Log In

Don't have an account? Sign up now

Lost Password?

Sign Up

Education / Further Education

Chief Information Security Officer Full Time

Applications have closed

Posting Number PG194334EP

Internal Recruitment No

Working Title Chief Information Security Officer

Anticipated Hiring Range Salary commensurate with experience (anticipated hiring range: $200,000 – $227,000)

Work Schedule Monday-Friday, 8:00 am – 5:00 pm, and other times as needed

Job Location Raleigh, NC

Department Office of Information Technology

About the Department
The Security & Compliance Unit (S&C) within the Office of Information Technology (OIT) oversees the cybersecurity of the University’s systems and data in a manner consistent with industry best practices and the University’s IT compliance and IT risk management obligations. S&C develops and ensures compliance with cybersecurity policies/regulations/procedures, supports and oversees implementation of strategic information security initiatives, provides operational security services, and provides campus-wide vendor risk and license management. S&C is also the functional lead for the university’s identity and access management program.

S&C’s overall responsibilities include the following:

  • Development/maintenance of the university’s cybersecurity strategic plan and roadmap
  • Implementation of strategic cybersecurity initiatives
  • Operational security services
  • Coordination of IT resilience efforts and change management processes
  • Manage the University wide operational cybersecurity services
  • Establish, review, and enforce university-wide IT and cybersecurity policies, standards, and procedures, while also ensuring compliance with federal/state regulations and contractual obligations.
  • Campus-wide IT vendor risk and license management

Wolfpack Perks and Benefits
As a Pack member, you belong here, and can enjoy exclusive perks designed to enhance your personal and professional well-being. As you consider this opportunity, we encourage you to review our Employee Value Proposition and learn more about what makes NC State the best place to learn and work for everyone.

What we offer:

  • Medical, Dental, and Vision
  • Flexible Spending Account
  • Retirement Programs
  • Disability Plans
  • Life Insurance
  • Accident Plan
  • Paid Time Off and Other Leave Programs
  • 12 Holidays Each Year
  • Tuition and Academic Assistance
  • And so much more!

Attain Work-life balance with our Childcare benefits, Wellness & Recreation Membership, and Wellness Programs that aim to build a thriving wolfpack community.

Disclaimer: Perks and Benefit eligibility is based on Part-Time or Full-Time Employment status. Eligibility and Employer Sponsored Plans can be found within each of the links offered.

Essential Job Duties
The Chief Information Security Officer (CISO) reports to the Vice Chancellor for Information Technology and Chief Information Officer (CIO) and leads the Security and Compliance Unit (S&C) in the Office of Information Technology (OIT). The CISO is a member of the OIT Leadership Cabinet and works closely with senior administration, academic leaders, and the campus community to optimize the security posture of the university.

The CISO is responsible for developing, implementing and maintaining the university’s comprehensive cybersecurity program that ensures the confidentiality, integrity, and availability of university data and technology resources. This program utilizes industry best practices and employs a range of policy, procedural, and technological controls to manage risk to NC State University’s information assets. The CISO leads a cybersecurity program that harnesses collaborations and campus-wide resources, promotes effective cybersecurity governance, advises senior leadership on strategic cybersecurity direction and resource investments, and develops policies to effectively manage IT and cybersecurity risks. The CISO is responsible for managing the S&C portfolio within its operating budget of over $5 million as well as overseeing VRLM’s maintenance and negotiation of licenses totaling over $12 million.

List of Primary Responsibilities:

Leadership, Training and Collaboration (40%)

