Chief Information Security Officer

The University of Virginia (UVA), one of the nation's leading public institutions, seeks an experienced, dynamic, and mission-driven leader to be the next Chief Information Security Officer (CISO). Reporting to the Vice Presdient and Chief Information Officer (CIO), the CISO will provide strategic leadership and oversight to a diverse portfolio. They will lead high-performing teams and work collaboratively across a large, complex institution.

The CISO must enjoy engaging with the University community, drawing on strong communication skills, a natural ability to build relationships, and comfort explaining complex technical concepts to faculty and staff at all levels. The complexity of this position requires strong leadership, collaboration and partnership skills, and the ability to balance the urgency surrounding the risk of emerging threats with university strategies and business needs.

Position Summary

As a critical member of the Information Technology Services (ITS) leadership team, this pivotal role is responsible for establishing and maintaining a university-wide information security management program to ensure that the university's data and assets are adequately protected. The CISO must stay current with the evolving threat landscape (particularly involving AI-based threats), ensure staff are upskilling to keep pace, and challenging the status quo to ensure the University maximizes its investment in its information security resources. The candidate will work closely with IT leadership, administrative leaders, and academic faculties across Grounds to identify, evaluate, and report on information security risks in a manner that meets compliance and regulatory requirements and aligns with and supports the risk posture of the University.

Key responsibilities include:

• Information Security Program Leadership
• Team Leadership
• Policy, Compliance and Audit
• Community and Partner Engagement
• Risk Management, Security Operations, Projects, and Incident Response

Attributes, Competencies, and Qualifications

The successful candidate will bring a distinctive blend of leadership, strategic perspective, and technical expertise to advance the institution's information security strategy, strengthen organizational resilience, and build trusted partnerships across the univeristy.

The ideal candidate will demonstrate the following attributes:

• Curious - Asks thoughtful questions, listens actively, and seeks understanding before taking action.
• Entrepreneurial - Embraces new ideas, explores innovative solutions, and remains open to different approaches.
• Resourceful - Identifies practical solutions, navigates constraints effectively, and remains focused despite obstacles.
• Collaborative - Builds strong relationships, values consultation, and engages stakeholders in developing solutions.
• Adaptable - Questions existing processes constructively and adjusts effectively as priorities and circumstances evolve.
• User-Centered - Considers the impact of security practices and technologies on users' ability to work effectively and achieve their goals.
• Growth-Oriented - Fosters a culture of continuous learning, encourages skill development, and helps teams embrace new approaches as needs change.

In addition, the successful candidate will possess many of the following compencies and qualifications:

• A bachelor's degree in Information Technology, Computer Science, Information Systems, or a related field (advanced degree preferred).
• Professional security management certification is strongly desired, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials.
• At least 10 years of experience in a combination of risk management, information security, and IT jobs (at least five must be in a senior leadership role).
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST 800-53, 800-174, and Cybersecurity Framework (CSF).
• Familiarity with AI and machine learning-based tools used across the information security lifecycle.
• Experience with contract and vendor negotiations and management, including managed services.
• Experience with Cloud Computing/IaaS/PaaS/SaaS technologies and services.
• Strong understanding of the higher education sector's policy, regulatory, and legislative environment is preferred.
• Excellent written and verbal communication skills, interpersonal, relationship-building, and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences at all levels.

The CISO role is based in Charlottesville, VA, with an expectation of strong in-person presence to effectively engage with leadership and stakeholders. A hybrid work model is available, with flexibility to work remotely when appropriate and consistent with the needs of the organization.

The full position description can be viewed here.

To Apply

The University of Virginia has retained Opus Partners to support this recruitment. Katie Dean , Senior Partner, and Abigail Maynard , Manging Associate, are leading the search. Applications (resume and letter of interest), confidential inquiries, and nominations should be sent to Abigail Maynard at .

The University of Virginia is an equal opportunity employer. All interested persons are encouraged to apply, including veterans and individuals with disabilities. Learn more about UVA's commitment to non-discrimination and equal opportunity employment .

The University of Virginia is an equal opportunity employer. All interested persons are encouraged to apply, including veterans and individuals with disabilities. Learn more about UVA's commitment to non-discrimination and equal opportunity employment .

Each agency within the Commonwealth of Virginia is dedicated to recruiting, supporting, and maintaining a competent and diverse work force. Equal Opportunity Employer