Chief Information Security Officer

The Chief Information Security Officer (CISO) at Princeton is responsible for developing, expanding and maturing the University information security policy and strategy and draws on domain expertise, a capacity for vision and change management and communication skills to establish a high level of understanding of and attention to information security in a world-class institution of teaching, learning and research. 

The CISO works collaboratively with University leadership and departmental technical and administrative staff throughout campus. The CISO develops and leads outreach, communication and education efforts to raise campus-wide awareness of information security risk, requirements and solutions; provides strategic and technical guidance and assistance in the design and implementation of appropriate security processes for campus-wide information systems; directs the University IT Risk Assessment process; recommends and monitors computing practices to prevent and recover from security breaches and handles breaches when they occur; provides vision, leadership and development of robust security operations and vulnerability management; and leads the operations and success of access security requirements. 

The CISO reports to the Vice President for Information Technology and Chief Information Officer and collaborates with OIT senior staff and key campus business and IT leaders to shape security and business-continuity standards and action plans. The CISO also plays a leadership role in the implementation of security practices and policies through collaboration with technical staff. The CISO has dotted line responsibilities to the VP and Dean for Research, and is designated as the University Research Security Officer for federal grants and projects.  

Strategic Planning and Policy Development –

• Provides guidance and counsel on information security to the CIO, OIT senior staff and University stakeholders. 

• Works with campus leadership to develop a strategy for information security that balances Princeton's academic values with institutional attention to the risks and requirements generated by the University's increasingly information-rich environment and external regulations. 

• Recommends strategies and practices to ensure information security and leads the design, development and implementation of the University's security and data-governance policies and procedures in consultation with University leadership, OIT and campus technical staff and IT advisory bodies. 

• Represents the University in assessing and approving research security needs and establishes and maintains a strong partnership with Research Protections and Administration, and the Research Integrity Office. 

• Advises University leaders on emerging information security risks and opportunities created by Princeton's role as a world-class institution of teaching, learning and research with increasing global relationships and activities. 

• Tracks industry and higher-ed information security best practices to keep abreast of current techniques, systems and applications. 

• Assumes responsibility for information-security policies and effective IT risk management and compliance across the University; coordinates campus-wide data governance and security initiatives. 

• As a member of the CIO leadership team, contributes to the overall development of OIT's strategic goals, performance metrics, communication practices and culture. 

Management –  

• Leads the overall management and success of a robust, current and expanding information security office. 

• Leads an annual IT Risk Assessment process and maintains the efficacy of an IT Business Continuity Plan. 

• Maintains a close relationship with the offices of General Counsel, Audit and Compliance and Public Safety; serves as liaison between these groups and IT professionals for matters pertaining to campus IT security. 

• Assesses hardware/software/services being considered for purchase or implementation for security strengths/risks and information security features; provides security requirements for software/services RFPs. 

Training and Outreach –  

• Develops and leads education and training programs on institutional policy, guidelines, federal and state laws and regulations and best practices around information security. 

Essential Qualifications:   

• At least 10 years of current experience directly related to the responsibilities of the role  

• Demonstrated domain expertise 

• A strategic grasp of information security at both institutional and operational levels 

• The capacity to articulate a vision for information security that engages all constituents, satisfies internal and external requirements, and enables Princeton's ongoing pursuit of excellence and innovation in its academic and research fields 

• Communication and collaboration skills to build support for security-related initiatives and objectives 

• Experience in higher education or a research environment is preferred 

• Broad knowledge of computer security issues, requirements, and trends 

• Exceptional interpersonal and communication skills, plus the ability to achieve goals through influence, collaboration and cooperation 

• Demonstrated ability to work effectively with an array of constituencies in a community that is both demographically and technologically diverse 

• Skill in developing policy and procedure in a complex, decentralized, and mission-oriented environment that maintains in a department-based model of resource allocation and deployment 

• Experience providing education and training programs on security policies and practices to a range of technical and non-technical constituents 

• The ability to establish, implement, maintain, and modify computer and data security guidelines and procedures to achieve the compliance objectives of an organization in harmony with the principles of academic freedom that remain core to a world-class university 

• The ability to evaluate security software products, oversee their installation and implementation, and interpret findings for practical use by law enforcement, legal counsel, and senior management as applicable 

• Experience evaluating and providing guidance on the information-security elements of software and hardware acquisitions, IT services, cloud-based solutions, mobility, and other present and emerging dimensions of IT solutions and services in a complex environment 

• Integrity and high standards of personal and professional conduct 

Education:

• Bachelor's degree required, preferably in computer science or information technology
• Graduate degree preferred in computer science or related field, or equivalent experience and relevant professional credentials 

Preferred Qualifications: 

• Graduate degree in computer science or related field, or equivalent experience and relevant professional credentials

Princeton University has retained Boyden Executive Search https://www.boyden.com/ to support the recruitment of this position. Confidential inquiries, applications, and nominations should be sent by email Sara Swisher-Anderson, sswisher@boyden.com, or Leslie Smith, Leslie.Smith@boyden.com, Senior Associates at Boyden.

Princeton University is an Equal Opportunity/Affirmative Action Employer and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability status, protected veteran status, or any other characteristic protected by law. KNOW YOUR RIGHTS