Chief Information Security Officer (CISO)

Chief Information Security Officer (CISO)

Reporting to the Chief Information Officer and VP for IT, the Chief Information Security Officer (CISO) is responsible for managing the College of Charlestons information security program to maintain compliance and align with institutional risk. The CISO works with executive leadership including the CIO, Legal Counsel, Cabinet, Board of Trustees, and campus stakeholders to establish risk levels and coordinates with various departments to implement policies and standards. In this role, the CISO balances multiple program priorities and recognizes information security as one aspect of the universitys overall mission. The CISO plays a critical role in advancing a culture of responsible data stewardship across the College, ensuring that data classification, retention, and privacy obligations are embedded into daily operations.

Minimum Requirements : A masters in business administration or a technology field, plus at least ten years of relevant executive leadership and professional experience or an equivalent combination of education, training, and work history is required. Relevant experience includes risk management, information security, or IT roles with increasing responsibility and leadership. Strong communication and collaboration skills are needed, along with the ability to explain security and risk concepts to both technical and nontechnical audiences. Candidates with an equivalent combination of experience and / or education are encouraged to apply.

Required Knowledge, Skills and Abilities : Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic academic environment. Poise and ability to act calmly and competently in high-pressure, high-stress situations. Demonstrated ability to be a critical thinker, with strong problem-solving skills, a high degree of initiative, dependability, and the ability to work with diverse constituencies. Knowledge and understanding of relevant legal and regulatory requirements, such as Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), Family Educational Rights and Privacy Act (FERPA), General Data Protection Regulation (GDPR), Digital Millennium Copyright Act (DMCA), etc. Demonstrated experience establishing and maintaining data classification schemes, retention schedules, and privacy controls consistent with institutional policy and applicable regulations. Certified Information Systems Security Professional (CISSP) required.

Additional Comments Regarding Position : Must be willing to be on call for emergencies. Must be