How to Apply
To apply for this position, please include a copy of your resume & a cover letter (this should be the first page of your resume) -- click the Apply Now button above.
Come join a team of passionate and hard-working individuals at a non-profit serving Michigan’s public universities, colleges, K-12 organizations, libraries, state government, healthcare and other Michigan non-profit organizations! This position will be an integral part of Merit, leading the organization’s enterprise security team and collaborating with internal Merit teams as well as Merit’s member organizations.
As the Chief Information Security Officer (CISO) for Merit, this position maintains the security of Merit’s information technology (IT) systems, infrastructure, and data. The CISO is dedicated to IT security, privacy, policy, and business continuity at Merit. The CISO must understand how to protect these systems with the correct balance of hardware, software, and business processes. The CISO is responsible for creating, implementing, and communicating Merit’s information security policies and procedures through collaboration with the software development, information technology, and network engineering sections of Merit. In the event of a cyber security event, the CISO will take the lead in handling the event with an established and appropriate business continuity plan.
The CISO will build close relationships with Merit’s member organizations to help them understand the value of Merit’s security services and will understand how the members use cyber security services insuring that the services delivered meet the required functionality and performance.
The CISO will be responsible for the profit and loss of the Cyber Security line of business, including personally providing professional consultation services. The CISO will work closely with the Michigan Cyber Range team and report to the Vice President for Research and Cyber Security.
The position requires a combination of strategic leadership, business acumen, extensive subject-matter expertise (threat landscape, security, legal, policy, privacy, compliance, identity, and access management), technical knowledge, and relationship building skills.
Essential functions for this position are followed by an (E).
Information Security (60%):
- Serve as a security focal point for Merit and chair Merit’s Security Cabinet. (E)
- Establish policies, procedures, and standards to maintain an appropriate cyber security risk level. (E)
- Lead strategic planning efforts; contribute to setting security strategy; and collaborate across the organization to set and approve operational priorities and security services. (E)
- Collaborate and lead communities of practice in security outside of Merit to bring best practices to Merit and to share Merit’s success. (E)
- Drive collaboration across the organization to understand, propose, and implement security improvement requests and opportunities. (E)
- Guide and assist in the analysis, planning, and testing, and implementation of security solutions. (E)
- Oversee Merit’s privacy program on matters of individual and data privacy.
- Developing, maintaining and overseeing an information security program; (E)
- Developing, maintaining and overseeing information security policies, procedures and control techniques to address all applicable requirements; (E)
- Training and overseeing personnel with significant responsibilities for information security;
- Assisting and advising senior officials on cyber security matters;
- Reporting to executives the effectiveness of the company’s information security program and progress on actions to remediate threats.
Professional Services / Member Support (25%):
- Manage the cyber security portfolio to maximize value to Merit’s member organizations.
- Support the sales and service delivery processes through outreach, including workshops, summits, and on-site meetings
Supervisory Responsibilities (15%):
- Provide training, leadership, and development of Merit's Security team.
- Report results of Security efforts to executive leadership.
- Work in a team environment to support Merit’s membership base. Participate in special events, internal training, and information gathering activities as necessary.
- Actively participate in the strategic management and direction of Merit, including participation in conference calls, online seminars, and onsite training sessions.
- Bachelor’s degree in Computer Science, Engineering, Information Technology or related field, preferably with an emphasis on network security, or an equivalent combination of education and experience
- Minimum 7 years of experience in positions that include a combination of risk management, information security, network security, policy and privacy. At least 3 years of experience must be in a management/leadership role.
- Proven track record and experience in developing information security programs, policies and procedures, as well as successfully executing programs that meet the objectives in a large, complex and dynamic environment.
- Proven success in strategy development and execution.
- Demonstrated ability to implement general security concepts and methods such as vulnerability and risk management, privacy, incident response, policy creation, and enterprise security strategies.
- Knowledge and understanding of relevant legal and regulatory requirements.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, and NIST.
- Excellent written and verbal communication skills, and interpersonal and collaborative skills. Ability to effectively and clearly communicate security and risk-related concepts to technical, nontechnical audiences and to executive officers and governance boards.
- Strong critical thinking and problem-solving skills. Project management skills directly related to: financial/budget management, scheduling and resource management and product development.
- Ability to lead and motivate cross-functional and interdisciplinary teams to achieve strategic goals.
- Ability to travel within Michigan and nationally to meet with Merit Members, attend conferences, write blogs and news articles, and make presentations that represent Merit.
- Graduate degree in a technical field or a Masters of Business Administration is desired.
- Experience with information security regulatory and compliance management, specifically from the following: FERPA, HIPAA, PCI, and NIST.
- Additional security-related certifications such as Certification Information Systems Security Professional, Certified Information Security Manager, and/or Certified Ethical Hacker.
- Experience in or with educational institutions, preferably in a security-oriented position
Merit Network offers excellent benefits and wellness opportunities. This position receives 24 days of vacation per year, paid sick leave with provisions for extended benefits, opportunities for professional development, and retirement options with 2-for-1 matching that include TIAA-CREF and Fidelity Investments. Please visit https://hr.umich.edu/benefits-wellness for full benefits information.
Please note this job description is not designated to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
The physical demands described here are representative of those that must be met by an employee (with or without accommodations) to successfully perform the essential functions of this job.
Employee must frequently work at computer station, answer telephone calls, emails, and/or other forms of customer/client communication. Employee may on occasion be required to move items of various sizes and weights throughout the office or building.
Position Type/Expected Hours of Work:
This is a full-time position, work schedule will be determined by manager and may change if necessary. There may be some occasional work required outside of the established schedule, which may include weekends and holidays. The typical work schedule is Monday thru Friday, 8:00 AM to 5:00 PM.
Travel is required. Travel can be in-state or national, with the heaviest demand in March/April and September/October. During these periods, scheduling may require a trip per week.
The University of Michigan/Merit Network Inc. conducts background checks on all job candidates upon acceptance of a contingent offer and may use a third party administrator to conduct background checks. Background checks will be performed in compliance with the Fair Credit Reporting Act.
- If you have any questions regarding this job, please contact: email@example.com
- If you need assistance completing this application, please call (734) 615-2000, option 1
Job openings are posted for a minimum of seven calendar days. This job may be removed from posting boards and filled any time after the minimum posting period has ended.
U-M EEO/AA Statement
The University of Michigan is an equal opportunity/affirmative action employer.