Chief Information Security Officer

Main Content

Click here to view a list of current vacancies.

Chief Information Security Officer
Office of Technology Services
Vacancy number 301416

Position Type: Regular, full-time exempt position with full, competitive benefits package
Opens: 10/20/23     Closes: Open Until Filled

Salary: $130,000-$150,000

• excellent tuition remission benefits
• outstanding health benefits plans and rates
• at least 11 paid holidays each year
• 40 days of annual, personal, and sick leave each year, including 20+ annual leave days
• great retirement plans

Reporting to the Deputy CIO (DCIO), the Chief Information Security Officer (CISO) is a senior-level technical leader responsible for administering and managing UBalt’s information security architecture, strategy, policies, programs, and practices. The CISO’s primary role is to ensure the confidentiality, integrity, and availability of information assets and to protect these assets from various cyber threats and risks. This position and program contribute to the mission of the University by maintaining the integrity of campus technology resources, appropriate protection of information, identification and mitigation of technology and information-related risks and driving compliance with University System of Maryland (USM), state and federal requirements. The CISO is responsible for a range of activities including policy and standards development, security assessments, incident response, awareness training implementation, log management and monitoring, audit coordination, and oversight of intrusion detection and prevention systems. This position provides analysis, serves as a consultant, and takes an active role in overall technology change management and procurement.

We look forward to receiving your required electronic application with a cover letter and resume and learning about your interest in and qualifications for our vacancy.  Please save your required cover letter and resume as one document (please make the file name short and without spaces or special characters) and attach it in the resume location. To apply, visit http://www.ubalt.edu/candidate_gateway/erecruit.html . Additional instructions below.

Key Functions/Responsibilities/Tasks:

Information Security Program:  Oversees, administers and improves the University’s overall information security program in support of the appropriate confidentiality, integrity, and availability of information and technology systems.
•    Monitors security trends and advocates for security practices, policies and technology.
•    Facilitates the selection and implementation of information security solutions including, but not limited to, anti-virus, anti-malware, firewalls, virtual private network (VPN), intrusion prevention system (IPS) and security information and event management (SIEM).
•    Participates in the selection of IT infrastructure and software; develops and specifies security requirements.
•    Leads the University’s privacy initiative, maintaining compliance with USM standards and guidelines.
•    Performs ongoing analysis and correlation of information collected by IPS and SIEM systems; responsible for the ongoing maintenance and support of these systems.
•    Verifies completion of ongoing maintenance and support of SIEM and IPS systems.
•    Leads the security incident response team.
•    Investigates incidents that are detected or reported.
•    Reports issues to OTS leadership, or other personnel, as appropriate.
•    Develops and reviews automated reports to achieve compliance with USM policies, state, federal and audit requirements.
•    Reviews security advisories, assessing relevance and risk, and disseminates to relevant technical staff.
•    Prepares an annual IT security program update for the Chief Information Officer (CIO). Reviews update with the CIO for presentation to the President.

Audits and Assessments:  Acts as the primary point of contact for all IT-related audits in support of consistent, efficient and effective audit activities and overall staff accountability.
•    Provides support and oversight for all technology audits of all campus units.
•    Serves as project manager on all internal audits involving OTS.
•    Tracks resolution of audit findings, providing periodic status updates to CIO.
•    Conducts required network and server vulnerability assessments.
•    Conducts routine audits of the network infrastructure configuration to ensure security best practices are being utilized.
•    Tracks security vulnerabilities and remediation activities; holds employees and leaders accountable for timely resolution.
•    Partners with Chief IT Architect to perform vendor security assessments.
•    Provides leadership, direction, and continual improvement of a personally identifiable information (PII) monitoring program.
Architecture, Policy, Standard, Guideline and Procedure Development: Oversees the development and maintenance of a comprehensive information security policy framework.
•    Identifies needs in the policy framework and proposes associated efforts to the DCIO and CIO.
•    Serves as a key developer of information security policies, standards, guidelines, and procedures.
•    Work with the Chief Architect to develop and document security architecture and standards.
•    Periodically reviews elements of the existing policy framework for needed updates.
•    Monitors USM policies and State of Maryland legislation for framework requirements.
•    Active member of the USM Privacy and Security Councils.

