Chief information Security Officer- Wake Forest University

Wake Forest University invites applications and nominations for the position of Chief Information Security Officer (CISO). The CISO serves as the University's senior information security executive charged with creating and executing IT security strategy, overseeing security operations, and supporting privacy, policy, and legal compliance efforts. Wake Forest seeks an experienced leader with a blend of technical, leadership and policy experience to lead a highly effective security program. The CISO reports to the University Vice President for Information Technology/CIO, serves as a member of the CIO leadership team, and collaborates with senior academic and administrative leaders, and faculty, and staff and students. They are the primary liaison to the Board of Trustees on matters of cyber risk and are a key leader in enterprise risk management.

About Wake Forest University

Founded in 1834 and guided by its enduring motto Pro Humanitate, "For Humanity", Wake Forest University is a private research university located in Winston-Salem, North Carolina, with a growing presence in Charlotte and academic facilities in Washington, D.C., London, Venice, and Vienna. The University enrolls more than 9,000 students across seven schools offering the breadth of a research university within a relationship-centered academic community. Wake Forest's teacher-scholar model, in which faculty engage students directly in research and scholarship, defines the institutional character and has earned the University consistent national recognition for the quality of its undergraduate teaching and exceptional student outcomes.

The University is poised to enter its third century with significant ambition and momentum. Its strategic framework prioritizes signature areas of excellence including a nationally recognized Program for Leadership and Character, growing investment in emerging technologies and data analytics, and a major expansion in Charlotte anchored by new professional programs in cybersecurity leadership, health administration, and financial technology. The University's partnership with Advocate Health positions its School of Medicine to expand its research and clinical programs. For the incoming Chief Information Security Officer, Wake Forest presents a compelling opportunity: a complex, multi-site institution with a high-value research mission, a deeply values-driven culture, and a strategic focus on the security and integrity of its digital environment.

About Information Systems

The Office of Information Systems (IS) is the primary technology organization at Wake Forest University, driven by the core values of innovation, collaboration, and leadership. IS's mission is to empower the University community in the use of information and digital technologies to further intellectual exploration, informed institutional decisions, and the creation and dissemination of knowledge. The University technology strategy encompasses a range of technology initiatives organized around six focus areas: student experience and administrative effectiveness; teaching and academic excellence; support for research, creative work and innovation; analytics, data accessibility and standards; cybersecurity; and IT organization, governance and practices. IS is particularly focused on artificial intelligence and is pursuing a deliberate, ethical, and human-centered approach to AI's potential. Recent initiatives include a centralized hub for AI resources and community-informed guidance, a campus AI podcast series, and sustained programming through AI Cafe gatherings and AI Fest events. On the cybersecurity front, IS employs a multi-pronged strategy encompassing technical controls, policy, and community awareness, including annual programming, required faculty and staff training, and a cloud-first infrastructure direction.

The CISO Agenda

Wake's next CISO will build on existing strengths to continue the evolution of security strategies. The CISO will lead efforts to create capabilities that support Wake's growing research portfolio, expand efforts to proactively partner with academic and administrative divisions to protect data and digital assets, and prepare the University to securely and ethically leverage AI. They will be a key partner in the University's enterprise risk management program and lead efforts to enhance readiness to respond to incidents.

• Facilitate compliance with new federal requirements (Fin. Aid, research data management) and federal and state privacy laws.
• Facilitate development of services which support requirements to conduct confidential, controlled unclassified and potentially classified research.
• Contribute to maturing data governance and the development of policies and practices that guide appropriate ways to use and secure data.
• Expand security awareness communications and training to prepare faculty, staff and students to confront new forms of security threats.
• Partner with IS leadership to provide life-cycle management of identity and access management.
• Align security tools and practices with the risks and opportunities of new technologies (AI, Securing Cloud solutions & data transfers).
• Oversee annual third-party risk assessments, penetration testing, tabletop breach simulations, and security/privacy review of vendor contracts.
• Develop the capabilities of the security team and further a culture of partnership and collaboration.
• Partner with Advocate Health to facilitate research and instructional collaborations and the movement of faculty and clinicians between university and hospital facilities.
• Enhance a user centered approach to implementing security measures to balance risk mitigation with end users' needs. Build partnerships across the University and consult with stakeholders to inform product selection, documentation, and data retention requirements.
• Proactively involve the security team in IS projects and technology decisions.
• Balance security protocols with the need for academic freedom and open research.
• Collaborate closely with the Office of General Counsel, Compliance and Internal Audit to align security policies with legal mandates and institutional risk tolerance.

