Job Description

Campus Security Authority Statement
This position is designated as a Campus Security Authority. A Campus Security Authority (or CSA) is defined as an “official of the institution with significant responsibility for student and campus activities”. A CSA is required to immediately report any crime that is reported to them to the University Police who will then review, evaluate, and investigate the reported crime. Annual training is required by the Department of Education for all personnel who have been designated as a Campus Security Authority.
Designated Personnel Yes
Designated Personnel Statement
This position is a “designated position” meaning this position could potentially be required to work (depending on the event) during an emergency closing.
Statement of Economic Interest No
Statement of Economic Interest Statement
This does NOT require a Statement of Personal Economic Interest.


Restricted Position No
Restricted Position Statement
A restricted position would be subject to availability of funding. This is NOT a restricted position.
Chief Objective of Position
Christopher Newport University’s Information Security Officer (ISO) serves as the leader of the University’s information security program for the information technology enterprise. Working closely with the leadership of Information Technology Services (ITS) and campus stakeholders, the ISO is responsible for ensuring the operational security and compliance of the university’s technology services. The ISO is responsible for building a proactive and agile security program, identifying cyber threats and risks, mitigating and/or resolving vulnerabilities, and engaging with the Christopher Newport community for cybersecurity best practices in the use and administration of information technology resources.
Work Tasks
Program Leadership
Leads Information Technology cybersecurity program in support of academic, research, and administrative information systems and technology.
Manages Christopher Newport’s information security team including hiring, training, developing, and evaluating all staff and student workers.
Policy, Compliance and Audit
Develops and maintains cybersecurity policies and standards for university information technology infrastructure and data.
Implements and maintains one or more risk management frameworks in order to protect all information technology infrastructure and assets from external and internal threats.
Serves as the University’s GLBA qualified individual and, as such, fulfills responsibilities required of the GLBA qualified individual.
Ensures CNU cybersecurity compliance and serves as a key point of contact with university affiliated audit and compliance personnel.
Maintains and reviews commercial, governmental, and academic IT policies, standards and guidelines, ensuring the University follows established best practices.
Security Awareness and Training
Oversees the information security training program for University employees, and manages ongoing security awareness and role-based security training for faculty, staff, and students.
Risk Management, Security Operations, Projects, and Incident Response
Manages IT security operations, overseeing cybersecurity monitoring, detection, and management platforms. Identifies risks and vulnerabilities; engaging with stakeholders in security responses.
Participates in the University Change Management process and evaluates changes for security risks.
Engages with the university’s research stakeholders, ensuring research computing and data is appropriately secured.
Assists in the development of a comprehensive continuity of operations and disaster recovery plans.
Manages crisis situations, which may involve complex information security issues and leads events through completion including overseeing and reporting all forensic activity.
Develop and maintain very positive and professional customer service and/or relations within the office/department and with all constituencies to include students, faculty, staff, guests, and employees. Demonstrates a positive and professional attitude and treats everyone with dignity and respect. Fully support the “Student’s First” value at CNU and routinely goes the extra mile in providing service.
This position is designated as a “responsible employee” who has the authority to redress sexual violence, who has the duty to report incidents of sexual violence or other student misconduct, or who a student could reasonably believe has this authority or duty.
Safety issues are reviewed and communicated to ensure a safe and healthy workplace and a reduction in work-related absence.
Perform other duties as assigned.
Knowledge, Skills, Abilities (KSA's) related to position
Possesses working knowledge of all areas within IT Services including information security, systems, network infrastructure, identity management, application development, and endpoint security
Significant knowledge and awareness of security trends, legislation, and policy applicable for a higher education environment or comparable work environment
Comprehensive knowledge of current information security threats, weaknesses and vulnerabilities and good working knowledge of zero-day exploits
Ability produce and manage IT security corrective action plans.
Demonstrated ability to model professional integrity and behavior
Excellent organization and planning skills
Superior communication skills, including the ability to write complex technical documentation for varied audiences
Required Education
Master’s Degree or a Bachelor’s Degree and experience that equates to an advanced degree.
Additional Consideration - Education
Master’s Degree in Systems, Computer Science, Computer Engineering or a related field, or a Bachelor’s Degree in Information Systems, Computer Science, or Computer Engineering.

Cybersecurity certifications including CISSP, CCSP, CISM, CISA, GSLC, OSCP, or commensurate credentials.
Experience Required
Experience leading, supervising, and facilitating technical security teams
Experience building and maintaining information security programs
In-depth experience participating in incident response planning and security breach investigations
Demonstrated experience delivering security awareness and training programs
Experience evaluating, administering and executing enterprise security programs
Additional Consideration - Experience
Experience leading, supervising, and facilitating higher education technical security teams
Familiarity with continuity of operations, business impact analysis, disaster recovery, and risk management frameworks
Experience serving as incident commander during information security incidents
Experience developing and mentoring cybersecurity personnel
Salary Information Starting at $114,00, commensurate with education and experience.
CNU Information
Christopher Newport University is anchored in excellence, and that is reflected in our ranking as the #1 regional public university in Virginia and #3 among regional public universities in the South. We are an inclusive and kind community, founded on our shared values of honor, scholarship, service and leadership. We offer an outstanding liberal arts education provided by dedicated, gifted teacher-scholars who are supported by a compassionate team of faculty and staff. Our 4,500 undergraduate and graduate students pursue more than 90 areas of study, as they live and learn on a largely residential campus. CNU’s on-campus performing and visual arts centers offer Broadway shows, world-class performances, engaging exhibitions, transformative lectures and classes, and more. Our athletics program is the winningest at any level in Virginia.