Documentation and Cross Training: Develops and maintains documentation in support of a sustainable and auditable security program.
•    Develops and maintains documentation for all aspects of the information security program and infrastructure.
•    Reviews security-related documentation of other technology units and makes recommendations for necessary improvements.
•    Provides periodic training to staff members serving with backup responsibilities for information security activities.
•    Develops, implements and maintains an ongoing IT security awareness program.
•    Works with the Office of Human Resources to ensure that faculty, staff, and students are provided with appropriate security training.

Change Management and Project Consulting:  Participates in technology change management and on project teams providing comprehensive analysis in support of successful changes and fully developed project requirements and plans.
•    Serves on the technology Change Control Board (CCB).
•    Participates in project evaluation teams so that security is part of the system development life cycle (SDLC).

Required Education:
Baccalaureate degree in Computer Science, Information Technology Engineering, or related field/discipline that informs and supports position responsibilities and duties.

Required Experience:
•    7 years of IT experience to include:
o    5 years of experience in information security administration and production support in a distributed networking environment
o    Required familiarity with major information security tools
o    Experience with risk and vulnerability assessment and penetration testing
•    Experience working and interacting with technical teams
•    CISSP Certification

Preferred Education:
Graduate degree in Computer Science, Information Technology Engineering, or related field.

Preferred Experience:

•    10 years of progressive information security administration and enterprise production support experience
•    3 years in higher education
•    Experience with State of Maryland and USM audit processes

Knowledge, Skills and Abilities:

Analytical Skills

•    Ability to perform development and systems analysis including identifying security threats and impact for applications and technology infrastructure used by UBalt.
•    Ability to gather, compile and analyze data to make practical recommendations at the tactical level to leadership.
•    Experience conducting security analysis, including elements such as:
o    Potential security threats to UBalt
o    Documenting information security processes
o    Developing and assessing business cases for change
o    Measuring the impact of security improvements
o    Participating in change management processes

Interpersonal

•    Flexible, adaptable and able to sustain momentum, effectiveness and enthusiastic demeanor while conditions and organizational structures may be fluid.
•    Good interpersonal skills and experience working with multiple internal and external constituencies; able to gain community respect and possesses good relationship building skills.
•    Good communication capabilities, including giving presentations, and speaking publicly.
•    Ability to translate complex security concepts into easily understandable terms.
•    Ability to work well with functional and technical teams and staff at all levels of the organization.
•    Demonstrated ability to communicate clearly, concisely and accurately with people, verbally and in writing.

Technical

Infrastructure Hardware and Software:

•    Intrusion detection and prevention
•    Security incident and event management
•    Virtual private networking
•    Encryption technology

Analytical Skills

•    Ability to perform development and systems analysis including identifying security threats and impact for applications and technology infrastructure used by UBalt.
•    Ability to gather, compile and analyze data to make practical recommendations at the tactical level to leadership.
•    Experience conducting security analysis, including elements such as:
o    Potential security threats to UBalt
o    Documenting information security processes
o    Developing and assessing business cases for change
o    Measuring the impact of security improvements
o    Participating in change management processes

Interpersonal

•    Flexible, adaptable and able to sustain momentum, effectiveness and enthusiastic demeanor while conditions and organizational structures may be fluid.
•    Good interpersonal skills and experience working with multiple internal and external constituencies; able to gain community respect and possesses good relationship building skills.
•    Good communication capabilities, including giving presentations, and speaking publicly.
•    Ability to translate complex security concepts into easily understandable terms.
•    Ability to work well with functional and technical teams and staff at all levels of the organization.
•    Demonstrated ability to communicate clearly, concisely and accurately with people, verbally and in writing.

Technical

Infrastructure Hardware and Software:

•    Intrusion detection and prevention
•    Security incident and event management
•    Virtual private networking
•    Encryption technology
•    Firewalls
•    Networks and related components
•    Cisco IOS
•    Application gateways and load balancers
•    Network scanning tools such as Nessus
•    Encryption technology
•    Communications technology
•    Wireless networking
•    802.1x
•    Data storage
•    Microsoft Windows desktop and server operating systems
•    Microsoft SQL Server
•    Microsoft Exchange
•    Microsoft Office365 security and compliance
•    Linux
•    Apple desktop and mobile operating systems
•    Android operating system
•    Microsoft Azure
•    Amazon Web Services
•    Active Directory and Azure Active Directory
•    SAML
•    DHCP
•    DNS
•    LDAP
•    SSH
•    SMTP
•    FTP
•    SMB
•    CIFS
•    NFS
•    RDP
•    Antivirus
•    Terminal Server

The University of Baltimore (“UBalt” or “University”) does not discriminate on the basis of sex, gender, race, religion, age, disability, national origin, ethnicity, sexual orientation, gender identity, or other legally protected characteristics in its programs, activities or employment practices. UBalt is an Equal Opportunity/Affirmative Action/ADA Compliant Employer & Title IX Institution.

