Security and Privacy Officer

Responsible for shaping and leading the institution’s strategic direction for technology as it relates to cybersecurity and the architecture of all systems that support or incorporate security principles. Ensures that cybersecurity considerations are embedded from the earliest stages of planning across all initiatives. Serves as the University’s primary representative on cybersecurity and data privacy matters. Collaborates with internal and external stakeholders to foster a culture of security by design.

• Collaborates with the Information Technology leadership team, and administrative leadership to develop and implement a vision and holistic strategy to protect the enterprise systems, data, assets, and users from external and internal threats.
• Ensures the institution remains in compliance with the required regulations. Develops and maintain enterprise technology roadmaps that balance innovation with appropriate risk management and security controls.
• Develops, documents, and promotes the necessary policies, practices, and critical incident response plans.
• Partners with business stakeholders to understand their needs while guiding them toward secure technology solutions.
• Provides direction and recommendations as a component of the University product review process to ensure compliance with security policies and standards. Oversees the evaluation and implementation of technology solutions that meet both operational needs and security requirements.
• Leads, coaches, and develops a high-performance security team to develop and foster positive relationships and rapport with institutional stakeholders.
• Collaborates with institutional leadership other stakeholders to coordinate the delivery of security and privacy related professional development for campus community.
• Ensures ongoing compliance with applicable regulatory frameworks and industry standards by developing, implementing, and enforcing security policies and practices. Monitors adherence across the organization, conducts regular audits, and leads remediation efforts to address any gaps or violations.
• Anticipates, assesses, and actively manages new and emerging threats. Responds to and assists in the remediation of data breaches and security incidents.
• Serves as an emissary for all Information Technology security focused endeavors. Champions a proactive security mindset across all departments, ensuring teams understand how their decisions impact the organization's security posture.

Minimum qualifications based upon job documentation and industry best practices. Any current employees not meeting these qualifications will be grandfathered until they move to a different job.

• Master's degree in related field from an accredited institution

• Five years' relevant experience.
• Proven experience in collaborative and transformative Information Technology leadership. Strong interpersonal, written, and verbal communication skills.
• Experience with partnership-building and change management.
• Direct experience in information security or privacy compliance within a complex organization.
• Working knowledge of regulatory and security frameworks including Health Insurance Portability and Accountability Act (HIPPA), The Gramm-Leach-Bliley Act (GLBA), General Data Protection Regulation, (GDPR), National Institute of Standards and Technology (NIST), Center for Internet Security (CIS).

• CISSP (Certified Information Systems Security Professional) or CISSO (Certified Information Systems Security Officer)

Office or other indoor work with minimal physical demands such as occasionally lifting or moving materials less than 25 pounds.

Work is generally performed in a well-lit, temperature-controlled indoor environment with occasional exposure to the outdoors or any number of elements.

Revised: 2025-07-16