The ISO provides guidance and expertise to advance the operational mission of the Information Security Office. The position chairs the Information Security Council, the Computer security Incident Response Team, and the Information Security Operations Team, collaborates closely with University leadership (including the Chief Compliance and Privacy Officer, General Counsel, the Chief Internal Auditor, the Chief Information Officer, the Chief Risk Officer and the Director of Risk Management) and collaborates more generally with administrative, academic and information technology staff throughout the University.

The ISO is involved in all forms of IT governance and is responsible for information security-related policy and procedure development and risk assessment work. In collaboration with other stakeholders, the ISO is expected to contribute to UVM’s information security awareness and outreach efforts. The ISO maintains situational awareness using threat intelligence and leads incident response activities. The ISO focuses significant effort on providing oversight and direction for the Information Security Office and in regular consultation with constituents on campus.

The ISO is accountable for all aspects of staff management, hiring, coaching, training, and performance reviews for the Information Security Office. The position must foster a positive, collaborative and engaged team dynamic in the pursuit of ISO priorities, which includes active development of individual team members. The position must be able to offer strong technical guidance as necessary. Communication and prioritization skills are essential, with a strong track record in information security as both practitioner and leader. In-depth expertise with Information Security tools and practices is important, and the ISO must be able to advise on how to best use technology to enhance UVM’s security posture.

This is a senior-level position within Enterprise Technology Services and has University-wide responsibilities to provide information security leadership for the institution.

Minimum Qualifications (or equivalent combination of education and experience)

Technical skills required:

Bachelor’s degree in technology or related field and seven to ten years’ related experience. Ability to comprehend and assess technical issues across information technology domains. Knowledge of applicable information security regulations and compliance standards.

Additional required skills:

– Project planning, prioritization, management, implementation, and assessment skills

– Ability to establish rapport and maintain trust

– Ability to develop and administer policies across constituencies in a decentralized organizational environment

– Strong communications skills, including experience with:

– Communications to a diverse community, in both written and verbal forms

– Group facilitation

– Formal presentations

– Collaboration, problem-solving and negotiation skills

Required certifications:

Industry-recognized security professional certification, or the ability to acquire within the first year