The University of Maine System is seeking a dynamic Chief Information Security Officer (CISO) to drive and safeguard our enterprise-wide digital transformation. This is a high-impact, executive-level role responsible for shaping the strategic direction of information security across our system, protecting data and technology assets, and enabling innovation at scale. As our next CISO, you will provide the vision and leadership required to protect the organization's information assets, intellectual property, and business operations against evolving digital threats. You will serve as a trusted advisor to executive leadership and the Board of Directors, and ensure the security strategy is fully aligned and embedded in the broader business strategy. You will be a key enabler of innovation, responsible for building a resilient and trustworthy digital environment that empowers the university system to achieve its goals, win customer confidence, securely seize new market opportunities, and act as a catalyst for sustainable, risk-aware growth. What You Will Do + Strategic Leadership & Governance: Lead the development and execution of the enterprise security vision, strategy, and governance framework in alignment with business objectives. Serve as the primary security advisor to the C-suite and Board of Directors, translating complex technical risks into clear business implications and reporting on the enterprise security posture. + Enterprise Risk & Compliance Management: Lead a holistic digital risk management program, encompassing technology, data, and third-party/supply chain risks. Ensure and demonstrate compliance with applicable legal, statutory, and regulatory requirements (e.g., GDPR, CCPA, HIPAA, SOX, PCI DSS) in collaboration with legal and compliance teams. Lead and maintain a robust Third-Party Risk Management (TPRM) program. + Security Operations & Resilience: Provide executive oversight of Security Operations Center (SOC) functions, including threat detection, vulnerability management, and incident response capabilities. Lead crisis management during security incidents. Ensure robust business continuity and disaster recovery plans are in place and regularly tested through exercises such as tabletop simulations. + Data Security & Governance: Partner with the Chief Data Officer, General Counsel, and other stakeholders to develop and enforce data governance, classification, and privacy policies. Implement technical controls, including encryption and Data Loss Prevention (DLP) solutions, to safeguard critical information assets. + Technology & Innovation Security: Drive the security strategy for both foundational and emerging technologies to enable secure innovation. + Zero Trust Architecture: Lead a multi-year, enterprise-wide transformation toward Zero Trust architecture, enforcing principles of least privilege, micro-segmentation, and continuous verification. + Cloud Security: Architect and manage a comprehensive security program for multi-cloud and hybrid environments, focusing on secure configuration and cloud-native protection mechanisms. + AI Security & Governance: Establish a robust AI governance framework to manage risks associated with artificial intelligence. Develop policies to mitigate “Shadow AI” risks from unauthorized public tools and secure the proprietary AI/ML supply chain from threats like data poisoning. + DevSecOps: Champion a “shift-left” cultural transformation, partnering with engineering teams to embed automated security controls and a “security as code” mindset into the CI/CD pipeline. + Culture & Team Leadership: Build, mentor, and lead a high-performing, diverse cybersecurity team. Address skill gaps and foster a culture of continuous learning. Champion a pervasive culture of security awareness and shared responsibility across the organization through continuous training and simulated phishing exercises. This full-time position is remote, with a standard work schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m. EST. Occasional evening or weekend work may be required. What We Are Looking For + Executive Communication & Influence: World-class ability to articulate complex security concepts and risk analysis to non-technical audiences, including C-Suite and Board of Directors, in a clear, compelling, business-centric manner. + Business & Financial Acumen: Strong grasp of business operations, financial statements, and budget management, with the ability to build a compelling business case for security investments and demonstrate return on investment (ROI). + Collaborative & Empathetic Leadership: A proven “bridge-builder” with exceptional emotional intelligence and interpersonal skills, capable of fostering trust-based partnerships across all business and technology functions. A leader with “no ego” who is approachable and supportive of their team. + Strategic Vision: Ability to anticipate future threats, technological shifts, and regulatory changes, and to craft a long-term, forward-looking security vision that actively enables and supports the organization’s strategic plan. + Resilience & Decisiveness: Ability to lead with a calm, steady hand during high-stakes crises, make difficult decisions under intense pressure, and cope effectively with complexity and constant change. + Proactive Problem Solving: Possess a proactive, can-do attitude, with a passion for their work and a relentless desire to learn, improve, and solve complex challenges. Qualifications Required + Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field. + A minimum of 15 years of progressive experience in information security and risk management, including at least 7 years in a senior leadership capacity, managing