Assistant Vice President of IT Infrastructure Services / Chief Information Security Officer (CISO)

Job Description:

FIT is searching for a qualified candidate who can provide the strategy, leadership, management, technology and operational excellence to manage and oversee FIT's information technology infrastructure, engineering services, and cyber security and safety programs.

Under the direct supervision of the VP/CIO of Information Technology, the Assistant Vice-President of IT Infrastructure Services/Chief Information Security Officer (CISO) will oversee and manage infrastructure, engineering, and media services as well as lead FIT's critically important NIST 800-based information security program. The position is both a leadership and hands-on operational role to maintain, develop and enhance the college's IT infrastructure and engineering architecture as well as the confidentiality and integrity of the college's infrastructure, data/information, and systems through effective security policies, procedures, and practices designed to address the cyber security threat landscape.

ESSENTIAL FUNCTIONS:

Leadership & Operations
Direct/oversee infrastructure, engineering, and operations units to ensure IT infrastructure & architecture are operational and reliable throughout the life cycle of technical architecture, infrastructure engineering, infrastructure operations and IT service support. Lead daily delivery of all internal & cloud-managed IT infrastructure and provide leadership/guidance for outages and upgrades, ensuring incident management & change control are followed. Has solid technical prior "hands-on" engineering/infrastructure experience, strong project & vendor management skills, and a superior service-oriented approach to operations ensuring that quality & efficiency goals are achieved, including troubleshooting systems issues and interfacing with application providers, and systems vendors on tiered IT support issues. Member of the IT senior leadership, contributing college-wide IT strategy and the college's mission. New tech and EOL product cycles require effective technical roadmapping, service delivery, and change management. Will conduct research into trends and to solve complex issues.

Direct/oversee the security and safety programs including daily operations, initiatives, & the roadmap. Work with various university groups and councils to manage infosec needs. Create & maintain policy. Lead security/risk assessments & protection programs, and business continuity & disaster recovery plans. Perform reviews of application architecture and new software and technology. Manage FIT's operational relationships serving as FIT's liaison for info sharing & compliance issues. Respond to the threat landscape and system vulnerabilities via technical controls or other actions to mitigate risks. Conduct tests of infosec controls. Serve as expert advisor to senior leadership and works closely with the campus community to provide guidance/advocacy regarding prioritization of infrastructure investments that affect security.

Financial Management
Determine financial needs and submit annual budgets consistent with IT's strategic roadmap, and divisional and stakeholder needs. Manage operating budgets, working with the IT budget manager. Direct sourcing strategies & vendor relationships. Work toward cost avoidance. Oversee the purchasing process in a timely manner.

Supervision
Supervise unit supervisors and oversee all reporting units ensuring employees have work plans. Manages operations through a combination of in-house personnel & 3rd party service vendors. Oversee performance management, recruitment and selection, and compensation/policy administration, exercising supervisory authority in accordance with Human Resource policy and Administration policies, and/or the bargaining agreement. Ensure, in partnership with reporting units' supervisors, that assigned job tasks are appropriate for union staff schedules, while setting expectations, counseling, recognizing achievement, and managing employee performance on an on-going basis. Set and monitor overall team performance feedback, including performance improvement. Perform/oversee all required administrative tasks related to reporting units.

Performance
As a strategic leader and subject matter expert, support the mission/values of FIT including change and innovation. Provide strong service delivery using specialized expertise and industry standards for the design of infosec, infrastructure, and engineering services. Promote continuous process improvement to drive better results. Advocate for civility, equity, and inclusion.

Incident Management
Lead and guide IT and infosec incidents/outages, ensuring key processes are followed. Respond quickly to incidents in real time. Manage the overall information security incident response program, inclusive of policy and response processes and procedures.

Compliance & Auditing
Manage the design, implementation, and evolution of infosec policies & access controls to protect the integrity and confidentiality of FIT information, systems, & infrastructure. Act as the information-related compliance officer, ensuring community and system adherence to internal infosec compliance policies, working with Legal Affairs and Internal Controls to ensure compliance with DMCA, FERPA, GDPR, HIPAA, and NYS laws. Maintain security & compliance goals. Define security strategies, metrics, reporting mechanisms and program services. Perform infosec/risk reviews of 3rd party contracts using their knowledge and understanding of compliance requirements such as PCI, FERPA, HIPAA, Sarbanes-Oxley, GDPR and Gramm-Leach-Bliley. Periodically conduct information security-related assessments/audits to ensure compliance to standards such as NIST 800 or ISO 27001.

Strategic Planning & Roadmapping
Set goals within reporting units using a continuous improvement model that assesses technology capabilities consistently. Establish, monitor, & analyze performance metrics and service agreements. Lead service strategy development and technical roadmapping for reporting units based on IT and enterprise strategic plans, best-practice processes, and SOPs. Plan work and roadmap strategically to anticipate and reduce risk, while championing innovation. Understand trends and support business unit IT strategies.

Manage and maintain the dual strategy of cyber security and cyber safety/awareness. Protect FIT information systems and data using current/evolving technology security measures & methods. Maintain awareness of the evolving threat landscape to assess risk. Monitor the cyber marketplace and government actions & reactions. Recommend the roadmap for services & procedures to improve data and systems security, enhancing cyber defense-in-depth.

Develop and implement long-term directional strategies for the infrastructure units including data networking, telephony, Windows infrastructure, Google infrastructure & messaging, Unix/Solaris, computer operations, endpoint engineering, storage, virtualization, disaster recovery, and business continuity. Stay current with emerging technologies.

Communication, Coordination, and Collaboration
Participate in management meetings, providing feedback to the reporting units. Identify strategic and/or critical issues that require CIO direction. Coordinate/collaborate with various SUNY departments, as well outside vendors & service providers, to procure and deliver technology products and services. Represent the CIO in presentations as requested. Conduct regularly scheduled meetings with reporting units' staff to communicate work plans, issues, and other appropriate information. Facilitate collaborative working relationships among staff. Foster a customer service culture.

Acting as "infosec educator," communicate frequently with all stakeholders. Collaborate with Legal Affairs, Records Retention, the President's Cabinet, and the Office of the President as needed. Maintain subscriptions and contacts with key state, federal and international agencies.

Information & Documentation
Report regularly to the CIO on established KPIs, overall program status, & strategic planning. Produce reports for stakeholders. Co-present, with the CIO, to various FIT constituencies. Oversee the documentation repository of all reporting units, ensuring all infrastructure system configurations and operating procedures are fully documented/maintained. Analyze the College's enterprise portfolio related to infosec KPIs and audit controls. Prepare & present regular cyber security and safety analyses of FIT's infrastructure, applications, and architecture. Report security risks of applications/services and suggest mitigation strategies.

The preceding description is not designed to be a complete list of all duties and responsibilities required of the position; other duties may be assigned consistent with the classification of the position. For detailed tasks and work instructions, click here .

Requirements:

Minimum Qualifications:

• University degree in Information Security, Computer Science, Information Systems, Information Architecture, Engineering, Networking, or a related field from an accredited academic institution.
• Industry certification in at least one of the following areas
  • Certified Information Systems Security Professional [CISSP];
  • Certified Information Security Manager [CISM];
  • or Information Systems Security Management Professional [ISSMP];
• Minimum of two years of experience in a leadership/managerial role within an information security/IT risk functional area, preferably at a higher education institution.
• Minimum of four years of relevant professional experience working within an information security/IT risk functional area.
• Minimum of four prior years of relevant experience in engineering/networking, information systems, and/or managing and maintaining IT technical infrastructure for business applications. Broad technical experience with a good understanding of networks, architecture, software, engineering and operations.
• Prior experience as a CISO or the equivalent building and/or maintaining a robust Information Security capability for a sizable higher education organization or a complex, decentralized company.
• Knowledge of IT security frameworks such as NIST 800 (preferred) and/or ISO 27000.