Inquiries, Applications and Nominations

Applicant screening will begin immediately. Candidates are encouraged to submit their application packet by May 8th via this link. The application packet should include a cover letter describing in your authentic voice why you are interested in joining Wake Forest and how your experience meets the needs, responsibilities, and qualifications stated above; and a current resume.

Nominations, questions and/or other inquiries should be directed to Next Generation Executive Search - Phil Goldstein, Managing Partner phil@nextgenpartnersllc.com. All applicants must apply online to https://tinyurl.com/wakeCISO.

This position is not eligible for sponsorship of non-immigrant or immigrant visa status through Wake Forest University. All eligible applicants are encouraged to apply.

This position profile identifies the key responsibilities and expectations for performance. It cannot encompass all specific job tasks that an employee may be required to perform. Employees are required to follow any other job-related instructions and perform job-related duties as may be reasonably assigned by his/her supervisor.

In order to provide a safe and productive learning and living community, Wake Forest University conducts background investigations and drug screens for all final staff candidates being considered for employment.

Equal Opportunity Statement

The University is an equal opportunity employer and welcomes all qualified candidates to apply without regard to race, color, religion, national origin, sex, age, sexual orientation, gender identity and expression, genetic information, disability and military or veteran status.

Accommodations for Applicants

If you are an individual with a disability and need an accommodation to participate in the application or interview process, please contact AskHR@wfu.edu or (336) 758-4700.

Qualifications and Experience

The successful candidate will have excellent leadership, management, technical, interpersonal and communications skills. The ability to listen, lead, explain and communicate at all levels will be critical. A bachelor's degree and 10 years of IT experience with progressively increasing responsibilities including at least five years of experience in a management role in information technology security. An advanced degree in a relevant area, CISSP/CISM certification and experience in higher education are preferable but not required. Experience as a CISO in a comparable sized organization or a primary deputy to a CISO in a comparable sized organization is strongly preferred.

The ideal candidate will have a working knowledge of the strategic technology and information security issues facing higher education and developed security strategies for an organization with significant research activity and diverse types of data. Additionally, the ideal candidate will have many of the following experiences:

• Operational experience with strong technical understanding of multiple areas of technical infrastructure such as networks, compute, storage, or identity and access management.
• Understands security frameworks and standards (NIST, CMMC) and supported compliance with privacy regulations (E.g., FERPA, HIPAA, GLBA, etc).
• Communicated the importance and complexity of cybersecurity to stakeholders in a complex, decentralized organization.
• Improved the structure, capabilities, and performance of a team or organization.
• Led or contributed to the development of a risk-based security roadmap.
• Led an operational response to a complex security incident and leveraged lessons learned to improve processes.
• Engaged with broader security communities and organizations to understand best practices and emerging issues.
• Experience designing or implementing a Zero Trust security architecture in a decentralized or hybrid-cloud environment.

Candidates will also demonstrate the following leadership qualities:

• Curious- asks questions, listens actively, and seeks understanding before acting.
• Entrepreneurial - open to new solutions and approaches.
• Resourceful - able to find practical solutions to needs, not derailed, or limited by obstacles and constraints.
• Collaborative - highly consultative, interested in cultivating relationships, and engaging stakeholders in design of solutions.
• Adaptable - willing to respectfully question processes and practices and able to adjust when priorities change.
• User centered - thinks about the impact of security practices and technologies on users' ability to get things done.