Information Security Officer

Chief Objective of Position          

Christopher Newport University’s Information Security Officer (ISO) serves as the leader of the University’s information security program for the information technology enterprise. Working closely with the leadership of Information Technology Services (ITS) and campus stakeholders, the ISO is responsible for ensuring the operational security and compliance of the university’s technology services. The ISO is responsible for building a proactive and agile security program, identifying cyber threats and risks, mitigating and/or resolving vulnerabilities, and engaging with the Christopher Newport community for cybersecurity best practices in the use and administration of information technology resources.

Work Tasks        

Program Leadership

• Leads Information Technology cybersecurity program in support of academic, research, and administrative information systems and technology.
• Manages Christopher Newport’s information security team including hiring, training, developing, and evaluating all staff and student workers.

Policy, Compliance and Audit

• Develops and maintains cybersecurity policies and standards for university information technology infrastructure and data.
• Implements and maintains one or more risk management frameworks in order to protect all information technology infrastructure and assets from external and internal threats.
• Serves as the University’s GLBA qualified individual and, as such, fulfills responsibilities required of the GLBA qualified individual.
• Ensures CNU cybersecurity compliance and serves as a key point of contact with university affiliated audit and compliance personnel.
• Maintains and reviews commercial, governmental, and academic IT policies, standards and guidelines, ensuring the University follows established best practices.

Security Awareness and Training

• Oversees the information security training program for University employees, and manages ongoing security awareness and role-based security training for faculty, staff, and students.

Risk Management, Security Operations, Projects, and Incident Response

• Manages IT security operations, overseeing cybersecurity monitoring, detection, and management platforms. Identifies risks and vulnerabilities; engaging with stakeholders in security responses.
• Participates in the University Change Management process and evaluates changes for security risks.
• Engages with the university’s research stakeholders, ensuring research computing and data is appropriately secured.
• Assists in the development of a comprehensive continuity of operations and disaster recovery plans.
• Manages crisis situations, which may involve complex information security issues and leads events through completion including overseeing and reporting all forensic activity.

Other Duties: 

• Develop and maintain very positive and professional customer service and/or relations within the office/department and with all constituencies to include students, faculty, staff, guests, and employees. Demonstrates a positive and professional attitude and treats everyone with dignity and respect. Fully support the “Student’s First” value at CNU and routinely goes the extra mile in providing service.
• This position is designated as a “responsible employee” who has the authority to redress sexual violence, who has the duty to report incidents of sexual violence or other student misconduct, or who a student could reasonably believe has this authority or duty.
• Safety issues are reviewed and communicated to ensure a safe and healthy workplace and a reduction in work-related absence.
• Perform other duties as assigned.

Knowledge, Skills, Abilities (KSA's) related to position      

• Possesses working knowledge of all areas within IT Services including information security, systems, network infrastructure, identity management, application development, and endpoint security
• Significant knowledge and awareness of security trends, legislation, and policy applicable for a higher education environment or comparable work environment
• Comprehensive knowledge of current information security threats, weaknesses and vulnerabilities and good working knowledge of zero-day exploits
• Ability produce and manage IT security corrective action plans.
• Demonstrated ability to model professional integrity and behavior
• Excellent organization and planning skills
• Superior communication skills, including the ability to write complex technical documentation for varied audiences

CNU Information             

Christopher Newport University is anchored in excellence, and that is reflected in our ranking as the #1 regional public university in Virginia and #3 among regional public universities in the South. We are an inclusive and kind community, founded on our shared values of honor, scholarship, service and leadership. We offer an outstanding liberal arts education provided by dedicated, gifted teacher-scholars who are supported by a compassionate team of faculty and staff. Our 4,500 undergraduate and graduate students pursue more than 90 areas of study, as they live and learn on a largely residential campus. CNU’s on-campus performing and visual arts centers offer Broadway shows, world-class performances, engaging exhibitions, transformative lectures and classes, and more. Our athletics program is the winningest at any level in Virginia.

Christopher Newport University is in the heart of Newport News, a vibrant city with breathtaking scenery and unique experiences. The city and region offer affordable neighborhoods, local and name-brand shops, diverse dining options, local parks and water access, and fun recreational opportunities. Whatever your interests and goals, you belong at CNU! For further details and information about Christopher Newport, visit cnu.edu.

Application Instructions

Interested parties are requested to submit a cover letter; current resume; and the names, addresses, and telephone numbers of at least three professional references at the time of application.

This position will be posted until filled, however for priority consideration, please apply by January 6, 2025.

Search finalists are required to complete a CNU sponsored background check.

Christopher Newport University (CNU) will make a reasonable effort to accommodate persons with disabilities in the application and/or interview process. Persons with disabilities who require accommodation should contact the CNU Human Resources Office by calling (757) 594-7145.

Required Education        

Master’s Degree or a Bachelor’s Degree and experience that equates to an advanced degree.

Additional Consideration - Education      

Master’s Degree in Systems, Computer Science, Computer Engineering or a related field, or a Bachelor’s Degree in Information Systems, Computer Science, or Computer Engineering.

Cybersecurity certifications including CISSP, CCSP, CISM, CISA, GSLC, OSCP, or commensurate credentials.

Experience Required     

Experience leading, supervising, and facilitating technical security teams

Experience building and maintaining information security programs

In-depth experience participating in incident response planning and security breach investigations

Demonstrated experience delivering security awareness and training programs

Experience evaluating, administering and executing enterprise security programs

Additional Consideration - Experience   

Experience leading, supervising, and facilitating higher education technical security teams

Familiarity with continuity of operations, business impact analysis, disaster recovery, and risk management frameworks

Experience serving as incident commander during information security incidents

Experience developing and mentoring cybersecurity personnel