Chief Information Security and Privacy Officer (CISPO)
The Juilliard School
New York, New York
The Chief Information Security and Privacy Officer is responsible for implementing, managing and evolving Juilliard’s information security and data privacy programs. This position encompasses all security and privacy related efforts at Juilliard, which includes the following programs and initiatives:
- Information Security Strategy Development
- Data Protection and Privacy
- Threat Awareness
- Vulnerability Management
- Endpoint Protection
- Network Protection
- Security Coordination with the Tianjin Juilliard School
- Secure Software Development/Implementation
- Security Monitoring and Incident Response
- Security Policy and Standards Development
- Security Awareness Training
The successful candidate will develop Juilliard’s strategic framework for information security and in so doing work to achieve consensus on information security-related issues across the institution. In that capacity the individual will serve as a cohesive force in maintaining a coherent, enterprise-level security and privacy program. Ongoing contact with students, faculty and staff is fundamental to this position.
This is a unique opportunity as the position involves both strategy formulation and hands-on engagement. Specifically, it combines policy/standard development and implementation, security tool configuration, analysis of risk-relevant data, and training/education of an interesting and diverse clientele while facilitating the business objectives of the world’s premier performing arts institution.
To that end, the successful candidate will work with the school’s administrative and academic teams to align the School’s information management efforts with data privacy best practices and to ensure these are compliant with relevant statutory and regulatory requirements. The individual will also work closely with the IT Department Engineering team and the Legal Department to maintain secure Internet access as well as to ensure software applications and other information technology adhere to Juilliard security standards while facilitating disparate business requirements.Primary Responsibilities:
- Manage and evolve all information security and privacy efforts at The Juilliard School.
- Coordinate with the IT Director, The Tianjin Juilliard School, on information security issues.
- Establish and maintain information security-related policies and standards.
- Provide security-related input on business processes as they potentially affect unauthorized access to confidential and/or regulated information.
- Define security tool and platform configurations related to password administration, Active Directory Group Policies (GPO), Office 365, single sign-on/Identity Management, web filtering, anti-virus/endpoint protection, network security, patch and vulnerability management, log monitoring and correlation, email filtering and data leak prevention (DLP), et al.
- Review and opine on the security of applications/software prior to purchase.
- Analyze the output of a suite of security technologies and advise on threats and remediation.
- Educate and train key stakeholders on new threats, industry trends, and laws applicable to security.
- Assess Juilliard operations and implement controls relative to Juilliard’s data privacy and regulatory requirements relative to FERPA, HIPAA, PCI, and GDPR.
- Maintain currency on relevant privacy laws and regulations and advise the General Counsel on Juilliard compliance. Work with the IT and Legal Departments to identify privacy-compliant technology solutions that also address business requirements.
- Identify software/tools/vendors that impact the management of information security threats and associated risk.
- Conduct, review, and report on ongoing vulnerability assessments of IT systems and coordinate periodic information security risk assessments.
- Contribute to IT Department strategic planning.
- Manage and coordinate incident response procedures pursuant to tracking and addressing information, system and network security incidents. Review and address potential information security policy violations.
- Bachelor’s degree or higher. A degree in a technology-related field preferred.
- Minimum of ten years of relevant experience in information security, with domain expertise in at least one of the previously noted information security programs/initiatives.
- Previous technology experience in cloud and mobile environments
- Ability to work independently and as a member of a team, establish priorities, and work collaboratively as a member of a diverse community.
- Maturity with respect to perceived threats and on balancing the need for security versus convenience.
- Collaborative, constructive, and proactive approach to work, IT colleagues and contractors.
- Demonstrated verbal and written communication skills.
- Excellent project management skills and the ability to balance multiple priorities.
- Attention to detail with a focus on rigorous analysis and proper documentation.
- Working knowledge of Cloud-based systems and the methods to facilitate zero-trust security risk management.
- Knowledge of information security and data breach standards, regulations, and laws including PCI, FERPA, HIPAA, and NIST 800 series.
- Experience presenting complex security concepts to a variety of audiences or groups with varying technology backgrounds (e.g. end-users, IT peers, faculty, senior executives).
- Knowledge of network and authentication protocols, encryption protocols, event management (SEIM), and information security technologies.
- CISSP or similar certification(s).
- The successful candidate must be able to work well with all levels of employees, be flexible in nature, have sound judgment with an open and collaborative style that encourages teamwork and cooperation beyond the immediate team to the broader organization.
- Ability to work with a wide range of constituencies (staff, students, faculty, and administrators) with diplomacy and tact
- Understanding of the mission of The Juilliard School as well as the School’s commitment to equity, diversity, inclusion, and belonging