(3)) will be considered for this position.
Special Instructions to Applicants:
Initial review of applications will begin immediately and continue until the position is filled. However, the position may close when an adequate number of qualified applications is received.
This is a Non-Unit, Professional position, Grade P24.
Please include a resume and cover letter with your application. Names and contact information of three references will be required during the application process.
