What are the responsibilities and job description for the Chief Information Security & Privacy Officer position at Western Carolina University?
The primary location of this position is on-site at the main Cullowhee, NC campus. This position is designated as being exempt from the State of North Carolina Human Resources Act (EHRA).
The Chief Information Security & Privacy Officer (CISPO) reports directly to the university Chief Information Officer and manages the IT Security Office, overseeing operational security staff in their responsibilities for information security governance, policy, risk, compliance, training, incident detection, and incident response. The CISPO is primarily responsible for the information security governance, risk, compliance (GRC), policy, training, incident detection and incident response efforts for WCU.
Additionally, the office will consult with other IT staff and other campus departments on information security needs and concerns. In alignment with ISO 27002 (information security standard) and ISO 27701 (information privacy standard) adopted by WCU and the UNC System, this position will manage repercussions and recovery in the case of any security breach. In addition to GRC work, the CISPO will oversee operational security detection efforts performed by other staff across the IT division. This position has institutional scope of responsibility and will manage all aspects of departmental functions such as budgeting, strategic planning and working with vendors and providers.
The Chief Information Security & Privacy Officer (CISPO) reports directly to the university Chief Information Officer and manages the IT Security Office, overseeing operational security staff in their responsibilities for information security governance, policy, risk, compliance, training, incident detection, and incident response. The CISPO is primarily responsible for the information security governance, risk, compliance (GRC), policy, training, incident detection and incident response efforts for WCU.
Additionally, the office will consult with other IT staff and other campus departments on information security needs and concerns. In alignment with ISO 27002 (information security standard) and ISO 27701 (information privacy standard) adopted by WCU and the UNC System, this position will manage repercussions and recovery in the case of any security breach. In addition to GRC work, the CISPO will oversee operational security detection efforts performed by other staff across the IT division. This position has institutional scope of responsibility and will manage all aspects of departmental functions such as budgeting, strategic planning and working with vendors and providers.
The CISPO is required to work closely and collaboratively with all units within the IT Division, as well as divisions and departments across the campus. Extensive work with University Legal Counsel and Internal Audit is expected.
In 2024, EDUCAUSE recognized former WCU CISPO, Joel McKenzie, for his novel approach in merging the CISO role with the Privacy Officer, to illustrate a proactive approach to their Top 10 item: Institutional Resilience.
In 2024, EDUCAUSE recognized former WCU CISPO, Joel McKenzie, for his novel approach in merging the CISO role with the Privacy Officer, to illustrate a proactive approach to their Top 10 item: Institutional Resilience.
Minimum Qualifications
- Bachelor’s degree in computer science, business analytics or related field.
- Minimum of three (3) years of progressively responsible experience working within multiple areas of information security.
- Demonstrated ability to work across the university at all levels, including at the executive level, to proactively propose, communicate the need for, and implement necessary security practices both currently and for the future.
- Demonstrated excellence in oral, written, and interpersonal communications skills, including the ability to explain technical concepts in non-technical terms.
- Strong analytical skills in identifying and resolving problems or finding acceptable solutions to problems.
- Demonstrated experience with and knowledge of:
- networking technologies and security practices
- data center and system administration security practices
- endpoint device security for various operating systems, and
- identity and access control methodologies
- Demonstrated excellence in customer service and support-oriented approaches.
- Experience managing multiple simultaneous initiatives with minimal supervision.
- Ability to work effectively in a fast-paced, highly dynamic, cross-team environment.
- Strong attention to detail.
- Ability and commitment to receive CISSP certification within eighteen months (if not already certified).
Preferred Qualifications
- Master’s degree in business administration or information security.
- More than five (5) years of progressively responsible experience working within multiple areas of information security.
- CISSP certification.
Position Type
Permanent Full-Time
Number of Hours Per Week
40
Number of Months Per Year
12
Posting Text
Open Date
04/22/2025
Close Date
Open Until Filled
Yes
Special Instructions to Applicants
Application materials must be submitted online. Review of applications will begin immediately and will continue until a candidate has been selected for hire.
All formal communication will be handled through email. Please monitor your junk or spam folders for missed messages.
All formal communication will be handled through email. Please monitor your junk or spam folders for missed messages.
Please include a
- a cover letter addressing qualifications as related to the job requirements
- a current resume
- a list of three recent (within past five years) professional references (which include name, title, email, phone, and relationship) in order to complete the application.
For questions or additional information please contact Jason Lavigne at lavigne@email.wcu.edu
Background/E-Verify
Final candidates are subject to criminal & sex offender background checks. Some vacancies also require credit or motor vehicle checks.
Western Carolina University uses E-Verify to confirm employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.dhs.gov/E-Verify. Proper documentation of identity and employability are required at the time of employment.
Western Carolina University uses E-Verify to confirm employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.dhs.gov/E-Verify. Proper documentation of identity and employability are required at the time of employment.
Credential Verification
All new employees are required to have listed credentials/degrees verified within 30 days of employment. All new employees who will be teaching are required to provide official transcripts within 30 days of employment. Transcripts should be provided for the highest earned degree and/or the degree which is being used to satisfy credential/qualification requirements.
EOE
Western Carolina University is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race; color; ethnicity; religion; sex; pregnancy; sexual orientation; gender identity or expression; national origin; age; disability; genetic information; political affiliation; National Guard or veteran status, consistent with applicable federal, state and local laws, regulations, and policies, and the policies of The University of North Carolina. Persons with disabilities requiring accommodations in the application and interview process please call (828) 227-7218 or email at jobs@email.wcu.edu.
University Safety
The Western Carolina University Annual Safety Report is available online at University Annual Safety Report or in hard-copy by request at the office of the Vice Chancellor for Student Affairs, 227 HFR Administration Building, Cullowhee, NC 28723 (828-227-7147) or the Office of University Police, 111 Camp Annex, Cullowhee, NC 28723 (828-227-7301). The report, required of all universities participating in Title IV student financial aid programs, discusses crime statistics, procedures for reporting suspicious or criminal activity, security, police authority, crime prevention strategies, university policies on substance abuse and sexual offenses, workplace violence and fire safety.