cross-functional teams and influencing enterprise-wide strategy. + Demonstrated success in developing, implementing, and executing a strategic, comprehensive information security program that is demonstrably aligned with business goals. + Deep expertise in modern risk management methodologies and a strong command of major global compliance frameworks and regulations (e.g., NIST CSF, ISO 27001, GDPR, CCPA, HIPAA, SOX, PCI DSS). + Proven experience in architecting and securing modern technology stacks, including multi-cloud environments (AWS, Azure, GCP), Zero Trust principles, and sophisticated Identity and Access Management (IAM) solutions. + Extensive, hands-on experience with modern security operations, cyber threat intelligence, vulnerability management, and proven leadership experience in high-stakes crisis and incident response scenarios. + Working knowledge of key security technologies, including firewalls, intrusion detection/prevention systems (IDPS), Security Information and Event Management (SIEM) platforms, and encryption protocols. Preferred + An advanced degree, such as an MBA or a Master’s in Cybersecurity. + Professional Certifications such as: + Certified Information Systems Security Professional (CISSP) + Certified Information Security Manager (CISM) + Certified in Risk and Information Systems Control (CRISC) + Certified Information Systems Auditor (CISA) + Experience developing and implementing governance and security controls for Artificial Intelligence and Machine Learning (AI/ML) systems and mitigating Shadow AI risks. + Experience leading a “shift-left” cultural transformation by successfully implementing DevSecOps principles and practices in an agile development environment. Knowledge of ethical hacking and penetration testing techniques. To view the full list of responsibilities, qualifications, and required skills, please refer to the full job description (https://docs.google.com/document/d/1Qkw8afO4lDt2htLhWlTvelhbRQmsmdPt/edit?usp=sharing&ouid=107650141627790805903&rtpof=true&sd=true) . Salary and Benefits The starting salary for this position is $165,000, commensurate with experience and internal equity. For current UMS employees, salary will also take into consideration existing pay for transfer or promotion. The University of Maine System offers a highly competitive benefits package that includes (but is not limited to): + 13 paid holidays plus earned vacation and sick time + Health, Dental, and Vision insurance + Short-term disability insurance and employer-paid long-term disability insurance + Employer-paid basic life insurance and supplemental life insurance + Tuition waiver program for employees and their dependents (spouse, domestic partner, and dependent children) + 403(b) retirement plan with employer contribution To learn more, please review the Benefits Information Summary (https://drive.google.com/file/d/1c9mWQ2e9KQ8MqZ2s77HXUqrnnlQSsztA/view?usp=sharing) . HOW TO APPLY Materials must be submitted via “Apply Now” below. You will need to complete an application and upload the following: + A cover letter that describes your experience, interests, and suitability for the position. + A resume/curriculum vitae Important items to know about the recruitment process: + Application review will begin immediately. For full consideration, application materials must be submitted on or before July 31, 2025. + Incomplete application materials will not be considered. + Candidates selected to proceed to the final stages of the search process will be requested to provide three names and contact information for references. + The successful applicant may be subject to appropriate background screenings. + We are unable to sponsor work visas now or in the future. + Candidates must reside in the United States. In complying with the letter and spirit of applicable laws and pursuing its own goals of diversity, the University of Maine System does not discriminate on the grounds of race, color, religion, sex, sexual orientation, transgender status, gender, gender identity, or expression, ethnicity, national origin, citizenship status, familial status, ancestry, age, disability physical or mental, genetic information or veterans or military status in employment, education, and all other programs and activities. The University provides reasonable accommodations to qualified individuals with disabilities upon request. The following person has been designated to handle inquiries regarding non-discrimination policies: Director of Equal Opportunity, 5713 Chadbourne Hall, Room 412, University of Maine, Orono, ME 04469-5713, 207-581-1226. TTY 711 (Maine Relay System). About the University of Maine System The University of Maine System (UMS), established in 1968, consists of seven universities and the University of Maine School of Law, spread across various locations in Maine. UMS provides system-wide services and governance from these locations, leveraging the distinct strengths and collaborations among its institutions to advance strategic priorities for UMS (https://www.maine.edu/strategic-plan/) and the state of Maine. Choosing UMS means opting for a high quality of life supported by excellent benefits such as tuition waivers, robust retirement contributions, and comprehensive insurance coverage including medical, dental, vision, life, and disability. Maine's diverse landscapes, from accessible wilderness and rugged coastline to urban centers and rural communities, offer numerous cultural activities, strong public schools, safe neighborhoods, and high-quality healthcare. Discover more about Maine's exemplary lifestyle on the Maine Office of Tourism website (https://visitmaine.com/plan-your-visit/relocating-to-maine) .