University System of New Hampshire
Chief Information Security Officer
🇺🇸Durham, New Hampshire, United States23 hours ago
$107K – $207KExecutiveFull Time
As a member of the USNH/UNH CIO’s leadership team, the Chief Information Security Officer (CISO) sets the strategic direction for cybersecurity, risk management, and information assurance across a complex R1 research environment and multi-campus university system. The CISO partners with senior academic, research, administrative, and external stakeholders to protect the confidentiality, integrity, and availability of institutional data, research assets, and digital services, while enabling the open, collaborative, and innovative culture that defines a top-tier research university.
This role is uniquely focused on the challenges of an R1 institution: safeguarding federally funded and export-controlled research, meeting evolving compliance mandates (NIST SP 800-171/CMMC, NIH/NSF data security requirements, GLBA, HIPAA, FERPA, PCI DSS, GDPR), defending against threat actors targeting higher education via a range of potential actions, and securing a highly decentralized environment of researchers, students, academic, and administrative units. The CISO leads enterprise cybersecurity strategy and operations, while collaborating closely with leadership of networking, data governance, and AI functions to ensure security is embedded across the institutional ecosystem.
Strategic Leadership (25%)
Set and execute the enterprise information security strategy, aligning cybersecurity priorities with the academic, research, and business mission of USNH and UNH.
Serve as a member of the CIO’s leadership team, contributing to enterprise IT direction, governance, and resource allocation.
Build and sustain trusted relationships with senior leaders across academic affairs, the office of research, finance, HR, general counsel, internal audit, the medical and clinical enterprise, and external partners (federal sponsors, peer institutions, REN-ISAC, EDUCAUSE, law enforcement).
Communicate complex cyber risk topics clearly to the Board, executive leadership, faculty governance, and the broader campus community; serve as a public-facing voice on cybersecurity matters when appropriate.
Foster a security-aware culture through training, awareness campaigns, and partnership with academic units rather than top-down enforcement.
Cybersecurity of the Network (in Collaboration with Networking Services) (10%)
The CISO does not directly manage networking services or operations but is accountable for the cybersecurity posture of the network and works in close partnership with IT executives and leaders responsible for LAN, WAN, wireless, and telecommunications.
Define security requirements, standards, and architecture principles for the campus, research, and cloud network environments.
Partner with Networking Services on the design and implementation of network segmentation, zero trust network access (ZTNA), micro-segmentation for sensitive research enclaves, secure remote access, and protections for IoT, OT, and lab/instrumentation networks.
Lead network-focused threat detection, monitoring, vulnerability management, intrusion detection/prevention, and incident response in collaboration with network engineering teams.
Jointly evaluate and approve network technologies, vendors, and changes that have material security implications.
Coordinate on protection of research computing networks, HPC environments, and federated/Internet2 connections.
Research Security and Compliance (R1 Focus) (10%)
Lead the institution’s response to evolving research security requirements, including NSPM-33, controlled unclassified information (CUI), CMMC, export controls (EAR/ITAR), and sponsor-specific data security plans.
Partner with SPA and RCC to operate secure research enclaves and reference architectures that enable faculty to pursue funded research without friction while meeting federal and sponsor obligations.
Partner with the Office of Sponsored Research, Research Computing, and faculty PIs on data security plans, DMPs, and secure data sharing across institutions.
Maintain compliance programs spanning HIPAA (clinical and human-subjects research), FERPA, GLBA, PCI DSS, GDPR, and state privacy laws.
Collaboration on Data Governance and AI Security (15%)
Partner with IT executives responsible for data and analytics, data trustees, and data governance committees to ensure data classification, handling, retention, and access standards are operationalized with appropriate technical controls.
Co-develop policies and controls for sensitive data across the data lifecycle: identification, ingestion, storage, sharing, analytics, and disposal, particularly for research, student, health, HR, and financial data.
Collaborate with academic and administrative AI initiatives to establish a secure and responsible AI program: model and data risk assessments, secure use of generative AI and LLMs by faculty, students, and staff, third-party AI vendor review, protection of training data and model artifacts, and guardrails against prompt injection, data leakage, and shadow AI.
Contribute cybersecurity perspective to AI governance bodies, ethics committees, and academic policy discussions on responsible AI use in teaching, research, and operations.
Ensure that data governance, AI governance, and cybersecurity controls are mutually reinforcing rather than siloed.
Cybersecurity Operations and Architecture (20%)
Direct Information Security Risk Management (ISRM), Cloud Security Architecture, Identity and Access Management (IAM), and Secure Engineering functions, including their development, operations, support, maintenance, and financial management.