We appreciate your interest in our recruitment. Please review the information below before you visit http://www.ubalt.edu/candidate_gateway/erecruit.html  to apply.
We need to receive your electronic application in our system by the vacancy closing date in order to consider you for the vacancy.  Information follows about submitting the electronic application and attaching your required cover letter and resume.
Applicant Instructions: Using Candidate Gateway to View and Apply for UBalt Vacancies

The Candidate Gateway system serves as your connection to The University of Baltimore’s job application process. It is a free, safe and secure way for you to apply for the job you want, and it allows the Office of Human Resources to maintain accurate records. Your use of the system does not require you to surrender any of your rights to privacy or confidentiality during the application process. Only qualified members of UBalt’s Human Resources team and members of the relevant search committee can access your application information. The search committee will not have access to any information you provide to HR for affirmative action reporting purposes.

Please read and print the information below before you apply, and refer to it as you enter your application.

NAVIGATION

A – COVER LETTER AND RESUME ATTACHMENT AND UPLOAD

Before you apply:

• Save one PDF or Word file with your cover letter, resume, and any additional information you would like to have considered.

When you apply:

•In Candidate Gateway: Click “Browse” to access the Word or PDF document you saved with all of your documents.
•Then, click “Upload” to attach it.
•Click “Continue” to continue the application process.

B – ENTER DATA ON THE FOLLOWING PAGES:

Each page shows this display:
Previous Save Submit Close Application Careers Home NEXT

above and below the required data for the four categories shown above.

Click “Save” to save the data you entered on that page. The message “You have successfully submitted your job application.” confirms only that you entered that page of information into the system. You must click “Next” to continue and complete the entire application process.

1. Current and Prior Employment/Work Experience:

•Enter employment information relevant to your position of interest.
•You can use the first day of the month wherever dates are required.
•After you enter your work experience, click “Save,” then click “Next.”

2. Education/Education History and References:

•Use the dropdown to enter your highest education level.  Entering this information is required.
•Then, only college and university information is required. Click the plus sign to the left of the “Postsecondary Education” link to enter that information.
•For country, enter USA or click the hourglass to select another country.
•You can use the first day of the month wherever dates are required.
•Click the plus sign to the left of “References” to enter three professional references.
•After you enter your education information and references, click “Save,” then click “Next.”

3. How did you find out about us/how did you find out about the job?

•After you enter this information, click “Save,” then click “Next.”

4. Online Questionnaire/Application Questionnaire: Answer the questions requiring a yes or no response. After you answer them, click “Submit.” This leads you to the Submit Online Application page.

C – SUBMIT ONLINE APPLICATION

To apply for your selected job: When you reach the “Submit Online Application” page shown below, you must click “I agree to these terms” and then click the “Submit” button at the end of the screen. After you click “Submit,” then you will see this information at the top of your screen:

My Applications
Thank you for your interest in employment at The University of Baltimore. HR will process your application documents for the search committee’s consideration.
Note: This screen will also show additional information about the selection process and Office of Human Resources contact information.

Questions/Help
If you have trouble viewing our job postings or applying for the vacancy, contact [email protected]  for assistance.

TO APPLY:

External applicants: Review the vacancy announcement at http://www.ubalt.edu/candidate_gateway/erecruit.html  and click the external applicant link to apply.

Internal applicants (students taking classes at UBalt and current employees) with login and password for MyUBalt: use the internal applicant link, log into MyUBalt, then click the “View or Apply for Job Positions” link on the left.

http://www.ubalt.edu/hr
•Never use the browser “Back” and “Forward” arrows to navigate. You will lose the information you have submitted.
•To navigate between pages, use the “Next,” “Previous,” and “Return to Previous Page” buttons.
•Use the “Save” button to save your information so you can return to it later and complete your application. Using “Save” does not complete the process to apply for a job opening.

The University of Baltimore (“UBalt” or “University”) does not discriminate on the basis of sex, gender, race, religion, age, disability, national origin, ethnicity, sexual orientation, gender identity, or other legally protected characteristics in its programs, activities or employment practices. UBalt is an Equal Opportunity/Affirmative Action/ADA Compliant Employer & Title IX Institution.