Screen reader users may encounter difficulty with this site. For assistance with applying, please contact hr-accessibleapplication@osu.edu. If you have questions while submitting an application, please review these frequently asked questions.
Current Employees And Students
If you are currently employed or enrolled as a student at The Ohio State University, please log in to Workday to use the internal application process.
Welcome To The Ohio State University's Career Site. We Invite You To Apply To Positions Of Interest. In Order To Ensure Your Application Is Complete, You Must Complete The Following
- Ensure you have all necessary documents available when starting the application process. You can review the additional job description section on postings for documents that may be required.
- Prior to submitting your application, please review and update (if necessary) the information in your candidate profile as it will transfer to your application.
Job Title
Chief Information Security Officer, OH-TECH
Department
OHTECH | Shared Infrastructure
The Chief Information Security Officer (CISO) leads the development and operations of risk management efforts (including both data/systems security and IT business continuity) and coordinates overall IT governance functions for the Ohio Technology Consortium (OH-TECH).
The CISO will oversee the crucial balance of the need for IT support/systems that maximize flexibility and adaptability while minimizing risk to the organizational units. The governance functions establish the organizational mechanisms, and specify accountable parties, for decision-making on IT generally while the CISO is primarily responsible for interpretation and communication of security controls. The security practice improvement component aligns consortia decision-making on IT and risk management, and actual methods for carrying out those risk management goals and strategies.
This position is a member of the Shared Infrastructure leadership team and works with the Director under supervision of the Office of the Chancellor of the Ohio Department of Higher Education (ODHE) to strategize, manage, integrate and coordinate overall IT direction.
Responsibilities Of The CISO Include
- Ensuring the overall performance of the security functionality for all consortia members and the ODHE.
- Leads, develops and maintains the IT risk, business continuity and compliance management strategies.
- Develops and maintains policies, standards, processes and procedures to assess, monitor, report, escalate and remediate IT risk, security and compliance-related issues.
- Leads a small team with the responsibilities of vulnerability management, penetration testing, web application firewall, governance risk and compliance, data loss prevention, log aggregation, threat hunting, software security review (including third-party risk assessments), advising in software procurement, developing and maintaining the approved software list along with the software inventory utilized on both endpoints and servers, and endpoint patching (OS and third-party applications).
- Closely partners with Digital Security and Trust, State of Ohio Office of Information Security and Privacy, and functions as OH-TECH's Security Liaison and primary contact for compliance, internal audit, risk management and business continuity.
- Works with cross-functional teams in designing reviews and tests of IT internal controls and security frameworks (e.g., NIST) to ensure that existing IT systems are operating as designed and that they contain adequate security controls for risk management and compliance.
- Facilitates risk assessments and identifies risk themes.
- Proactively promotes enhancement of technology-related internal controls awareness, training and best practices across units.
- Responsible for incident response and serves as the main point of contact to investigate and resolve IT security incidents involving OH-TECH systems.
- Leads, develops and maintains the OH-TECH IT governance strategy. In conjunction with the Office of the Chancellor, oversees the development of a governance mechanism that helps to continuously coordinate and integrate IT decision-making, and specifying appropriate parties for such decision-making, across units; communicates agendas and outcomes with IT and unit leaders and beyond as appropriate.
- Responsible for the security, risk reduction and compliance aspects of OH-TECH's IT process improvement and strategic change initiatives. Acts as a change agent to assess and promote best security practices across the organization, often responsible for the implementation coordinator role of these changes.
- Leads the IT organization's overall business continuity planning, including creating disaster recovery processes and assisting in performing business continuity test scenarios and trials.
OH-TECH, the technology and information division of the ODHE, provides high-tech solutions for Ohio’s higher education institutions to catalyze innovation in the modern knowledge economy. The consortium functions as an umbrella organization for Ohio’s statewide technology infrastructure organizations: the Ohio Academic Resources Network (OARnet), the Ohio Supercomputer Center (OSC) and the Ohio Library and Information Network (OhioLINK). OH-TECH is a welcoming and inclusive environment.
Because The Ohio State University serves as OH-TECH’s fiscal and legal agent, OH-TECH staff enjoy the same benefits as other Ohio State employees, including participation in the Ohio Public Employees Retirement System (OPERS), the Ohio State Health Plan, employee wellness and work-life balance programs, educational benefits, discount programs and more.
Required Education/Experience
- Bachelor's degree, or an equivalent combination of education and experience.
- Extensive years of IT work experience in a research university setting including information security, IT risk management, process design, re-engineering, organizational transformation, problem solving, reasoning and IT governance.
- 7 years of leadership experience in managing multiple, large, cross-functional teams or projects.
- Proven ability to deliver solutions on time and within budget.
- Experience influencing senior level management and key stakeholders.
- Excellent written and verbal communication skills.
- Strategic or long-range planning experience.
- One or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC).
Desired Education/Experience
- Master's degree, or an equivalent combination of education and experience.
- Atlassian Jira and Confluence
- Service Now ITSM
Additional Information
Function: Information Technology
Subfunction: Information Security and Risk Management
Career Band: People Leader – Managerial
Career Level: M3
Location:
Kinnear Rd, 1224 (0374)
Position Type
Regular
Scheduled Hours
40
Shift
First Shift
Final candidates are subject to successful completion of a background check. A drug screen or physical may be required during the post offer process.
Thank you for your interest in positions at The Ohio State University and Wexner Medical Center. Once you have applied, the most updated information on the status of your application can be found by visiting the Candidate Home section of this site. Please view your submitted applications by logging in and reviewing your status. For answers to additional questions please review the frequently asked questions.
The Ohio State University is an equal opportunity employer.
All qualified applicants will receive consideration for employment without regard to age, ancestry, color, disability, ethnicity, gender identity or expression, genetic information, HIV/AIDS status, military status, national origin, race, religion, sex, gender, sexual orientation, pregnancy, protected veteran status, or any other basis under the law.
Applicants are encouraged to complete and submit the Equal Employment Identification form.