Chief Information Security Officer

Chief Information Security Officer

Stevens Institute of Technology

Hoboken, NJ   |   August 27, 2020

Technology at our Core.  This is one of five strategic priorities set forth in Stevens Institute of Technology’s ambitious 10-year strategic plan.

The Stevens Institute of Technology in Hoboken, NJ is seeking a modern Chief Information Security Officer (CISO) to lead the university in the establishment and maturation of its enterprise-wide information security program. The ideal candidate will be recognized for impeccable communication skills, deep and always evolving knowledge of information security practices and strategies, a history of effective problem solving, and a leadership style highlighted by collegiality, transparency, integrity, and sound judgment. Reporting administratively to the Vice President for Information Technology/Chief Information Officer, and with reporting responsibilities to the Stevens Institute of Technology Board of Trustees, Stevens’ next CISO will use a collaborative leadership style, honest communication; high standards of excellence, and superior team-building skills to create a best-in-class information security program. The CISO, in conjunction with University leadership, will ensure the adoption and implementation of best practices, policies, and procedures in higher education and research information security.

About Stevens Institute of Technology

Celebrating its sesquicentennial anniversary in 2020, Stevens is a vibrant private research university located in Hoboken, New Jersey, overlooking the Manhattan skyline. Since its founding in 1870, technological innovation has been the hallmark of Stevens’ educational and research programs. The university is composed of three Schools and one College where more than 7,200 undergraduate and graduate students collaborate with approximately 600 full- and part-time faculty members in an interdisciplinary, student-centric, entrepreneurial environment to advance the frontiers of science and leverage technology to confront global challenges. Stevens is on a steep, upward trajectory. Stevens has experienced a 52% growth in undergraduate enrollment since 2010, coincident with a 224% increase in undergraduate applications and a 170-point increase in the median SAT score of enrolled freshmen over the same period. Stevens ranks #13 in the nation in PayScale’s mid-career salary report, and 96% of graduates accept employment, enter graduate school, or secure other outcomes within six months of graduation. Total FTE graduate enrollment has grown 35% since 2010, accompanied by a 191% increase in applications and strong growth in Ph.D. enrollment. In addition, there has been a sharp increase in research awards, a significant improvement in the overall financial profile of the university. and major facilities expansions, including a new academic building that opened in Fall 2019 and a new University Center/Student Residence that is the largest higher education construction project in New Jersey history.

For more information on Stevens Institute of Technology, please visit the website.

Leadership

Dr. Nariman Farvardin, President

Dr. Nariman Farvardin is the seventh president of Stevens Institute of Technology, having joined Stevens in July 2011 after a distinguished 27-year career as a faculty member and academic administrator culminating as Senior Vice President for Academic Affairs and Provost at the University of Maryland. Since joining Stevens, President Farvardin has led a remarkable university-wide transformation that has resulted in a dramatic ascent in rankings and stature, enrollment growth, improved student success, alumni engagement, philanthropic support, modernized and expanded IT and campus infrastructure, and a strengthened financial profile.

Under his leadership and with broad participation by all university stakeholders, Stevens undertook the development of a 10-year strategic plan entitled, The Future. Ours to Create., launched in 2012, which set a goal for Stevens to become “a premier, student-centric, technological research university.” Now in its eighth year of implementation, Stevens has met or exceeded nearly all of its midpoint goals.

President Farvardin’s leadership has resulted in significant recognition for educational innovations and transformation. In November 2019, the New Jersey Technology Council awarded President Farvardin the Innovation in Education award for Stevens ACES, an initiative to increase underrepresented minority students’ participation in STEM degrees and careers. In March 2018, he accepted the American Council on Education (ACE)/Fidelity Investments Award for Institutional Transformation in recognition of the innovative and dramatic changes that Stevens has made in a relatively brief period. In September 2017, President Farvardin was awarded the prestigious Carnegie Academic Leadership Award, and Stevens was highlighted in Forbes as “The Turnaround University” and “one of the most desirable STEM colleges in the nation.” U.S. News & World Report’s 2020 “Best Colleges” edition placed Stevens at #74 among national universities, an ascent of 14 places since 2011, making Stevens among the fastest rising universities in the United States. In November 2016, President Farvardin was named “Educator of the Year” by the Research & Development Council of New Jersey, and in October 2013, he was named “CEO of the Year” for non-profit organizations by the New Jersey Technology Council (NJTC), the state’s premier trade association for technology companies. In 2015, the NJTC also honored Stevens with its “Knowledge is Power” award. President Farvardin serves in leadership positions on a number of technology, higher education, and business-oriented organizations. He is also an accomplished researcher in the areas of information theory and coding, multimedia signal compression and transmission, high-speed networks, and wireless networks. He has made significant contributions to a number of communications standards and practical systems in data communication, image and video compression, and voice coding in wireless applications. He holds seven U.S. patents in data communication, image coding, and wireless communication.

He has served as Chairman of the New Jersey Presidents’ Council Task Force on Alignment of Higher Education Programs and New Jersey Workforce Needs, is a member of the Board of Directors of the New Jersey Technology Council, the New Jersey Commission on Science, Innovation and Technology, and the Business Higher Education Forum.

Tej Patel, Vice President & Chief Information Officer

Tej Patel joined Stevens in August 2020 as Vice President for Information Technology and Chief Information Officer. A forward-looking leader with more than 15 years of higher education and corporate information technology experience, he is responsible for formulating a unifying IT vision and strategy aligned with Stevens’ overarching mission.

Before coming to Stevens, Tej held several leadership positions at the University of Pennsylvania including Penn Nursing Chief Information Officer and IT director of systems and infrastructure service at the Annenberg School for Communications. At the University of Pennsylvania, Tej advanced the goals of the university’s strategic plan by aligning it with the IT strategic plan, which included developing and implementing digital exostructure strategy culture for IT including a four-year roadmap addressing governance, judiciously managing multiple multimillion IT budgets, and developing a successful team to digitally transform the organization. Tej implemented Online Learning and Teaching, Research-as-a-Service, Cloud First, Clinical Education Platform, and EPIC for Education programs for Penn Nursing. He led programs to generate an external revenue stream while maintaining the education and research mission via a broad community in healthcare ecosystem. He provided IT leadership to a 50+million hospital and lead IT merger and acquisition efforts for the school. Tej also co-chaired the IT Roundtable for the University of Pennsylvania.

Tej has experience providing value with state-of-the-art IT services, enhanced customer-centric services, and complex problem-solving; and advancing cultures of innovation, digital product management, and change management skills for all enterprise IT services. Tej is a serial technologist deeply interested in building and leading IT organizations focused on advanced technology, technology strategy, and innovation; and delivering connected services and customer experiences.

Tej earned a bachelor of science in business administration with a concentration in management information systems from Montclair State University and is a candidate for a master of science in organizational dynamics at the University of Pennsylvania.

The Opportunity

This is an ideal time to be joining Stevens. The institution has made continuous investments in its campus, teaching and learning capabilities, academic facilities, and technology and data/analytics. The Chief Information Security Officer (CISO) is responsible for establishing and maintaining a strategic and comprehensive University-wide information protection, IT risk, and cybersecurity management program to ensure that information assets are adequately protected and available.  This individual is responsible for identifying, monitoring, and countering threats as well as other risks and exposures that threaten the privacy, confidentiality, operational integrity, and high availability of Stevens’ networks, systems, research operations, and information assets.  This position has chief institutional responsibility for protecting and maintaining the confidentiality, integrity, and authorized access to Stevens’ information assets. This is the senior institutional position in charge of identifying and responding to events involving information asset misuse, loss or unauthorized disclosure, including incident investigation and forensics. This individual will also play an important role in helping plan, maintain, secure, optimize, expand and protect a growing information technology infrastructure at Stevens. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements and aligns with and supports the risk posture of the Institution.  The CISO position requires a visionary leader with sound knowledge of both business and technical practices.

The complexity of this position requires strong leadership and the ability to balance security, privacy, and risk with the priorities of University strategies. They will act as a liaison to the University community to develop a culture of awareness and compliance and must leverage collaborations and campus-wide resources.

The CISO reports administratively to the VP and CIO and will manage cybersecurity engineer(s) and SOC-as-a-Service including related services from an external vendor.

Additionally, this position has the following additional responsibilities:

Program Leadership

  • Ensure that Stevens’ information, technology, and security posture conforms to best practices and advances in the field;
  • Function as the designate of the CIO to support the security requirements of Stevens’ research enterprise, including cybersecurity posture and compliance requirements;
  • Promote collaborative, empowered working environments across campus, removing barriers and realizing possibilities. Lead information security planning processes to establish an inclusive and comprehensive cyber security program for the entire institution in support of academic, research, and administrative information systems and technology;
  • Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms, and program services; and create maturity models and a roadmap for continual program improvements. Report on the status of the information security program;
  • Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level, participate in national policy and practice discussions, and communicate to campus on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position;
  • Collaborate with other division professionals to ensure the integrity and resiliency of Stevens’ new state-of-the-art Data Center
  • Represent the university on committees associated with Cyber and Information Security;
  • Create education and awareness programs and advise operating units at all levels on security issues and potential risks and vulnerabilities, as well as best practices;
  • Proactively and strategically monitor, assess, plan, and maintain a comprehensive, highly-effective operational security and cybersecurity environment including the concomitant technology, intelligence, and human resource components; and
  • Perform special projects and other duties as assigned.

