Founded in 1867, Howard University is a private, research university comprised of 13 schools and colleges. Students pursue studies in more than 140 areas leading to undergraduate, graduate and professional degrees. To date, Howard has awarded more than 120,000 degrees in the arts, the sciences, and the humanities, and more on-campus African-American Ph.D. recipients than any other university in the United States. The historic main campus sits on a hilltop in Northwest Washington blocks from the storied U Street and Howard Theatre. We are two miles from the U.S. Capitol where many students intern, and scores of alumni shape national and foreign policy.
The Chief Information Security Officer’s role is to provide vision and leadership for developing and supporting information security initiatives. The Chief Information Security Officer directs the planning and implementation of core Howard University enterprise IT systems, business operations, and facility defenses against security breaches and vulnerability issues. This individual is also responsible for auditing existing systems, while directing the administration of security policies, activities, and standards.
Strategy & Planning
Acquisition & Deployment
- Participate as a member of the senior management team in governance processes of the organization’s security strategies including the University’s Chief Audit and Compliance Officer.
- Lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies using a risk-based assessment methodology.
- Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders. These include but are not limited to contacts include administrators, faculty, students and staff of the department and University. External contacts include vendors, consultants, visitors and the general public.
- Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
- Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices.
- Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies.
- Act as advocate and primary liaison for the company’s security vision via regular written and in-person communications with the company’s executives, department heads, and end users.
- Work closely with the IT department on corporate technology development to fully secure information, computer, network, and processing systems.
- Protect the intellectual property of the HU organization; responsible for the integration of information security core competencies into daily functions, including commitment to data availability, confidentiality, and integrity.
- Manage the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
- Develop, track, and control the security services annual operating and capital budgets for purchasing, staffing, and operations.
- Ensure that devies adhere to all applicable laws and regulations.
- Recommend and implement changes in security policies and practices in accordance with changes in local or federal law.
- Creatively and independently provide resolution to security problems in a cost-effective manner.
- Assess and communicate any and all security risks associated with any and all purchases or practices performed by the company.
- Collaborate with IT leader, Chief Audit and Compliance Officer and HR to establish and maintain a system for ensuring that security and privacy policies are met.
- Where necessary, supervise recruitment, development, retention, and organization of security staff in accordance with corporate budgetary objectives and personnel policies.
- Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations.
- Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.
Formal Education & Certification
Knowledge & Experience
- University degree in Computer Science or Business Administration.
Master’s or PhD degree in one these fields or Information Security preferred.
- Two or more of the following: CISM, CISSP, CISA, CGEIT, CRISC certifications are preferred
- 5 or more years experience managing and/or directing an IT and/or security operation.
- 1-3 years experience working in the Higher Education/Campus industry.
- Proven experience in planning, organizing, and developing IT security and facility security system technologies.
- Experience in planning and executing security policies and standards development.
- Excellent knowledge of technology environments, including information security, building security, and defense solutions.
- Considerable knowledge of business theory, business processes, management, budgeting, and business office operations.
- Substantial exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems.
- Familiarity working with managed service providers.
- Must have experience supporting regulations and frameworks related to information security including but not limited to HIPAA, NIST, FISMA, FERPA, ISO.
- Good understanding of cloud security, computer systems characteristics, features, and integration capabilities.
- Experience with systems design and development from business requirements analysis through to day-to-day management.
- Familiarity with full security stack of tooling including but not limited to IPSec, VPNs, Firewalls, Proxy Services, DNS, Email Security, IDP, IPS, common Network technologies, SIEM.
- Excellent understanding of project management principles.
- Superior understanding of the organization’s goals and objectives.
- Demonstrated ability to apply IT in solving security problems.
- In-depth knowledge of applicable laws and regulations as they relate to security.
- Proven leadership ability.
- Ability to set and manage priorities judiciously.
- Excellent written and oral communication skills.
- Excellent interpersonal skills.
- Strong negotiating skills.
- Ability to present ideas in business-friendly and user-friendly language.
- Exceptionally self-motivated and directed.
- Keen attention to detail.
- Superior analytical, evaluative, and problem-solving abilities.
- Exceptional service orientation.
- Ability to motivate in a team-oriented, collaborative environment.
- On-call availability and periodic overtime
- Sitting for extended periods of time
- Dexterity of hands and fingers to operate a computer keyboard, mouse, and other computing equipment
- Hybrid working environment
For more information about Howard University visit: https://howard.edu/