Job Summary

Duties & Responsibilities

University & Program Leadership

• Prioritize privacy and security risk management in alignment with institutional risk frameworks and institutional missions.
• Lead the development of multi-year roadmaps for information security, identity and access management, and privacy across on-premise, cloud, and third-party platforms.
• Serve as the primary institutional advocate for privacy, promoting awareness and integration of privacy principles into technology, processes, and training.
• Advise university counsel, senior leadership, and stakeholders on information security and privacy matters.
• Direct the Identity, Privacy, and Cybersecurity group, including budget oversight and personnel management.
• Collaborate with other Technology Services groups and staff to enhance risk mitigation strategies.
• Support strategic planning and ensure alignment with organizational goals.
• Partner with university leaders, governance bodies, and technologists to strengthen foundational IT capabilities through strategic investments and resource planning.
• Supervises and supports staff through regular guidance, coaching, and performance management to ensure quality service and operational excellence.
• Travel may be required.

Risk Management & Incident Response

• Oversee and mature risk management processes across the university and the University of Illinois System.
• Lead campus-wide information security and privacy incident response programs.
• Serve as the official point of contact for security incidents, including coordination with law enforcement.
• Collaborate with university counsel and System leadership on policy violations and external complaints.
• Monitor compliance with privacy laws and regulations including FERPA, HIPAA, GDPR, and institutional policies.
• Maintain awareness of emerging threats and develop strategies to mitigate their impact on university operations.

Institutional Compliance & Policy

• Lead the development and maintenance of institutional policies, standards, and procedures related to information security and privacy.
• Ensure policies reflect current legislation and regulatory requirements relevant to a Research 1 institution.

Minimum Qualifications

1. Bachelors degree.
2. Ten years of professional experience in IT, IT administration, or risk management, with significant responsibility in cybersecurity/information security.
3. Five years of management experience in information technology.
4. Demonstrated experience leading organization-wide initiatives.
5. Demonstrated experience in budgetary and programmatic planning.
6. Demonstrated experience managing complex, cross-organizational initiatives.
7. Leadership experience in information security.

Preferred Qualifications

1. Advanced degree in information technology, information security, privacy, or a related field.
2. Five years of experience in one or more domains of information security or privacy.
3. Leadership experience in a complex institution encompassing teaching, research, or administration.
4. Professional certifications such as CISSP, CRISC, CISM, CIPP/US, or CIPM.

Knowledge, Skills and Abilities

• Demonstrated ability to maintain high security/privacy controls when dealing with sensitive information.
• Strong communication and interpersonal skills to communicate effectively with all levels of campus community, both verbally and in writing.
• Strong knowledge of institutional funding, financial management, and budgeting within a complex IT environment.
• Highly developed standards of professional conduct and customer service including, but not limited to: accountability, acceptance of new challenges and responsibilities, and a focus on customer needs and prompt, accurate resolution of issues.
• Demonstrated ability to lead and mentor staff, set priorities, and oversee cybersecurity needs across campus.
• Understanding of privacy management programs.