Chief Information Security Officer

Published
October 17, 2020
Location
Pasadena, CA
Category
Job Type

Description

Job Summary

The Chief Information Security Officer (CISO) directs the Information Security team and related policy efforts for Caltech. In addition to exhibiting organizational management skills, the successful candidate should exhibit strong Information Security operations skills that require extensive, expert-level, up-to-date technical knowledge of security and privacy technologies and best practices, and use of appropriate security controls, tools, and methods. Additionally, the role requires familiarity with evolving IT security and privacy legislation and related policy issues that are applicable to Tier 1 Higher Education research institutions. The role is expected to interact with and support campus leadership groups such as the Office of the General Council (OGC), Research Compliance, Audit, and the Caltech Board of Trustees (BoT) IT Security Working Group. 

Job Duties

  • Manage Information Security budget
  • Supervise a staff of six (four Information Security operations staff and two Identity Management staff)
  • Develop and oversee new strategic Information Security initiatives
  • Oversee central firewall management service
  • Oversee identity and access management service
  • Provide an annual report to the IT Security Working Group of the Caltech Board of Trustees
  • Provide data preservation/hold order assistance for OGC and Research Compliance, including overseeing forensic imaging and analysis and production of files, assisting campus data custodians in preservation and production of materials, with the possibility of providing testimony or giving depositions in legal matters
  • Conduct security reviews of hosted applications proposed for use by campus
  • Oversee application security testing of in-house campus web applications
  • Advise on IT governance, IT-related policy, privacy, compliance matters
  • Oversee responses to IT audits against IMSS-run systems and services
  • Assist Audit Services and Institute Compliance upon request
  • Create and implement procedures for complying with IT policies and regulations
  • Assist with reviewing contractual language for site licensed software
  • Oversee account management for deceased personnel, including faculty. Preservation of materials for Caltech Archives
  • Participate in routine Information Security operations: analyze network traffic using netflow and pcap data, system logs, and intrusion detection tools. Block problem traffic, send and respond to alerts and/or investigate when suspicious activity is detected
  • Oversee and participate in handling of Information Security tickets and problem reports of all kinds
  • Communicate with users at all levels, including internal and external security personnel, system administrators and/or end users (faculty, students, staff, guests) about incidents and recommended recovery measures

Basic Qualifications

  • Bachelor’s degree
  • 7-10 years of full-time professional work experience in Information Security, including significant experience in computing systems security, network security, and security incident response and recovery
  • A working knowledge of current security aspects of multiple platforms, operating systems, applications, firewalls, network protocols, and secure application development practices
  • Related systems security experience and appropriate subject-area knowledge, including managing security services such as intrusion detection and network sensors, conducting application security assessments and/or penetration testing, and handling security incidents of all kinds
  • Excellent written and oral communication skill
  • Demonstrated organizational leadership

Preferred Qualifications

  • Advanced degree in an applicable field
  • Work experience as CISO, deputy CISO or equivalent
  • Experience with Tier 1 Higher Education institutions or research laboratories
  • 6+ plus years of directly-related systems security experience and expertise, with a thorough knowledge of current security aspects of multiple platforms, operating systems, applications, firewalls, network protocols, and secure application development practices
  • Experience with the following: Zeek (Bro); Oracle databases and Oracle web applications; Windows, Macintosh, Linux (especially Red Hat) operating system hardening; secure web application development; PGP/GPG; PKI; Nessus; Burp; Snort or Suricata; Splunk; Argus; Cisco netflow; programming in Perl, Python, Java, PHP, Javascript, ASP
  • Working knowledge of security issues and controls pertaining to cloud IaaS and PaaS platforms, including Microsoft Azure and Amazon
Only registered members can apply for jobs.

Related Jobs

Regional Compliance Nurse (RN)   Downey, CA new
October 30, 2020
October 30, 2020
English Online Tutor (remote working)   Los Angeles, CA new
October 30, 2020
Holiday Customer Service Representative   Huntington Park, CA new
October 30, 2020
Customer Service Associate   Atlanta, GA new
October 30, 2020

Author: