At Stanford, we are committed to creating meaning, solving complex challenges, and enriching lives on a global scale. We are seeking a talented Information Security Officer to play a vital role in our dynamic team within the Information Security Office. In this senior position, you will lead enterprise\-wide information security initiatives, develop and manage security architecture and policies, and serve as a subject matter expert across the university's diverse and complex technology environment. The Information Security Office is a high\-profile team with university\-wide purview. We operate with a high degree of autonomy, and we expect each contributor to bring their own strengths to the tough challenges facing the university. You will have plenty of opportunities to shape programs, influence outcomes, and leave a lasting mark on how Stanford approaches security. The Cybersecurity Governance, Risk, and Compliance (GRC) team within the Information Security Office has an entrepreneurial spirit, and we invite you to help us grow while advancing your own career. In this role, you will drive enterprise\-wide security strategy across core GRC functions, with primary focus on AI governance, risk management, and policy and standards development. You will also support compliance activities across applicable regulatory frameworks including HIPAA, FERPA, CMMC, and PCI DSS, and contribute to federal research security requirements in collaboration with Stanford Research Computing. You will operate with minimal direction, mentor junior team members, and serve as a trusted advisor to university leadership, IT groups, and administrative stakeholders. NOTE: This position is eligible for permanently remote work, but keep the following in mind: our team operates on Pacific Time, and we adjust salary based on regions of the country. You may be expected to come to campus, but generally expect that to be no more than a few days each quarter. We’ll pay for your travel if you’re outside the greater Bay Area. See our admin guide for more information. https://adminguide.stanford.edu/chapters/human\-resources/staff\-employment\-policies/remote\-work\-arrangements Core Duties : Lead the development and implementation of enterprise\-wide information security architecture and solutions. Provide strategic direction and guidance in the design of secure system and network architectures. Evaluate and ensure compliance of new and existing applications with enterprise security standards. Lead internal and external security audits, in cooperation with the necessary departments. Lead continuous monitoring and analysis of emerging trends, threats, and developments in information security to maintain the organization's leading security posture. Research, design, and advocate for new technologies, architectures, and security products for deployment across the campus. Strategize, oversee, and optimize the development, implementation, and management of comprehensive IT security and operational support system policies and procedures, ensuring alignment with organizational goals and regulatory requirements, in collaboration with the Information Security Office and senior leadership of the University. Lead and develop mentoring, training, and technical guidance programs for team members, customers, and stakeholders, and community of IT professionals ensuring knowledge transfer and fostering a culture of continuous improvement and professional growth. Develop and implement incident response plans and procedures to ensure timely and effective handling of security incidents and breaches. Oversee the development, implementation, and management of IT security and operational support system policies and procedures, in collaboration with the Information Security Office. Minimum Education and Experience: Bachelor’s degree plus seven years relevant experience, or a combination of education and relevant experience. Knowledge, Skills and Abilities : Advanced knowledge and understanding of IT industry trends and emerging technologies and an ability to relate them to Stanford and its objectives. Extensive experience with debugging, troubleshooting, forensics, and security utilities. Deep understanding of network security principles and mitigation of cyber threats. In\-depth architecture and configuration knowledge. In\-depth knowledge of authentication protocols, encryption, and other fundamental security technologies. Strong knowledge and understanding of industry\-standard information security practices. Excellent communication skills and the ability to explain complex technical ideas to a non\-technical audience and work with individuals at all levels. Demonstrated experience in leading and mentoring team members and providing technical guidance to customers and stakeholders. * High level of integrity and excellent judgment concerning proprietary and privacy issues.
Original job posting from: Indeed_linkedin