    • Provide leadership and oversight of activities and services related to the S&C unit. The current structure is comprised of:
      • Cybersecurity Operations (Director and 9 staff including Security Operations Center):
        • Secure Computing
          • Data Protection
          • Intrusion Detection/Prevention
          • Logging, Monitoring, Alerting
          • Multi Factor Authentication Solutions
          • Network Security Monitoring
          • Password Vault Management
          • SIEM (Security Information & Event Management) Operations
          • Endpoint Security: Endpoint Detection and Response, Antivirus
          • SSL Certificate Management
          • Vulnerability Scanning and Pen Testing
          • Web Application Security Testing
        • General Security Consultation, Security Architecture and Review
        • Security Incident Response and Investigation
          • Digital Forensics
          • Security Incident & Response
          • Security Operations Center (Manager and 3 staff)
      • Information Security, Risk and Assurance (Director and 7 staff):
        • Security Consulting and Education
          • Data Management
          • IT Risk Management
          • Security Awareness and Training
          • Security Liaison Team Program Management
        • Identity and Access Management
        • Security Policy and Compliance
          • Access Reviews
          • Internal & External OIT Audit Coordination
          • Litigation Holds/eDiscovery and Records Retention
          • Research Data Security Consultation & Evaluation
          • Security Compliance Program Development, Management and Continuous Assessment
          • Security Policy, Regulations, Rules, and SOP Development

Vendor Risk & License Management (Associate Director & 2 staff)

    • License Asset Management
      • Analyzes campus needs, interests and directions, and then tailors the software licensing program to meet those needs
      • Lead enterprise license coordination
      • Collaborates with UNC-System Office on university system-wide software licenses
      • Manages OIT licensing maintenance reviews and renewals
      • Manage the software inventory management system
      • Manage the software distribution to stakeholders
    • License Risk Assessment
      • Click-wrap Agreement Risk Assessment
      • Non-Negotiable Hard Copy License Review
    • IT Purchase Compliance Management
      • Manage the review process to ensure that IT purchases comply with university, State and Federal regulations and/or guidelines.

Manage the SAS Grant Administration

    • Ensure ongoing collaboration with OIT units, colleges, administrative units and key constituents such as data stewards, data trustees, the Office of General Counsel, Internal Audit, and Emergency Management & Mission Continuity regarding overall cybersecurity requirements.
    • Provides regular updates to the VCIT/CIO and other University leaders regarding cybersecurity matters, including ongoing program reporting and incident reporting.
    • Serve as co-chair of the Research Controlled Unclassified Information (CUI) Security Compliance Committee and Guest/Affiliate Steering Team.
    • Serve on a number of committees as a member or in an advisory capacity (e.g., Strategic IT Committee (SITC), Campus IT Directors, Enterprise Risk Management Advisory Team, Data Steward Committee, Data Governance Council, etc.).
    • Serve on the UNC Information Security Council and establish collaboration and partnerships with the colleges/universities in the UNC system.
    • Facilitate NC State’s annual self assessments with the UNC security framework and policy requirements
    • Be an active participant in the appropriate national organizations such as EDUCAUSE and be involved with collaboration and engagement in security initiatives.
    • Provide leadership to the Cybersecurity Awareness Team and ensure functionality of the Cybersecurity Liaisons program to assist with maintaining a secure university landscape and resulting project priorities.

Lead the development of the annual presentation to the University Board of Trustees regarding the university’s security threat and risk landscape

Strategic Practice and Policy (35%)

    • Provide executive responsibility and expert oversight for strategies, plans, policies, processes and operations that safeguard the security of technology systems and university information, regardless of format or medium (electronic, paper, etc.).
    • Lead the continuous enhancement of a 3-5 year university cybersecurity strategic plan and roadmap that addresses needed resources (people, processes, technology) for a secure university environment and is prioritized using a developed risk management process.
    • Engage with university leaders to communicate vision and drive information security programs and concepts into all business processes and programs. Partners with executive leadership in achieving successful delivery of the following functional areas of Security: Governance and Policy, IT Risk Management, Compliance Management, Identity and Access Management, Endpoint Security, Security Operations, Vulnerability Management, Security Training and Awareness, Application Security, Cybersecurity Assessments and Testing, Cybersecurity Analytics and Cybersecurity Portfolio Management.

Manage the university’s information security governance processes and provide leadership to the Information Security Advisory Group

Security Operations, Risk Management and Compliance (25%)

  • Collaborate with university leadership to develop and foster a culture supporting a high-level of cybersecurity and compliance in university activities, while ensuring actions are appropriately measured against university philosophies, attitudes, and its research and education missions. Provide leadership and guidance for the secure use of Artificial Intelligence (AI).
  • Work closely with the research community in exploring new and novel approaches to cybersecurity within networking, data management systems, software development, federation and identity management, and other research instruments and platforms.
  • Develop and maintain strategic external relationships and partnerships to support and improve cybersecurity and compliance.

