Located in a historic neighborhood in the nation's capital, Georgetown offers rigorous academic programs, a global perspective, exciting ways to take advantage of Washington, D.C., and a commitment to social justice. Our community is a tight knit group of remarkable individuals interested in intellectual inquiry and making a difference in the world.
The Chief Information Security Officer (CISO) is responsible for the development, implementation, and operations of a comprehensive, enterprise-wide information security strategy and program for Georgetown University (GU). The GU cybersecurity strategy should be revised and informed by the changing threat landscape on a biennial basis. The incumbent sets security policies, standards, and processes and leads the development of enterprise-wide risk profiles, utilizes a risk based methodology to inform work anticipates threats and identifies potential impact. S/he serves as GU's representative regarding GU's Security Strategy, designing and implementing roles, responsibilities, and operational efforts from a single clear vision and strategy of security throughout the enterprise; including promotion of a consistent understanding of and process for risk acceptance across the GU. This is a Senior-level position that represents the Office of the Chief Information Officer (CIO) on information security issues across GU and supervises the UIS Security organization. Interacting with the UIS and the Georgetown community at all levels in order to proactively implement the information security strategy of the institution, the Chief Information Security Officer has additional duties that include but are not limited to:
Develops and implements a risk management program for security and privacy-related areas, which includes modeling threats, identifying risks and vulnerabilities, establishing a risk analysis and mitigation plan, and reporting to executive management on both a regular and event-driven basis.
Works with other executives inside and outside of IT to prioritize security initiatives and spending based on an appropriate risk management and/or financial methodology.
Leads a cross-functional security organization that may draw upon the resources and technical expertise from IT and other technology organizations.
Provides strategic and tactical security guidance for programs and projects that may involve security controls, including the evaluation of the enterprise architecture, hardware, software and technical controls.
Leads an enterprise information security incident response organization, provides oversight over security investigations, and assists with disciplinary and legal matters associated with security breaches and policy violations as necessary.
Works proactively with the IT Leadership team and their direct reports to assure strategic plans, security programs, and technical controls are aligned with their respective business strategies and in compliance with policies, applicable laws, and regulations.
Coordinates the development and delivery of a security awareness training program for employees, contractors, and other parties.
Coordinates the use of external third party resources involved in the development, implementation, and monitoring of the information security program, including performing penetration tests.
Establishes a metrics-driven dashboard to evaluate the effectiveness of the Information Security program.
Becomes a key thought leader in the field of Information Security, which includes working with key partners and vendors to develop thought leadership around policies, process, and capabilities that can help change or enhance the security strategy at GU.
Keeps informed of new technologies or application methodologies through publications, membership in professional organizations, and contact with other IT organizations and institutions.
Requirements and Qualifications
Bachelor's Degree or higher with a major in computer science, information technology, business or public administration, or related disciplines
10 or more years of management experience in the information technology field or similar experience
Excellent interpersonal and written communication skills
Experience managing personnel and budgets
Experience contracting and managing vendor relationships
Securing communications, applications, and business systems
Performance of risk IT assessments and oversees the drafting of policies and procedures for secure daily operations
Physical and technical security implementation and security education methodology and campaign Selection, testing deployment and maintenance of security hardware
Planning, testing and managing disaster recovery and security breaches
Understanding of governance and compliance as well as ability to enforce policies Incident Management and investigation
Representative when dealing with law enforcement agencies while pursuing the sources of network attacks and information theft by employees
Understanding of threat landscape and ability to manage risk across a dispersed portfolio
Familiarity with Cyber Security frameworks, including NIST and ISO Security Architecture/Engineering
Any of the following certifications are highly desirable:
Certified Information Security Systems Professional (CISSP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager
Current Georgetown Employees:
If you currently work at Georgetown University, please exit this website and login to GMS ( gms.georgetown.edu ) using your Net ID and password. Then select the Career worklet on your GMS Home dashboard to view Jobs at Georgetown.
Please note that in order to be considered an applicant for any position at Georgetown University you must submit a cover letter and resume for each position of interest for which you believe you are qualified. These documents are not kept on file for future positions.
If you are a qualified individual with a disability and need a reasonable accommodation for any part of the application and hiring process, please click here for more information, or contact the Office of Institutional Diversity, Equity, and Affirmative Action (IDEAA) at 202-687-4798 or firstname.lastname@example.org .
Need some assistance with the application process? Please call 202-687-2500. For more information about the suite of benefits, professional development and community involvement opportunities that make up Georgetown's commitment to its employees, please visit the Georgetown Works website .
Georgetown University is an Equal Opportunity/Affirmative Action Employer fully dedicated to achieving a diverse faculty and staff. All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, color, religion, national origin, age, sex (including pregnancy, gender identity and expression, and sexual orientation) , disability status, protected veteran status, or any other characteristic protected by law.
Georgetown University offers a wide variety of comprehensive and competitive benefits. Benefits packages include comprehensive health, dental and vision plans, disability and life insurance coverage, retirement savings programs, tuition assistance, voluntary insurance options (including group legal, accident, and critical illness), and much more. Whatever your need, the Office of Faculty and Staff Benefits will be standing by to support you. You can learn more about the benefits offered to eligible faculty and staff at https://benefits.georgetown.edu or view the online interactive benefits guide for more information.
Internal Number: JR08090
About Georgetown University
Established in 1789, Georgetown is the nation's oldest Catholic and Jesuit University. Georgetown is one of the world's leading academic and research institutions, offering a unique educational experience that prepares the next generation of global citizens to lead and make a difference in the world.