Located in Middletown, Connecticut, Wesleyan University is one of the nation’s premier liberal arts colleges with 3,000 undergraduates and 200 graduates. Established in 1831, Wesleyan is known for its rich, open, and interdisciplinary curriculum. Wesleyan University takes the security and privacy of information and resources seriously.
Wesleyan University’s Information Security program safeguards the confidentiality, integrity, and availability of the institution’s information resources. The program provides tools and guidance to help the campus community minimize risks while maintaining productivity, and establishes policies to ensure compliance with regulations, proper usage, and security best practices.
Reporting to the VP for Information Technology & CIO, the Chief Information Security Officer (CISO) is responsible for maintaining and enhancing an information security management program that meets compliance and regulatory requirements and aligns with the risk posture at Wesleyan. The CISO works with executive management (e.g. the CIO, Legal Counsel, Cabinet, and the Board of Trustees) to determine acceptable levels of risk for the institution and will collaborate with functional areas to implement practices that meet defined policies and standards for information security. As the leader of the security program, the CISO coordinates disparate drivers, constraints, and personalities, while maintaining objectivity and a strong understanding that security is just one of the university’s activities.

MINIMUM QUALIFICATIONS

• Bachelor’s degree in business administration or a technology related field and at least 5 years of experience or an equivalent combination of education, training, and related work experience.
• Related work experience includes a combination of risk management, information security and information technology roles with progressively increasing responsibility including leadership experience.
• Effective communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
• Poise and ability to act calmly and competently in high-pressure, high-stress situations.
• Demonstrated ability to be a critical thinker, with strong problem-solving skills, a high degree of initiative, dependability, and the ability to work with little supervision.
• Knowledge and understanding of relevant legal and regulatory requirements, such as Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard, Family Educational Rights and Privacy Act (FERPA), General Data Protection Regulation (GDPR) Digital Millenium Copyright Act (DMCA), etc.
• Proven analytical skills, including the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Ability to lead and motivate interdisciplinary teams to achieve tactical and strategic goals.
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
• Proven thought leader, consensus builder, and an integrator of people and processes.
• Demonstrated commitment to work within a diverse environment and interact openly with individuals of different backgrounds.

PREFERRED QUALIFICATIONS

• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, NIST CSF, and NIST 800-171.
• Demonstrated financial/budget management, scheduling, and resource management skills.
• Experience with contract and vendor negotiations.
• Demonstrated project management skills

• Developing, implementing, and monitoring a strategic, comprehensive enterprise information security and IT risk management program.
• Supervising staff within the areas of information security and Identity and Access Management.
• Working directly with the functional areas to facilitate IT risk assessment and risk management processes and working with stakeholders throughout the university to align security controls with business processes.
• Providing regular reporting on the status of the information security program to enterprise risk teams and senior leaders as part of a strategic enterprise risk management program.
• Creating a framework for roles and responsibilities regarding information ownership, classification, accountability, and protection.
• Developing, maintaining, and publishing information security policies, standards, and guidelines. Overseeing approval, training, and dissemination of security policies and practices.
• Ensuring that security policies and programs are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
• Creating and managing information security and risk management awareness training programs for all employees, contractors, and approved system users.
• Facilitating a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security program.
• Managing security incidents and events to protect corporate information assets, including intellectual property, regulated data, and the university’s reputation.
• Liaising with external agencies such as law enforcement and other advisory bodies as needed to ensure that the organization maintains a strong security posture.
• Serve as liaison between the university and both internal and external auditors.
• Serve as the university’s Data Protection Officer.
• Other duties as assigned.
  This position is a hybrid position with on-campus and remote work schedules.
  Remote work is only considered for residents of MA, VT, NH, ME, CT, RI, or NY. (Relocation assistance to CT is available for those who qualify).