Chief Information Security Officer

New Mexico state University

Las Cruces, NM

ID: 7085585
Posted: September 17, 2021
Application Deadline: Open Until Filled

Job Description

Recruitment Summary
New Mexico State University invites you to apply to be a part of a diverse, dynamic and welcoming learning and working environment in Las Cruces, NM. NMSU seeks employees who are creative and flexible in developing and evaluating new ideas and ways to evolve NMSU into the future. Located in the borderlands and adjacent to the mighty Rio Grande, NMSU is a proud Hispanic-serving institution in the minority-majority state of New Mexico. Southern New Mexico features an average of 294 days of sunshine annually, making NMSU ideal for job-seekers who enjoy hiking, mountain biking, canoeing and bird-watching. NMSU is committed to sustainability through improving and maintaining the quality of human life while preserving the integrity, stability, and beauty of ecological systems for the future. We are looking for student-centered employees with a passion for success. NMSU invites you to take the first step to your successful and rewarding career by applying today.


NMSU is New Mexico’s land-grant and space-grant institution, a comprehensive research institution dedicated to teaching, research, public service and outreach. In addition, the NMSU system includes a satellite learning center in Albuquerque, Cooperative Extension Service offices located in each of New Mexico’s 33 counties, and 12 agriculture research and science centers. New Mexico State University is the institution of choice for more than 15,000 students from 49 states and 89 foreign countries.


The City of Las Cruces is the second largest city in New Mexico and is located in Doña Ana County, approximately 45 miles north of El Paso, Texas, and 225 miles south of Albuquerque. Las Cruces is the economic and geographic center of the Mesilla Valley, the agricultural region on the floodplain of the Rio Grande which extends from Hatch to the west side of El Paso, Texas. The Organ Mountains, 10 miles to the east, are dominant in the city’s landscape, along with the Doña Ana Mountains, Robledo Mountains, and Picacho Peak. Las Cruces lies within a short driving distance of the Mexican border at Santa Teresa, as well as many other locations in the broader borderland region.


Geography, climate, demographics, and ambiance of Las Cruces and NMSU combine to offer a truly excellent place to thrive. Family members will discover a warm, open community that offers an attractive array of activities and outdoor recreation, amenities, services and opportunities, whether they are looking for top-notch education, meaningful employment, or simply a safe and comfortable place to live.
Job Duties and Responsibilities
Establishes and maintains a Cyber risk-based information security program and ensures information assets and technologies are adequately protected. Directs staff in identifying, developing, implementing, and maintaining processes across the university to reduce information and information technology (IT) risks. Respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures to ensure proper governance of administrative, research and academic processes to ensure compliance with regulatory requirements.

University and Program Leadership
· Manage institution-wide information security governance processes, chair the Information Security Committee and lead in the establishment of an institutional risk-based information security program and project priorities.

· Lead information security planning processes to establish an inclusive and comprehensive risk-based information security program for the entire institution in support of academic, research, and administrative information systems and technology.

· Work with campus leadership to oversee the formation and operations of a university-wide information security organization that is organized toward a common goal in information security.

· Responsible for the strategic leadership of the University’s information security program.

· Provide guidance and counsel to the CIO and key members of the university leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security, while building relationships and goodwill.

· Promote collaborative, empowered working environments across campus, removing barriers and realizing possibilities.

· Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.

· Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level, participate in national policy and practice discussions, and communicate to campus on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.

· Provide leadership philosophy for the Information Security Office to create a strong bridge between organizations, build respect for the contributions of all and bring groups together to share information and resources and create better decisions, policies and practices for the campus.

· Mentor the Information Security Office team members and implement professional development plans for all members of the team.

· Oversee the management of the NMSU data centers inclusive of the access control group who reports to the manager of computer operations. The manager of computer operations (data center manager) reports to the CISO.

· Perform special projects and other duties as assigned.

Policy, Compliance and Audit
· Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.

· Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the University’s information and technology systems.

· Work with Internal Audit, General Counsel, HR, Police and outside consultants as appropriate on required security assessments and audits.

· Coordinate and track all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.

· Work with university leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements.

· Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, FERPA, PCI, HIPAA, Export Control (ITAR/EAR), FISMA, etc.

· Serves as the University HIPAA security officer

Outreach, Education and Training
· Work closely with leaders across campus on a variety of security issues that require an in-depth understanding of the IT environment in their units, as well as the research landscape and federal regulations that pertain to their unit’s research areas.

· Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.

· Work with campus technical to build awareness and a sense of common purpose around security.

· Pursue student security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program.

Risk Management and Incident Response
· Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise.

· Convene an incident response team as appropriate and provide leadership for breach response and notification actions for the University.

· Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.

· Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.

· Examine impacts of new technologies on the Institution’s overall information security. Establish processes to review implementation of new technologies to ensure security compliance.