Assistant Vice President (214UC7345)

University of Cincinnati in Ohio

Deadline Open until filled
Date Posted March 24, 2014
Type Executive
Salary Not specified
Employment Type Full-time

The University of Cincinnati is currently accepting applications for an Assistant Vice President. Reporting to the VP for Information Technology and CIO, the position will serve a key role in university leadership, working closely with senior administration, academic leaders, and the campus community and will play a key role in both internal (UCIT) and campus security standards in all areas impacted by security, including administrative services, cloud services, purchasing, software development, and identity and access management. The individual will be a close partner of Compliance, Audit, and Purchasing as well as other campus administrative and academic units. The individual will be responsible for maintaining the university's IT@UC Data Compliance and Information Security Plan to ensure that institutional information assets are adequately protected. The position will be an advocate for UC's information security needs and be responsible for the development and delivery of a comprehensive information security strategy and risk management program to optimize the security posture of the entire university. The individual will lead the development and implementation of an information security program that leverages collaborations and campus-wide resources, advises the CIO leadership team on security direction and resource investments and designs or serves as a subject matter expert to develop appropriate policies to manage information security risk.    


Job Description: Under general supervision from a designated administrator, direct and administer the overall planning, coordination and operations of one or more major departments/divisions of the University.


Duties and Responsibilities:

1. Provides strategic direction and leadership for the university's information security program.
2. Develops and implements short and long-term strategic plans consistent with university, IT@UC, and governance planning/priorities.
3. Work with campus leadership to oversee the formation and operations of university-wide information security best practices to ensure all academic and administrative units participate in meeting common goals in information security.
4. Assess and evaluate enterprise IT architectures for soundness with respect to information security risk and overall effectiveness.
5. Coordinate with IT@UC leaders to analyze, design and implement technical solutions and safeguards to protect university information assets.
6. Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire institution in support of academic, research and administrative information systems and technology.
7. Actively engages and collaborates with a variety of key university, unit level, and external constituents to advance information security strategic vision and priorities.
8. Define security metrics and reporting mechanisms and program services. Create maturity models and a roadmap for continual program improvements. Establish a regular schedule for reviewing campus assessments, progress reports and delivering management briefings for all security initiatives to the IT governance structure and university senior leadership.
9. Partners with existing university service providers to implement a comprehensive faculty, staff and student education and risk awareness programs on information security issues, best practices and vulnerabilities. Including the unique needs in compliance on training and education to regulatory requirements, protecting identity theft, mobile social media security and online reputation program.
10. Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
11. Work closely with IT leaders, technical experts, academic and administrative leaders across campus to facilitate IT risk assessment and risk management process on a wide variety of security issues that require an in-depth understanding of the IT environment in their units, as well as research landscape and federal regulations pertaining to their unit's research areas.
12. Keep abreast of security incidents and oversee the technical investigation for incident response and coordinate with the audit, compliance and legal offices to meet regulatory and contractual requirements. Convene a Security Incident Response Tam (SIRT) as needed, or requested, in addressing and investigating incidences that arise.
13. Experience with and familiarity of oversight of electronic discovery procedures, litigation hold and litigation readiness procedures, chain or custody procedures, forensic analysis and reporting best practices.
14. Experience with business continuity and disaster recovery planning, auditing, and risk management, as well as contract and vendor negotiation.
15. Recruits, hires, manage, train, and evaluate direct reports.
16. Performs other related duties as assigned.  


Minimum Qualifications: Bachelor's degree with 7 years experience; OR associate degree with 9 years experience; OR 11 years experience.* Experience must be in field of expertise (departments will identify the area of expertise) and include at least 3 years supervision.


Position Qualification: Demonstrated experience in managing an enterprise-level information security program in a higher education environment. Proven track record of superior customer service. Demonstrated success in cultivating strategic partnerships internally and externally. Experience in a higher education environment, including academic health and clinical systems. Must be articulate and persuasive leader who can serve as an effective member of the management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff. This includes senior university staff, the general campus community, and senior technical personnel. Experience with information system auditing including computer security reviews, control selection, and evaluation of systems using a risk based approach. Foundational knowledge and computer security reviews, control selection, and evaluation of systems using a risk based approach. Foundational knowledge and experience with information and personal privacy policy and compliance issues, copyright and software piracy law, media interactions, and research. Expertise in risk management approaches to assess and address security and other types of information technology-related risks through an IT or enterprise risk management program. Expertise in computer forensic investigation methodology. Knowledge and understanding of relevant state and federal legal and regulatory requirements, such as Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley, Family Educational Rights and Privacy Act (FERPA) and Payment Card Industry/Data Security Standard.

Minimum Qualifications:

An advanced degree in Computer Science or Information Systems Management, Business Administration, Public Policy, Law, or an undergraduate degree with advanced experience related to technology policy and security administration. Three years of experience in a leadership role overseeing information security in higher education; 8+ years of progressive experience in the field. Certification in at least one of the following: CISM, CISSP, or SANS GIAC. Strategic leadership, management, and planning experience. Experience building; developing; and mentoring a team of information security professionals.  


To apply for position (214UC7345), please see


The University of Cincinnati is an affirmative action/equal opportunity employer/M/F/ Vet/Disabled. UC is a smoke-free work environment.  


How To Apply

You can apply for this position online at