Chief Information Security Officer (CISO) / Director of Information Security

University of New England, United States

Updated: about 15 hours ago
Location: Portland, MAINE
Job Type: FullTime
Deadline: ;

Position Details
Position Information


Position Type Professional Staff
Faculty Track
Position Title Chief Information Security Officer (CISO) / Director of Information Security
Employment Status Full Time
Months 12
Campus Portland, ME
Description
The Chief Information Security Officer (CISO) / Director of Information Security leads and manages the University’s information security program across academic, administrative, and clinical IT environments. This role combines strategic leadership with hands-on execution, overseeing governance, risk management, security architecture, threat detection and response, and regulatory alignment (e.g., FERPA, GLBA, PCI DSS) while collaborating broadly across the University of New England. The Director of Information Security ensures IT systems and processes meet required security standards to support HIPAA and HITECH compliance.
This in-person position is based on the University of New England’s Portland, Maine campus and reports to ITS leadership. The Director partners closely with ITS, Research/IRB, Compliance & Privacy, Legal, HR, Finance, Academic and Student Affairs, Clinical Affairs/Health Services, Advancement, Risk, and external agencies and consortia (e.g., REN-ISAC/H-ISAC, law enforcement, regulators) to safeguard institutional data, systems, and institutional trust.
About the University of New England
UNE is Maine’s largest private university, with two beautiful coastal campuses in Maine, a one-of-a-kind study-abroad campus in Tangier, Morocco, and an array of flexible online offerings. In an uncommonly welcoming and supportive community, we offer hands-on learning, empowering students to positively impact a world full of challenges. We are the state’s top provider of health professionals and home to Maine’s only medical and dental colleges, a variety of other interprofessionally aligned health care programs, and nationally recognized programs in the marine sciences, the natural and social sciences, business, the humanities, and the arts.
Benefits Overview
  • Multiple health and dental plan options, plus vision coverage.
  • Up to 8% retirement plan match.
  • Generous leave time, including vacation, sick, and personal time, and 12+ holidays per year.
  • Educational benefits:
    • UNE tuition waiver for employees, spouses, and domestic partners.
    • UNE tuition waiver for dependents of employees with 1 year of full-time service.
      • 50% tuition reduction if less than 1 year of full-time service.


For more information about our outstanding benefits, please visit: UNE Benefits Overview
Responsibilities
Strategy, Governance and Policy
  • Define and maintain UNE’s information security strategy, roadmap, and governance model aligned to NIST CSF/800-53 and higher-education best practices.
  • Develop university-wide security policies, standards, and procedures; ensure alignment with existing acceptable use and data handling and classification guidance.
  • Advise the VP/CIO and institutional leadership on information security risk posture, investment priorities, and incident trends.


Information Security Risk Management and Compliance
  • Lead the enterprise information security risk register, control assessments, and remediation plans; oversee third-party and vendor security reviews for IT purchases and research and clinical tools.
  • Ensure IT security controls align with FERPA, HIPAA and HITECH technical safeguards, GLBA, PCI DSS, and UNE policies, partner with the HIPAA Compliance Officer for audits and incident coordination.
  • Prepare for and support internal and external audits; manage corrective actions and attestations related to IT security.

Security Architecture and Engineering (Hands-On)
  • Design and implement security controls across on-prem, cloud (e.g. Microsoft 365/Azure, Box), and clinical IT systems; develop secure patterns for IAM, PAM, segmentation, encryption, logging, and backup and disaster recovery.
  • Operate or co-operate key platforms (e.g. SIEM, EDR/XDR, email security, WAF, CASB, vulnerability management, code scanning), including rule tuning, integrations, and automation and runbooks.

Threat Detection, Incident Response and Forensics (Hands-On)
  • Stand up and run day-to-day monitoring, alert triage, and incident response, lead investigations, forensics, containment, recovery, and post-incident reviews.
  • Serve as UNE’s primary security contact for external agencies (for example, state AG, FBI/InfraGard) and sector ISACs, coordinate breach notifications for IT security incidents in partnership with Compliance.

Data Protection and Privacy (IT Scope Only)
  • Implement technical safeguards for regulated data; confirm IT practices support institutional obligations under HIPAA and HITECH, FERPA, and other frameworks.
  • Collaborate with Privacy and Compliance teams to embed security controls in academic systems, research, and clinical IT systems.

