Chief Information Security Officer Job Listing at University of California in Merced, CA (Job ID 70562)

Description

Hiring Range

The University of California, Merced is required to provide a reasonable estimate of the compensation range for this role. This range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to experience, skills, knowledge, abilities, education, licensure and certifications, and other business and organizational needs. It is not typical for an individual to be offered a salary at or near the top of the range for a position. Salary offers are determined based on final candidate qualifications and experience. The full salary range for this position is $128,100 - $254,900.  The budgeted salary range that the University reasonably expects to pay for this position is $192,000 - $210,000.

Job Closing Date

This position is expected to work from the Downtown Campus Center location. However, there will be opportunity for remote work days. The scope of responsibility requires reasonable proximity to campus and is not suited for a remote work modality.

The initial applicant review will take place on or around July 29, 2024. The posting will not close until a final candidate is identified. 

About UC Merced

The University of California, Merced, is the newest of the University of California system's 10 campuses and the first American research university built in the 21st century. With more than 9,000 undergraduate and graduate students, UC Merced offers an environment that combines a commitment to diversity, inclusion, collaboration and professional development. With bachelor's, master's and doctoral degree programs, strong research and academic partnerships, and community involvement, the UC Merced campus is continually evolving and requires talented, knowledgeable and dynamic educators, researchers, management and staff.

Ranked among the best public universities in the nation by U.S. News and World Report, UC Merced is uniquely equipped to provide educational opportunities for highly qualified students from the San Joaquin Valley and throughout California. The campus enjoys a special connection with nearby Yosemite National Park, is on the cutting edge of sustainability in construction and design and supports the economic development of Merced and the region.

The Merced 2020 Project, a $1.3 billion public-private partnership unprecedented in higher education and completed in 2020, nearly doubled the physical capacity of the campus, enhancing academic distinction, student success and research excellence. UC Merced also operates the Downtown Campus Center, a $33 million, three-story administrative building located in the heart of Merced.

The university's mission of educational excellence and rigorous inquiry is powered by three schools and numerous research institutes and centers that seek scientific and social solutions for the Valley, California and the world. In partnership with UC San Francisco, UC Merced is preparing the way for a rigorous medical education program.

The course of UC Merced's evolution is piloted by a long-range strategic plan. Enacted in 2021, the 10-year blueprint is guiding how the values of equity and justice influence our pathway to earning Carnegie R1 research status, growing enrollment, upholding our identity as a minority-serving institution, and operationalizing how commitments to equity, diversity and inclusion are enacted in each campus unit.

About the Job

Reporting directly to the Vice Chancellor and Chief Information Officer (VCCIO), the Chief Information Security Officer (CISO) is broadly responsible for the strategic leadership of UC Merced's information security program. The incumbent provides guidance and counsel to the CIO, Cyber-risk Responsible Executive (CRE), and key members of the university leadership team; leads information security planning processes to establish an inclusive and comprehensive information security program in alignment with University of California System-wide Information security policies and guidelines; represents the UC Merced campus in high-profile campus and system-wide meetings; and establishes campus policies and procedures to maintain the confidentiality, integrity and availability of university data across academic, research, and administrative information systems and technology. The UC Merced CISO is a leader-manager responsible for a team of IT security analysts that monitor the UC Merced IT security landscape to identify and mitigate security risks; assess and report on UC Merced's compliance with systemwide and campus-wide policies and guidelines; and implement security initiatives and campaigns to increase campus understanding of security best practices. The CISO also has functional responsibility for the management and delivery of information security outcomes executed by OIT staff assigned to Infrastructure Services and Enterprise Application Services.

Key Responsibilities:

1. Directs the mitigation of the largest attempted efforts to compromise security protocols, up to and including the most complex. Works with senior and IT management, as well as system-wide colleagues to develop campus and Office of the President security plans to mitigate risk of theft, destruction, alteration or denial of access of information. Leads IT security incident response team activities and responds to privileged and confidential information to act accordingly. Advises campus and serves as campus expert on security awareness, best practices and secure software and hardware design. Works with senior and IT management to establish campus-wide security policy and standards to insure UC-wide security policy is enforced.
2. Leads the development and implementation of campus-wide Risk Management Process. Guides the planning, assessment, execution, standards development and training for risk tolerance, acceptable risk response, compliance obligations, documentation, administrative controls, technical controls, training, monitoring, and reporting for risk. Establishes standards for encryption, incident response, asset control and device management, operations management, system acquisition and maintenance, and security aspect of business continuity. Manages the University's information security compliance efforts. Coordinates and tracks information technology and security related audits. Evaluates risk and act expeditiously in making decisions and recommendations, understanding the factors associated with decision-making in a technological environment as well as the varying needs and viewpoints of the University community. Works closely with campus counsel, privacy officer, and risk/compliance. Participates in and/or chairs campus and System-wide committees on information security, privacy, risk management, and compliance. 
3. Promotes collaborative, empowered working environments across campus, removing barriers and realizing possibilities. Trains and oversees personnel with significant responsibilities for information security. Ensures the organization has a sufficient number of trained and security-cleared personnel to assist in complying with cyber security standards and procedures. Advises, validates and confirms the executions of application security, network security, identity management, and infrastructure operations security through direct as well as indirect oversight of staff.

