By Bob Gourley
A reader just brought a job description to my attention and I wanted to share it with you in the hopes that you will pass it along till the right person is found for this very important position.
Chief Cyberinfrastructure Security Officer
Internet2® is a member-owned, advanced technology community founded by the nation’s leading higher education institutions in 1996. Internet2 provides a collaborative environment for U.S. research and education organizations to solve common technology challenges, and to develop innovative solutions in support of their educational, research, clinical and community service missions. Internet2 is a national organization with offices in Ann Arbor, Michigan; Denver, Colorado; Emeryville, California; West Hartford, Connecticut; and Washington, DC.
Position Summary: The Internet2 Chief Cyberinfrastructure Security Officer (CCSO) is the leader responsible for establishing the cyberinfrastructure security strategy and direction for Internet2′s global infrastructure programs. The CCSO oversees and coordinates all security efforts across the Internet2 infrastructure and is accountable and responsible for setting organizational policies and approaches while engaging with the Internet2 member community. The CCSO provides leadership for the Internet2 cyber security program through strong working relationships and collaboration across the staff and community, including policy and operational areas. We are seeking an individual with deep technical skills that can engage with a technical community and staff as well as work in policy and procedure areas while mentoring operations teams. The CCSO is responsible for the creation and implementation of the organization’s information security program; advising on risk management; advising on information security as it relates to infrastructure; conducting security education, training, and awareness activities; monitoring compliance with security programs and applicable laws; and coordinating investigation and reporting of security incidents. The CCSO reports to the Vice President for Network Services and will have responsibility for security across all Internet2 infrastructure programs.
The CCSO serves as the process owner of all ongoing activities related to the confidentiality, integrity and availability of Internet2 infrastructure resources, in compliance with Internet2 policies and legal and contractual requirements. A key element of the CCSO’s role is working with executive management from Internet2 and its member institutions to determine acceptable and achievable levels of security and risk management for the organization’s infrastructure. Consequently, the CCSO position requires a visionary leader who is highly knowledgeable about the business environment, the threat landscape, and cyber security architecture, security technology and operations. Additional elements of this role include developing strong partnerships with partner cyber security R&D teams throughout the community as well as outreach to entities beyond Internet2.
Additionally, the CCSO is responsible for developing as necessary a professional cyber security team that is responsible for providing cyber security protection recommendations and for the administration and monitoring of enterprise security controls.
- Advocate for all infrastructure security related issues including the planning and development of Internet2′s security strategy in support of the organization’s mission.
- Collaborates with key community leaders, partners and staff to develop security policies, standards, and procedures to ensure the confidentiality, integrity, and availability of the organization’s systems related data.
- Ensures that the organization’s IT infrastructure is secured based on the assessed risk to the organization and the community it serves.
- Advises executive staff on risk management issues to ensure the appropriate application of controls. Consults with service owners regarding their security risks and responsibility in minimizing those risks.
- Coordinates with the appropriate entities in any lawful compliance reviews or investigations related to the security of electronic information and/or any information technology investigation.
- Oversees incident response planning in coordination with key partners and the REN-ISAC, as well as the investigation of security breaches, and assists with disciplinary and legal matters associated with such breaches as necessary.
- Establishes security awareness and training standards and oversees organization-wide and partner-wide participation.
- Works with outside entities, as appropriate, for independent security audits, assessments, and intrusion and penetration testing.
- Represents Internet2 cyber security for internal and external communications.
- Bachelor’s Degree in Computer Science, Information Systems, Business, or related field or equivalent work experience.
- Minimum of 10 years of progressive experience in the network security and information security policy workforce.
- Leadership experience and established track record of successfully and directly managing cross functional teams of administrative, policy-focused professionals and security operations staff, matrixed project teams, and complex budgets.
- Practical experience designing and implementing enterprise information technology security solutions.
- Strong demonstrated knowledge of information technology and all IT Operations and how they affect/support the business and how cyber security relates to and impacts the overall IT and business environment.
- Experience working with information security laws and standards such as the Federal Information Security Management Act (FISMA), National Institute of Standards and Technology (NIST) and Federal Information Processing Standard (FIPS) publications and standards, generally accepted information security principles, and accepted industry best practices.
- Knowledge and understanding of relevant legal and regulatory requirements, such as OMB A-123, Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry/Data Security
- Demonstrated professional experience in preparing and presenting information effectively, clearly, and concisely, in written and spoken form to a wide-range of internal and external constituencies, including non-technical executives, officers, product or service vendors, and managers.
- Experience working in a risk based environment including mitigation, planning and implementation.
- Certified Information Systems Security Professional (CISSP) certification.
- Must hold a current US Security clearance or have the capability of receiving a US government Security clearance (US Citizenship required).
Desired Skills & Experience
- MBA or other graduate level degree.
- Experience managing cyber security within the Federal government or collaborating with Federal Government agencies.
- Certified Information Security Manager (CISM) or other Information Security / IT audit certification (e.g. CISA).
- Project management skills; financial/budget management, scheduling and resource management.
All applications will be held in the strictest confidence. Internet2 is a 501.C.3 not-for-profit organization and equal opportunity employer.