The University at Albany — Chief Information Security Officer

About University at Albany:
Established in 1844 and designated a University Center of the State University of New York in 1962, the University at Albany’s broad mission of excellence in undergraduate and graduate education, research and public service engages a diverse student body of more than 17,900 students in nine schools and colleges across three campuses.

Located in Albany, New York, New York State’s capital, the University is convenient to Boston, New York City and the Adirondacks.

Job Description:
The Chief Information Security Officer (CISO) is a senior-level position in Information Technology Services (ITS) that represents the Chief Information Officer (CIO) on information security/cybersecurity issues across the University, working closely with senior administration, academic and research leaders, and the campus community. The CISO is responsible for the development, implementation, and operations of a comprehensive, enterprise-wide information security strategy and program for the University. The incumbent sets security policies, standards, and processes, utilizes a risk-based methodology to inform work, anticipates threats and identifies potential impact. S/he designs and implements roles, responsibilities, and operational efforts supporting a clear vision and strategy for information security throughout the University.

Primary Responsibilities:

  • Develops and sets information security policy for the University
  • Responsible for planning and reviewing periodic risk assessments to drive security program prioritization
  • Responsible for developing, documenting, and directing implementation of a comprehensive information security program and prioritized roadmap to protect communications, systems, information, and assets from anticipated threats, both internal and external
  • Work proactively to define and prioritize the implementation of physical, administrative, and technical controls appropriate for the University’s security program and in compliance with policies, applicable laws, and regulations
  • Leads the implementation of security controls, practices, and policies through collaboration with technical staff inside and outside ITS
  • Directs the use of external, third-party resources to scan for vulnerabilities and conduct penetration tests
  • Continuously ensures compliance with laws and regulations applicable to academic, research, and business data and systems
  • Determines and oversees periodic security audits
  • Manages projects associates with ITS’ security audits
  • At the direction of human Resources and/or the Office of General Counsel, leads ITS activities related to data access reporting, data collection, and securing evidence in disciplinary and legal matters, security breaches, and policy violations of union and non-union employees
  • Provides strategic and tactical security guidance for programs, projects, and data management and use agreements that may involve security controls, including evaluation of the architecture, hardware, software and technical controls
  • Leads enterprise information security incident response services and activities
  • Directs the development and delivery of a security awareness training program for employees, contractors, and other parties
  • Establishes a metrics-driven dashboard to evaluate the effectiveness of the information security program
  • Maintains a current understanding of the IT threat landscape for the industry
  • Oversees and manages ITS’ Information Security unit, supervising security operations staff and identity and access management staff
  • Manages institution-wide information security governance processes
  • Must be available to provide support and consultation outside normal business hours, including occasional evenings, holidays, or weekends, within reasonable professional obligation and expectation
  • This has been designated as an essential position based on the duties of the job and the functions performed. Positions that are designated as such are required to report to work/remain at work even if classes are cancelled and the campus is working on limited operations in an emergency.

Minimum Qualifications:

  • Bachelor’s degree from a college or university accredited by a U.S. Department of Education (DOE) or internationally recognized accrediting organization
  • At least 7 years full-time experience in information security/cybersecurity
  • Experience developing or contributing to the development of security policies
  • Ability to plan, manage, and maintain a complex, long-term, organization-wide program
  • Demonstrated experience working, collaborating, and establishing credibility and relationships with senior leadership, colleagues, and customers
  • Excellent oral, written, and interpersonal communication skills as evidenced in the cover letter, resume, and interview process
  • Familiarity with cyber security frameworks, including NIST
  • Applicants must clearly address in their cover letter their ability to work with a culturally diverse population.

Preferred Qualifications

  • At least 2 years supervisory experience
  • Experience working in higher education
  • Experience with common security and privacy legislation and regulations (e.g., PCIDSS, FERPA, HIPAA, etc.)
  • Experience coordinating with key stakeholder groups, such as legal counsel and internal audit
  • Professional certification (e.g. CISSP)
  • Experience managing complex IT projects

Additional Information:
Professional Rank and Salary Range: Director of University Systems Analysis, Management/Confidential (MP3)

Special Notes: Visa sponsorship is not available for this position.

The Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act, or Clery Act, mandates that all Title IV institutions, without exception, prepare, publish and distribute an Annual Security Report. This report consists of two basic parts: disclosure of the University’s crime statistics for the past three years; and disclosures regarding the University’s current campus security policies. The University at Albany’s Annual Security Report is available in portable document format [PDF] by clicking this link

Pursuant to NYS Labor Law 194-A, no NY State entity, as defined by the Law, is permitted to rely on, orally or in writing seek, request, or require in any form, that an applicant for employment provide his or her current wage, or salary history as a condition to be interviewed, or as a condition of continuing to be considered for an offer of employment, until such time as the applicant is extended a conditional offer of employment with compensation, and for the purpose of verifying information, may such requests be made. If such information has been requested from you before such time, please contact the Governor’s Office of Employee Relations at (518) 474-6988 or via email at


Please apply online via

Application Instructions:
Applicants MUST submit the following documents:

  • Resume
  • Cover letter stating all the required minimum qualifications and any of the applicable preferred qualifications
  • List of references

Note: After submitting your resume, the subsequent pages give you instructions for uploading additional documents (i.e. cover letter etc.).

This position will remain open until filled.