Awareness, Training and Culture
  • Build and deliver targeted security awareness programs for faculty, clinicians, researchers, staff, and students; measure and improve behavior change (for example, phishing resilience campaigns).
  • Provide security onboarding for new systems and projects; publish concise playbooks and guidance aligned with UNE policies.

Collaboration and Stakeholder Engagement
  • Maintain deep, proactive partnerships with ITS engineering and operations, Research, Clinical Affairs and Health Services, Compliance and Privacy, Legal, HR, Finance, Advancement, and Budget and Planning.
  • Participate in academic governance and research data committees; support grant and data-use reviews; advise on technology acquisitions and integrations.

Liaison Responsibilities, Proactive Planning, and Cross ITS Collaboration
  • Serve as a primary ITS liaison to colleges and administrative units for security-related technology initiatives.
  • Assist institutional partners with proactive planning, including development of realistic timelines, dependencies, and coordination of delivery across teams.
  • Promote a culture of partnership between ITS and business units, ensuring that security considerations are co-designed with end users and stakeholders.
  • Provide clear, concise, and regular updates to leadership and governance groups regarding security program status, risks, issues, and decision needs.

Strategy, Governance, and Continuous Improvement
  • Partner with ITS leadership to develop multi-year security roadmaps and annual plans that align with institutional strategy.
  • Support technology and data governance processes, including prioritization, information security risk management, and investment decisions related to security.
  • Establish and track key performance indicators for security operations, vendor performance, incident response effectiveness, and training impact using pragmatic and sustainable approaches.
  • Identify opportunities to streamline processes, reduce duplication, and improve the overall experience of technology services and security delivery.

People Leadership and Team Development
  • Lead and mentor a future information security team that may include analysts, engineers, and specialists.
  • Set clear performance expectations, provide regular feedback, and support professional growth and development.
  • Promote an inclusive, collaborative, and outcomes-focused culture within the team and across ITS.
  • Champion modern practices in cybersecurity operations, information security risk management, and continuous learning.

Additional Responsibilities
  • Participate in special projects and perform other duties as assigned.

Supervision Exercised:
The Director leads a team that may include IAM specialists, threat analysts, and security engineers. The Director is responsible for setting clear performance expectations, developing and leading operational processes and procedures, delegating responsibilities appropriately, and supporting professional growth and development. The size and composition of the team will be determined based on institutional needs, portfolio requirements, and strategic priorities.
Qualifications
Bachelor’s in Cybersecurity, Computer Science, Information Systems, Business Administration or related field.
  • 5+ years in information security with progressive responsibility; 3+ years in a leadership or architect role. Direct experience in higher education and/or healthcare IT strongly preferred.
  • Demonstrated hands-on expertise with SIEM/EDR, IAM/PAM, vulnerability management, cloud security (Microsoft 365/Azure, Box), network security, scripting and automation, and incident forensics.
  • Regulatory frameworks (FERPA, HIPAA technical safeguards, GLBA, PCI DSS), NIST CSF/800-53, risk management, secure architecture.
  • Executive communication, stakeholder influence, vendor management, policy writing, clear documentation, and ability to operate independently while building future capability.


Preferred Qualifications
  • Master’s Degree in Cybersecurity, Computer Science, Information Systems, Business, or related field.
  • CISSP, CISM, CRISC, CCSP; HCISPP or equivalent healthcare security credential or certifications.
  • Experience in higher education or a similarly complex, mission driven organization.
  • Experience standing up or maturing an information security office or information security management function.
  • Experience with information security tools and platforms and with service management practices.
EEO Statement Summary
Consistent with federal and state law and University policy, the University of New England is committed to the fundamental concept of equal opportunity for all of the members of the University community. The University prohibits, and will not tolerate, discrimination in employment, the provision of academic services or in any other area of University life based on race, color, sex, physical or mental disability, religion, age, ancestry, national origin, sexual orientation, gender identity and/or expression, ethnicity, genetic information, HIV status, or status as a veteran. Prohibited bias factors should not motivate decisions regarding students, employees, applicants for admission, applicants for employment, contractors, volunteers or participants in and/or users of institutional programs, services, and activities.
COVID Vaccination Statement (PLEASE NOTE)
Employees in clinical settings must meet the State of Maine’s immunization requirements for clinical activity.
Additional Note
This position is not eligible for H-1B visa sponsorship.

Posting Detail Information


Posting Number 2022PS0839P
Open Date 03/12/2026
Close Date
Open Until Filled Yes

Similar Positions