Other Responsibilities

  • Other duties as assigned.

Qualifications

Minimum Education and Experience

  • Requires a relevant post-baccalaureate degree with a minimum of three (3) years or greater of related professional experience, or a relevant undergraduate degree and a minimum of five (5) years or greater of relevant experience may be substituted for the advanced degree, or equivalent professional training in a closely related field and level of leadership.

Other Required Qualifications
Required Leadership Skills

    • Clear demonstration of balancing the business, technical, compliance and cultural risks to help make decisions that support the university mission and improve success.
    • Relevant experience in a senior cybersecurity information and technology leadership position (Chief Information Security Officer or Deputy Chief Information Security Officer or other key leadership experience in Cyber related leadership) managing and supporting a staff of professionals dedicated to cybersecurity, or the ability to address ways in which current experience is relevant.
    • Proven leadership, communication, presentation and problem solving skills.
    • Proven ability to enhance and/or implement an enterprise-wide information security education and awareness program.
    • Excellent written and verbal communication skills and high level of personal integrity

Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.

Required Technical Skills

  • Demonstrated experience in overseeing the establishment, implementation, and management of an established information security program.
  • In-depth knowledge of cybersecurity principles, information auditing principles, cybersecurity policy and compliance and IT risk management.
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, NIST Cybersecurity Framework and 800-series, CIS Controls, etc..
  • Broad understanding of IT and cybersecurity related compliance obligations such as FERPA, GLBA, HIPAA, PCI, DFARS/CMMC and federal/state records retention requirements.
  • A broad understanding of all IT service functions, such as technical security, network engineering, application development, server administration, database administration, user account administration, identity and access management, endpoint device management and academic support.

Preferred Qualifications

  • A minimum of eight (8) years of full-time experience in information security management and leadership
  • Experience in academia, with experience at a Research 1 university a plus
  • Possess the relationship skills, cultural awareness, and organizational prowess required to work effectively in a University setting
  • Professional Security Certification from at least one of the currently acceptable information security such as:
      • Certified Information Systems Security Professional (CISSP)
      • Systems Security Certified Practitioner (SSCP)
      • Certified Information Security Manager (CISM)

Required License(s) or Certification(s)
N/A

Valid NC Driver’s License required No

Commercial Driver’s License required No

Recruitment Dates and Special Instructions

Job Open Date 11/06/2025

Anticipated Close Date Open Until Filled

Special Instructions to Applicants
Along with your completed application, please include a resume and cover letter.

Position Details

Position Number 00001696

Position Type EPS/SAAO

Full Time Equivalent (FTE) (1.0 = 40 hours/week) 1.00 FTE

Appointment 12 Month Recurring

Mandatory Designation – Adverse Weather Non Mandatory – Adverse Weather

Mandatory Designation – Emergency Events Non Mandatory – Emergency Event

Department ID 511001 – Security & Compliance

EEO
NC State University is an equal opportunity employer. All qualified applicants will receive equal opportunities for employment without regard to age, color, disability, gender identity, genetic information, national origin, race, religion, sex (including pregnancy), sexual orientation, and veteran status. The University encourages all qualified applicants, including protected veterans and individuals with disabilities, to apply. Individuals with disabilities requiring disability-related accommodations in the application and interview process are welcome to contact 919-513-0574 to speak with a representative of the Office of Equal Opportunity.

If you have general questions about the application process, you may contact Human Resources at (919) 515-2135 or workatncstate@ncsu.edu.

Final candidates are subject to criminal & sex offender background checks. Some vacancies also require credit or motor vehicle checks. Degree(s) must be obtained prior to start date in order to meet qualifications and receive credit.

NC State University participates in E-Verify. Federal law requires all employers to verify the identity and employment eligibility of all persons hired to work in the United States.

C1ISO

Job Overview

  • Job ID: 25739
  • Date Posted:
  • Location: Raleigh, NC, USA
  • Job Title: Chief Information Security Officer
  • Salary: $200,000 - $227,000 a year
  • Salary: $200,000 - $227,000 a year