Position Title: Chief Info Security Officer

Employee Classification: Dir,Enterprise IT

College/Division: Information Technology

Department: 450250-IT COMPUTER SYSTEMS

Internal or External Search: External - Open to all applicants

Location: Las Cruces

Offsite Location (if applicable):

Target Hourly/Salary Rate:  To commensurate with qualifications

Appointment Full-time Equivalency:  1.0

Exempt or Non-Exempt:  Exempt

Summary:  Are you an experienced CISO looking for an exciting new challenge? We have a fantastic opportunity for you to lead our dynamic team in driving digital transformation and enhancing data security across our entire enterprise. You'll be at the forefront of cutting-edge technology and security practices, playing a crucial role in safeguarding our organization's data and supporting our mission. Join a passionate and dedicated team committed to excellence. Experience in Higher Education is a plus, but not required. If you're ready to make a significant impact and take your career to the next level, we want to hear from you!

Classification Summary:
Under limited supervision, administers multiple enterprise systems which have a university wide critical impact to core operational infrastructure. Sets strategic direction, and recommends institutional policy for enterprise information technology. Works with internal departments/units to identify opportunities to improve and refine services to meet their needs. Participates in the investigation, selection, and operation of information systems.

Classification Standard Duties:
Directs departmental operations and supervises employees directly and through lower level managers and supervisors. Participates in development, implementation, and maintenance of policies, objectives, short- and long-range planning; develops tracking and evaluation programs to assist in accomplishment of established goals. Develops and establishes policies and objectives consistent with those of the organization to ensure efficient operation of individual departments. Consults and coordinates with university officials on matters of policy, interdivisional interaction, and capital improvement issues. Collaborates with departments and administration to establish goals and priorities for technology solutions to meet institutional needs. Develops and manages annual budgets for the organization and performs periodic cost and productivity analyses.Develops and administers budgets and plans for technology development and deployment at the institution. Recommends and participates in the development of University policies and procedures; may serve on University planning and policy-making committees. Maintains currency of knowledge with respect to relevant state-of-the-art technology, equipment, and/or systems. Performs miscellaneous job-related duties as assigned.

Required Education, Experience, Certification/License, Equivalency
Required Education: Bachelor's degree.; Required Experience: Eight (8) years of increasingly progressive management experience in one or more areas that report to this position.; Certification/License: CISSP; Equivalency: Completion of a post-secondary degree or certificate may substitute for years of experience.

Knowledge, Skills and Abilities
KNOWLEDGE:Knowledge and strategic understanding of information security principles, practices, and requirements as they relate to a major public institution. Knowledge of organizational structure, workflow, and operating procedures. Knowledge and understanding of all Federal, State, and University laws, regulations, and standards pertaining to information security and privacy.; SKILLS:Program planning, development, implementation, and leadership skills. Demonstrated strategic planning and policy development skills gained at a senior level. Advanced analytical, evaluative, and objective critical thinking skills. Outstanding interpersonal skills and demonstrated ability to communicate and work effectively in business partner relationships. Demonstrated integrity and ability to maintain principles and make appropriate decisions under ethical pressure.; ABILITIES:Ability to supervise and train employees, to include organizing, prioritizing, and scheduling work assignments. Ability to anticipate need and effectively assist the organization to rapidly adjust and respond to rapidly changing information security conditions and trends

Job Duties and Responsibilities
Oversee the development, implementation, and monitoring of a strategic, comprehensive Zero Trust enterprise information security/cybersecurity program for the University system. Ensure information and data assets as well as technologies are adequately protected from both internal and external threats. Plan and implement security hardware and software, making sure IT and network infrastructure is designed around best security practices. Stay abreast of possible security threats, oversee real-time analysis of immediate threats, and actively work to prevent them from occurring. Implement threat modeling, formulate application security procedures, and resolution plans. Work across business units to identify and address security observations and findings. Responsible for integrating security plans and policies with the organization’s business process, training others on security procedures, purchasing security products, and ensuring that security practices are followed. Implement security scanning practices across all software assets in the development, test and production environment. Evaluate system vulnerability and recommend security improvements
- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program
- Work directly with the business units to facilitate risk assessment and risk management processes
- Partner with business stakeholders across the University System to raise awareness of risk management concerns
- Assist with the overall business technology planning including active participation in the IT Change Activity Board.
- Provide a current knowledge and future vision of technology and systems
- Documents the information security policies and procedures instituted by the organization’s Information Security Committee and coordinates the activities
- Performs information security assessments on a regular cadence consistent with CIO directives
- Develop and enhance an enterprise Zero Trust security framework
- Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
- Plan, design and implement security rehearsals including escalation management at least every 6 months
- Involved and provides 3rd party audit support audit support
- Responsible for ensuring University compliance with state and federal regulations, related to data and information security
- Acts on behalf of the CIO as the University’s compliance designee (includes but not limited to FERPA, HIPPA, PCI, FISMA, etc.)
- Prepares and manages the security budget
- Prepares, manages, presents security dashboards to upper level executives
- Establishes goals/measures for the University cybersecurity system including people are in the team
- Effectively manages a team of subordinates; works effectively with peers and other stakeholders, in support of the Working Better Together Guidelines.
- Performs other stretch assignments as directed by the CIO when required

Preferred Qualifications

ITIL

Special Requirements of the Position

Department Contact:  Jasmine Gomez, 575-646-3685, jgomez12@nmsu.edu

Contingent Upon Funding: Contingent upon external funding

Bargaining Unit Eligibility: This is NOT a bargaining unit position with American Federation of State, County & Municipal Employees (AFSCME).

Standard Work Schedule: Standard (M-F, 8-5)

If Not a Standard Work Schedule: 

Working Conditions and Physical Effort

Environment: Work is normally performed in a typical interior/office work environment.

Physical Effort: Light physical effort. Effort applies to no more than two (2) hours per day.

Lifting Requirements: Requires handling of average-weight objects up to 25 pounds or standing and/or walking for more than four (4) hours per day.

Risk: No or very limited exposure to physical risk.