| Position Title |
| Chief Information Security Officer |
| The Opportunity |
| The Chief Information Security Officer's (CISO) role is to provide vision and leadership for developing and supporting security initiatives such as development and implementation of the strategies, processes, tools, and policies necessary to prevent, detect, document, and counter threats to digital and non-digital information. The CISO directs the planning and implementation of enterprise IT systems, business operations, and facility defenses against security breaches and vulnerability issues. This individual is also responsible for auditing existing systems, while directing the administration of security policies, activities, and standards. |
| Responsibilities |
- Develop and implement a long-term information security strategy and framework to ensure that Mines' information assets are adequately protected.
- Participate as a member of the senior management team in governance processes of the organization's security strategies.
- Lead strategic security planning, working with the institutional leadership to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies using a risk-based assessment methodology that goes beyond the traditional compliance only view to one that adopts a holistic approach to information security.
- Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders.
- Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
- Develop, implement, maintain, and oversee enforcement of policies, procedures, guidelines, and associated plans for system security administration and user system access based on industry-standard best practices and coordinate their approval and dissemination.
- Define and communicate institutional plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies.
- Oversee the evaluation, selection, and implementation and maintenance of information security technologies.
- Chair the institution's information security steering advisory committee
- Act as advocate and primary liaison for the institution's security vision via regular written and in-person communications with the leadership executives, department heads, and end users.
- Work closely with the CIO and the IT department on institution-wide technology development to fully secure information, computer, network, and processing systems.
- Identify, evaluate, and report on information security best practices and standards (e.g. FERPA, HIPPA, PCI, CMMC, NIST).
- Manage the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, SIEMs, cryptography systems, and anti-virus software.
- Develop, and track the security services annual operating and capital budgets for purchasing, staffing, and operations.
- Partner with teams within the IT department and across campus to ensure that technologies are developed and maintained according to security policies and guidelines and recommend and implement changes in security policies and practices in accordance with changes in local or federal law.
- Creatively and independently provide resolution to security problems in a cost-effective manner.
- Assess and communicate any and all security risks associated with any and all purchases or practices performed by the institution.
- Collaborate with the CIO, privacy officer, and HR to establish and maintain a system for ensuring that security and privacy policies are met.
- Where necessary, supervise recruitment, development, retention, and organization of security staff in accordance with the budgetary objectives and personnel policies of the institution.
- Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, partner organizations, and internal and external IT audit groups.
- Remain informed on trends and issues in the security industry, including current and emerging technologies. Advise, counsel, and educate executives, management teams, and all relevant stakeholders on their relative importance, financial impact and appropriate courses of actions.
- Liaise with law enforcement and other advisory bodies as necessary to ensure that the organization maintains a strong security posture.
- Help to foster a security-aware culture across the Mines community through the development of a comprehensive information security awareness campaign that engages with students, instructors, researcher, and administration.
- Coordinate incident response planning and the investigation of security breaches and assist with any associated disciplinary, public relations and legal actions.
|
| Minimum Qualifications |
- University degree in Computer Science or a field closely related to computer science.
- Master's or PhD degree in one these fields or Information Security preferred. Individuals without a degree may be considered if they demonstrate possession of substantially the same knowledge level found in a degree, but have attained the advanced knowledge through a combination of work experience and intellectual instruction. Experience working in higher education is preferred.
- CEH (Certified Ethical Hacker), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) and CISA (Certified Information Security Auditor) certifications preferred.
- 10 years' experience managing and/or directing an IT and/or security operation, including information security governance and risk-based decision support.
- 10 years' experience working in the cyber-security industry.
- Demonstrated experience creating and driving enterprise security programs including but not limited to security awareness training programs and risk assessments programs.
- Proven experience in planning, organizing, and developing IT security and facility security system technologies.
- Experience in planning and executing security policies and standards development.
- Excellent knowledge of technology environments, including information security, building security, and defense solutions.
- Considerable knowledge of business processes, management, budgeting, and security risk reduction and mitigation operations.
- Substantial exposure to data processing, outsourced systems, hardware platforms, enterprise software applications, including but not limited to SIEMs, Firewalls, Intrusion Prevention and Detection Systems, SOCaaS, and vulnerability assessment audits.
- Experience running and managing a Security Operations Center (SOC)
- Mastery of trends and benchmarks in the information security landscape.
- Excellent executive level presentation and communication skills
- Experience with process improvement techniques and methodologies
- Excellent understanding of project management principles.
- In-depth knowledge of applicable laws and regulations as they relate to security including but not limited to security standards like NIST (National Institute of Standards and Technology), CMMC (Cybersecurity Maturity Model Certification) compliance.
|
|
About Mines & Golden, CO
|
|
Mines is consistently among the top engineering colleges in the United States and ranks number one as the best public school in the state for best value colleges. Mines is located in the heart of Golden, Colorado, a western suburb of Denver. The campus location offers a small-town ambiance with close proximity to all that the Denver metropolitan area has to offer with an abundance of cultural events, museums, theaters and sporting venues. We seek individuals who value a diverse and inclusive community - offering different perspectives, experiences, and cultures that enrich the educational and work experience.
|
| Equal Opportunity |
|
Colorado School of Mines is committed to equal opportunity for all persons. Mines does not discriminate on the basis of age, sex, gender (including gender identity and gender expression), ancestry, creed, marital status, race, ethnicity, religion, national origin, disability, sexual orientation, genetic information, veteran status or current military service. Further, Mines does not retaliate against community members for filing complaints regarding or implicating any of these protected statuses.
Mines' commitment to nondiscrimination, affirmative action, equal opportunity and equal access is reflected in the administration of its policies, procedures, programs and activities and in its efforts to achieve a diverse student body and workforce.
Through its policies, procedures and resources, Mines complies with federal law, Colorado state law, administrative regulations, executive orders and other legal requirements to prevent discrimination (including harassment or retaliation) within the Mines campus community and to address potential allegations of inequity or concerns for safety.
|
| Pay Range |
|
$175,000 - $195,000
Mines takes into consideration a combination of candidate's education, training and experience as well as the position's scope and complexity, the discretion and latitude required in the role, work location, and external market and internal value when determining a salary level for potential new employees.
|
| Total Rewards |
| Mines is proud to provide exceptional benefits that include pay, health & wellness and work/life balance offerings. Our portfolio of benefits includes medical, dental, vision, disability insurance, flexible spending accounts, life insurance, and retirement savings plans. Additionally, Mines employees are eligible for tuition benefits (for employees and dependents), generous paid holidays and leaves and discount programs. For more information, visit . |
| How to Apply |
| For full consideration, please apply by June 5 at 11:59 p.m., Applicants will be asked to complete an online application (personal information, demographic information, references, veterans status) and upload a resume and cover letter (required). References will not be contacted until later in the selection process and you will be informed before that contact is made. |
| Background Investigation Required |
| Yes |
| COVID-19 Vaccine Requirement |
This position will require documented proof of full COVID-19 vaccination or exemption because of a medical or religious exclusion. New employees will be required to provide attestation to their status with proof of vaccination upon hire. Religious and medical exemptions and reasonable accommodation shall be addressed as required by law pursuant to the Equal Employment Opportunity Commission's vaccination guidance.
|