Oversee the security operations center (SOC), threat intelligence, vulnerability management, endpoint security, email security. Provide 24x7 incident detection and response capabilities.
Lead enterprise identity strategy, including SSO, MFA, privileged access management, federated identity (InCommon), and identity governance.
Provide thought leadership on secure cloud adoption (IaaS, PaaS, SaaS), cloud security posture management, secure DevSecOps, and risk-balanced use of public cloud and third-party services.
Lead enterprise incident response, including tabletop exercises, ransomware preparedness, breach communications, and coordination with legal counsel, communications, insurance carriers, and law enforcement.
Maintain and mature the institution’s cybersecurity framework alignment (NIST CSF, NIST 800-53, ISO 27001) and third-party/vendor risk management program.
Oversee security design and operations for industrial controls systems (SCADA, PLC) associated with core campus physical infrastructure.
Management (20%)
Recruit, develop, and retain a high-performing cybersecurity team in a competitive talent market.
Develop and manage the cybersecurity budget; ensure sound financial stewardship, prioritization, and transparent reporting.
Establish and maintain effective working relationships with staff, peer institutions, vendors, auditors, and regulators.
Plan, implement, and sustain enterprise-class, mission-critical security systems and services.
Minimum Acceptable Education & Experience:
Bachelor’s degree in computer science, information technology, engineering, cybersecurity, or a related field.
Minimum of 10 years of progressive cybersecurity experience, including the design and operation of security architectures for large, complex enterprise environments.
At least 5 years in a senior leadership role (Director level or above) accountable for cybersecurity strategy, operations, personnel, and budget.
Demonstrated experience leading enterprise incident response and communicating with executive leadership during cyber incidents.
Working knowledge of network security architecture sufficient to provide technical direction and to partner credibly with networking and infrastructure leaders.
Strong understanding of cybersecurity laws, regulations, and frameworks relevant to higher education and research.
Excellent written and verbal communication skills, including the ability to translate technical risk into business and academic terms.
Preferred Qualifications:
Master’s degree in cybersecurity, information technology, business, public administration, or a Juris Doctor (J.D.).
Cybersecurity leadership experience in an R1 research university, academic medical center, or comparable public-sector environment.
Direct experience with research security requirements (NSPM-33, CUI/CMMC, export controls) and federally sponsored research data security.
Experience collaborating with data governance and AI governance functions, including secure adoption of generative AI.
Required Licenses & Certifications:
Industry certifications such as CISSP, CISM, CISA, CRISC, or equivalent.
Required Knowledge, Skills & Abilities:
Cybersecurity Frameworks
Technical Infrastructure Architecture and Design
Risk Management
Regulatory Compliance and Controls
Threat Intelligence and Emerging Technologies
Strategic Leadership
Budget and Team Management
Communication and Collaboration
Applicant Instructions:
Applicants should be prepared to upload the following documents when applying online within the My Experience: Resume/CV section of the application: (Maximum of 5 Documents)
Resume/CV
Cover Letter
Applications that are missing any of the required items may not move forward for consideration. Additional uploaded documents not requested in the position announcement will not be reviewed.
The University of New Hampshire is an R1 Carnegie classification research institution providing comprehensive, high-quality undergraduate and graduate programs of distinction. UNH is located in Durham on a 188-acre campus, 60 miles north of Boston and 8 miles from the Atlantic coast and is convenient to New Hampshire’s lakes and mountains. There is a student enrollment of 13,000 students, with a full-time faculty of over 600, offering 90 undergraduate and more than 70 graduate programs. The University actively promotes a dynamic learning environment in which qualified individuals of differing perspectives, life experiences, and cultural backgrounds pursue academic goals with mutual respect and shared inquiry.
EEO Statement
The University System of New Hampshire is an Equal Opportunity/Equal Access employer. The University System is committed to creating an environment that values and supports diversity and inclusiveness across our campus communities and encourages applications from qualified individuals who will help us achieve this mission. The University System prohibits discrimination on the basis of race, color, religion, sex, age, national origin, sexual orientation, gender identity or expression, disability, genetic information, veteran status, or marital status.
Compensation Pay Range:
$107,030.00 - $207,180.00The pay range for this position is listed above. Actual offer will be based on skills, qualifications, experience, and internal equity, in addition to relevant business considerations. More information on benefits can be found here: USNH Employee Benefits | Human Resources
Location:
Durham