Policy, Compliance, and Audit

  • Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation;
  • Lead efforts to internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for the University’s information and technology systems;
  • Work collaboratively with other members of Stevens’ administrative team including Internal Audit, Office of Sponsored Programs, General Counsel, Chief Compliance Officer, as well as outside partners and consultants as appropriate;
  • Develop strategies for dealing with increasing number of audits, compliance checks, and external assessment processes for internal/external auditors, PCI, ITAR, HIPAA, GDPR, and FISMA;
  • Work closely with IT leaders, technical experts, deans, and administrative leaders across campus on a wide variety of security issues that require an in-depth understanding of the IT environment in their units, as well as the research landscape and federal regulations that pertain to their unit’s research areas;
  • Champion education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities; and
  • Build and maintain external relationships with federal and local law enforcement when needed.

Risk Management, Security Operations, and Incident Response

  • Process vulnerability and threat data from a variety of internal and external sources to provide actionable threat intelligence and recommended countermeasures, following Stevens’ protocols;
  • Conduct pro-active exercises and investigations to test for potential vulnerabilities and weaknesses;
  • Maintain a state of operational readiness concerning business continuity capabilities;
  • Lead Stevens’ Cyber Incident Response Team (CIRT) concerning cyber threats, intrusions, countermeasures, and similar factors;
  • Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies;
  • Manage the daily information security operation and implementation of the information security strategy;
  • Conduct a continuous assessment of current information security practices and systems and identifying areas for improvement;
  • Oversee the management of the information security operations team, inclusive of managed detection and response services;
  • Create and implement a strategy for the deployment of information security technologies;
  • Communicate with key stakeholders about information security threats; and
  • Oversee the investigation of reported security breaches.

The CISO will pay special attention to the core values central to Stevens:

  • Striving for excellence;
  • Acting with agility and speed;
  • Applying the highest ethical standards in all actions and decisions; and
  • Communicating with appropriate constituencies to ensure a high level of transparency.
Candidate Profile

Stevens is seeking candidates who possess a record of professional experience that demonstrates progressive responsibilities and significant senior-level management experience in a complex IT and information security environment.  A Bachelor’s degree in a major directly related to the responsibilities of the position and a minimum of 5 years experience relevant to the position are required. An equivalent combination of training and experience may be considered in lieu of the preceding requirements.

Also required:

  • Excellent broad knowledge and experience with information technology generally, and professional mastery in one or more areas directly relevant to the position (e.g., networking, systems, cybersecurity)
  • Relevant security certifications appropriate to the position (e.g. CISSP, CISM, CFCE, CISA, GCFA, GCFE, GIAC, GCIH, etc.)
  • Knowledge and experience with relevant security management frameworks (e.g. ISO/IEC 27001, ITIL, COBIT, NIST) as well as appropriate laws and regulations (e.g. FERPA, HIPAA, ITAR, PCI, FISMA, GDPR, etc.)
  • The ability to obtain a security clearance
  • Excellent interpersonal, written, and oral communication skills and the ability to communicate effectively with both highly technical and non-technical audiences
  • Strong self-initiative and the ability to work independently when necessary
  • Ability to work effectively as a positive and engaged member of a high-performing/collaborative team of professionals
  • Demonstrated ability to handle multiple priorities in a highly dynamic and fast paced environment
  • Demonstrated strong analytical, systems thinking, and problem-solving skills
  • Demonstrated sound judgement and decision-making commensurate with the responsibilities of the position, and specifically in maintaining a secured enterprise
  • The ability to work weekend/off hours as required.

Preferred qualifications:

  • Strong understanding of the higher education environment, including systems and business processes in academic, administrative, and research functions. Knowledge of and experience with Controlled Unclassified Information (CUI) and direct or supervisory experience of an Information Systems Security Manager (ISSM)
  • Strong presence in subject area professional and higher education organizations, including presentations and committee participation
  • Previous management, staff supervisory, team building, and leadership experience
  • Expert knowledge of networking and systems
  • The successful candidate will be skilled at communicating with a Board of Trustees and senior-level leadership.
Contact

Koya Leadership Partners has been exclusively retained for this search. Tom Phillips and Malissa Brennan are leading this search. To make recommendations or to express your interest in this role please submit your materials here. All inquiries and discussions will be considered strictly confidential.

……………..

Stevens is an equal opportunity employer and all qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by law.

About Koya Leadership Partners

Koya Leadership Partners, a member of the Diversified Search Group, is a leading executive search and strategic advising firm dedicated to connecting exceptionally talented people with mission-driven clients. Our founding philosophy—The Right Person in the Right Place Can Change the World—guides our work as we partner with nonprofits & NGOs, institutions of higher education, responsible businesses, and social enterprises in local communities and around the world.

Koya is an equal opportunity employer fully committed to creating an environment and team that represents a variety of backgrounds, perspectives, styles, and experiences. We encourage all to apply because we believe a diversity of voices leads to better discussions, decisions, and outcomes for everyone.

For more information about Koya Leadership Partners, visit www.koyapartners.com.