Preferred Qualifications:

• Master's degree in one of the above or related fields is preferred.
• Certification in service management or information systems auditing areas [e.g., Certified Information Systems Auditor - CISA] would be an advantage.
• Applied experience with Google Workspace, Windows and UNIX (Solaris, Red Hat) Servers, Active Directory and LDAP, as well as Dell, Cisco, and HP networking and data center hardware.
• Experience with large databases working with DBAs, especially Oracle.
• Experience leading IT transformational initiatives in complex and dynamic environments.
• Experience in outsourcing, vendor management, and using and integrating Managed Services Providers.
• Demonstrated record of budget and cost management experience.
• Some prior higher education experience would be welcome.

Additional Information:

Days/Hours: M-F, 9am-5pm, in person; work schedule subject to change based on needs of the department. There may be overtime and weekend hours from time-to-time depending on the nature of the project or support needs, as well as the need to respond to occasional enterprise application outages/escalations.

Starting Salary: $215,000.00 per year; commensurate with experience and qualifications.

• Full-Time Benefits
• Employee Holiday and Work Schedule
• Summer Fridays
• Remote Work Policy

Review of applications will begin immediately until the position is filled.

Successful completion of a background check is required for appointment to this position once an offer has been made.

MENTAL REQUIREMENTS

Read Comprehend- Constant; Perform Calculations- Frequent; Communicate Orally- Constant; Reason & Analyze- Constant; Write- Frequent

WORKING ENVIRONMENT

The position is on campus, primarily in an office environment.

PHYSICAL REQUIREMENTS

Sit- Constant; Stand- Frequent; Bend- Occasional; Walk- Occasional; Climb- N/A; Pull- Occasional ; Push- N/A; Lift 10-20- N/A; Lift over 50- N/A; Reach- Occasional

Application Instructions:

In order to be considered for the position, you must submit the following documents online:

• Resume
• Cover letter
• Unofficial transcript
• A list of three references with telephone numbers and email addresses

Returning Applicants- Login to your FITNYC Careers Account to check your completed application.

For more information about FIT, please visit FIT's website at: http://www.fitnyc.edu

Pursuant to Executive Order 161, no State entity, as defined by the Executive Order, is permitted to ask, or mandate, in any form, that an applicant for employment provide his or her current compensation, or any prior compensation history, until such time as the applicant is extended a conditional offer of employment with compensation. If such information has been requested from you before such time, please contact the Governor's Office of Employee Relations at (518) 474-6988 or via email at info@goer.ny.gov.

EEO/ Affirmative Action Statement

FIT is firmly committed to creating an environment that will attract and retain people of diverse racial and cultural backgrounds. By providing a learning and working environment that encourages, utilizes, respects, and appreciates the full expression of every individual's ability, the FIT community fosters its mission and grows because of its rich, pluralistic experience. FIT is committed to prohibiting discrimination, whether based on race, color, national origin, sex, gender, gender identity, religion, ethnic background, age, disability, marital status, sexual orientation, military service status, genetic information, pregnancy, familial status, citizenship status (except as required to comply with law), or any other criterion prohibited by applicable federal, state, or local laws. FIT is committed to providing equal opportunity in employment, including the opportunity for upward mobility for all qualified individuals. Applications from minorities, women, veterans, and persons with disabilities are encouraged. Inquiries regarding FIT's non-discrimination policies may be directed to the Affirmative Action Officer/Title IX Coordinator, 212.217.3360, titleix@fitnyc.edu.

The Fashion Institute of Technology is an Equal Opportunity/Affirmative Action Employer and is strongly and actively committed to diversity within the community.

About Fashion Institute of Technology:

The Fashion Institute of Technology (FIT), an internationally renowned college of art and design, business and technology, of the State University of New York, invites internal nominations and applications for an Assistant Vice-President of IT Infrastructure Services/Chief Information Security Officer (CISO).