Chief Information Security Officer

The Talent Acquisition department hires qualified candidates to fill positions which contribute to the overall strategic success of Howard University. Hiring staff “for fit” makes significant contributions to Howard University’s overall mission.

At Howard University, we prioritize well-being and professional growth.

Here is what we offer: 

• Health & Wellness: Comprehensive medical, dental, and vision insurance, plus mental health support
• Work-Life Balance: PTO, paid holidays, flexible work arrangements
• Financial Wellness: Competitive salary, 403(b) with company match 
• Professional Development: Ongoing training, tuition reimbursement, and career advancement paths
• Additional Perks: Wellness programs, commuter benefits, and a vibrant company culture

Join Howard University and thrive with us! 

https://hr.howard.edu/benefits-wellness

JOB PURPOSE:

The Chief Information Security Officer (CISO) is a senior-level executive responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. This role reports to the Chief Executive Officer (CEO) and/or Board of Directors and is critical in managing the information security risk across both the Academic/Research and Clinical/Patient Care domains of the combined institution.

SUPERVISORY AUTHORITY:

The Chief Information Security Officer (CISO) holds overarching responsibility for the institution’s information security framework. The CISO directly supervises the information security team, including managers, analysts, and technical specialists, and provides guidance to IT and operational departments on security matters. The CISO has the authority to make decisions regarding policies, procedures, and resource allocation within the information security program. This role also collaborates with other department heads and external partners to ensure compliance with regulatory requirements and industry standards.

NATURE AND SCOPE:

The CISO operates at the executive level, reporting to the Chief Executive Officer (CEO) and/or the Board of Directors. The scope of this position covers both Academic/Research and Clinical/Patient Care domains, ensuring that the institution’s information assets and technologies are adequately protected. The CISO is responsible for developing, implementing, and maintaining a comprehensive information security strategy that aligns with the organization’s overall mission and goals. This includes risk assessment, policy development, security awareness training, incident response, and compliance management. The CISO works closely with senior leadership, legal, compliance, and technology teams to manage security risk and respond effectively to threats in a complex and dynamic environment.

PRINCIPAL ACCOUNTABILITIES:

Strategy and Leadership

• Develop and implement a comprehensive, long-term information security strategy and roadmap aligned with the business goals, academic mission, and patient care objectives of both the university and hospital.
• Lead the security organization, providing mentorship, guidance, and training to security staff and cross-functional teams.
• Establish security governance frameworks, policies, and standards to ensure effective risk management and compliance.
• Manage the information security budget and procurement of necessary security technologies and services.

Risk Management and Compliance

• Oversee all security risk assessments and audits, ensuring timely remediation of identified vulnerabilities.
• Ensure compliance with applicable laws, regulations, and standards, including but not limited to:
  • Healthcare (Hospital Focus): HIPAA/HITECH (Privacy and Security Rules), CMS (Centers for Medicare & Medicaid Services) requirements, and relevant state-specific healthcare data regulations.
  • Higher Education/Research (University Focus): FERPA (Family Educational Rights and Privacy Act), NIST SP 800-171 (for controlled unclassified information/research), and PCI DSS (Payment Card Industry Data Security Standard) for handling student payments and donations.
• Manage the incident response program, including planning, testing, and leading the response to significant security breaches or incidents across both institutional environments.

Operational Security

• Direct the selection, implementation, and maintenance of security systems andtools (e.g., SIEM, firewalls, IDS/IPS, endpoint protection, etc.).
• Oversee the vulnerability management, penetration testing, and security monitoring programs.
• Collaborate with IT and Engineering teams to integrate security by design into all new systems, research projects, and clinical technologies.

Communication and Training

• Serve as the primary spokesperson for information security matters to senior leadership, the Board, faculty, staff, students, and patients.
• Develop and manage institution-wide security awareness and training programs tailored to the unique risks and requirements of clinicians, researchers, and students.
• Report on the security posture and significant risk exposures to executive management and the Board of Directors on a regular basis.

CORE COMPETENCIES:   

• Expert Knowledge of enterprise security architecture, network security, cloud security, and risk assessment methodologies.
• In-depth understanding of security frameworks such as NIST CSF, ISO 27001, and MITRE ATT&CK.
• Exceptional leadership, communication, and interpersonal skills, with the ability to influence and collaborate effectively across all levels of a complex organization (clinical, academic, administrative).
• Proven ability to manage crises and lead an effective security incident response team.
• A strong record of implementing pragmatic and effective security solutions in environments with competing priorities (e.g., open research vs. strict patient data protection).

MINIMUM REQUIREMENTS:

Education & Experience:

• Bachelor’s degree in Computer Science, Information Technology, or arelated field. Master's degree preferred.
• Experience: Minimum of 10+ years of progressive experience in information security, with at least 5 years in a senior leadership role (e.g., CISO, VP of Security).
• Dual-Sector Knowledge: Demonstrated experience or deep understanding of the regulatory and security challenges in both the healthcare and higher education/research sectors is mandatory.

Certifications (One or More Required):

• CISSP, CISM, or similar relevant certifications.

Compliance Salary Range Disclosure

Expected Salary Range: $185,000 - $200,000