*LI-RM1

Qualifications

• Bachelor's degree in related area and / or equivalent experience / training (advanced degree preferred); and
• 4-10 years (depending on the size and scope of the organization) of experience managing an information technology organization; and
• 10 years of experience managing an information technology organization (required); or
•  6 years directly related experience or minimum 12 years of directly related experience in lieu of Bachelors (required); and
• Certified Information Systems Security Professional (CISSP) or similar (preferred).
• In-depth knowledge of information technology security functional areas and as it relates to student data; health information; research subjects; finance; including credit card and loan transactions; management of IT resources and applications; and general computer use practices.
• In-depth understanding of privacy and security regulations and best practices, including federal and state laws, policies and standards, as well as extensive knowledge about a wide range of privacy / security regulations relevant to higher education and / or medical center and patient information.
• Proven management expertise in determining and recommending actions, for campus, medical center or Office of the President departments, to follow in IT security and privacy matters.
• Proven strong communication skills with project teams, stakeholders, senior management, and external contacts including both technical and non-technical audiences.
• Requires high level interpersonal skills in order to work with both technical and non-technical personnel at various levels in organization.
• Requires the ability to change the thinking of, or gain acceptance from, others in sensitive situations, without damage to the relationship.
• Extensive or advanced knowledge of subject area sufficient for strategic planning, technology assessment and direction.
• Extensive experience managing technical staff.
• Experienced in leading change management activities and managing their impact across multiple units or departments.
• Experience in the management of ongoing technology infrastructure acquisition and expansion, including the identification and integration of suitable emerging technologies.
• Excellent oral and written communication skills, including the ability to effectively present technical topics to large groups with potentially varied levels of technical sophistication.
• Ability to understand the process involved in adapting, integrating, and modifying existing programs or vendor supplied products for use within a large and complex technical environment.
• Thorough knowledge of technical concepts and basic operating principles of data communications, computer hardware, vendor IT products, and software.

Background Check

Background check and fingerprinting required.

Policy Statement

How to Apply:
An online application is required for each position to apply.The University of California, Merced is aware that some web-based application processes may be cumbersome for differently abled applicants. Where appropriate, alternative accommodations will be provided. For applicants with disabilities who need additional assistance using TAM, or reasonable accommodations during the interview or search process, please contact ucmjobs@ucmerced.edu.

Equal Employment Opportunity:
The University of California, Merced is an Equal Opportunity/Affirmative Action employer advancing inclusive excellence. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, national origin, citizenship, sex, age, marital status, sexual orientation, gender identity or expression, disability, pregnancy, or status as a disabled veteran or Vietnam-era veteran, or other protected categories covered by the UC Nondiscrimination and Affirmative Action Policy. UC Merced intentionally promotes and maintains a discrimination- and harassment-free workplace by demonstrating it neither condones nor tolerates employment practices that discriminate against or harass any person or specific group of persons on the basis listed above. We seek candidates who will support our vision to cultivate a vibrant, equity-minded, inclusive excellence university community. When applying to UC Merced, we strongly encourage you to reflect on our Principles of Community and our 2021 strategic plan.  

Vaccination Program Policy:

As a condition of employment, you will be required to comply with the University of California SARS-CoV-2 (COVID-19) Vaccination Program Policy.  All Covered Individuals under the policy must provide proof of Full Vaccination or, if applicable, submit a request for Exception (based on Medical Exemption, Disability, and/or Religious Objection) or Deferral (based on pregnancy) no later than the applicable deadline.  For new University of California employees, the applicable deadline is 14 days after their first date of employment. 

Smoke and Tobacco Free Policy:
The University of California, Merced is a smoke and tobacco free workplace.  Information and the Smoke and Tobacco Free policy is available at http://smokefree.ucmerced.edu.

E-Verify:
All employers who receive Federal contracts and grants are required to comply with E-Verify, an  Internet-based system operated by the Department of Homeland  Security (DHS) in partnership with the Social Security Administration (SSA). E-Verify electronically verifies employment eligibility by comparing information provided on the I-9 form to records in the DHS and SSA databases. Certain positions funded by federal contracts/subcontracts requires UC Merced to notify job applicants that an E-Verify check will be conducted and the successful candidate must pass the E-Verify check.

Pay, Benefits & Work Schedule:
For information on the comprehensive benefits package offered by the University of California visit: http://ucnet.universityofcalifornia.edu/compensation-and-benefits/

Employee Referral Program

This position is eligible for the UC Merced Employee Referral Program (ERP). If you were referred by a UC Merced employee, please identify that employee by name in your application as follows:

Step 5 of 7       Referrals                         

How did you hear about the job?          (select) “other”

Additional information?                         (select) “other”

Specific Referral Source?                     (write in) first and last name of referring employee 

Referring employee MUST be named on application for eligibility. 

 Apply on company website