Job Description

The University of Maine System is seeking a dynamic Chief Information Security Officer (CISO) to drive and safeguard our enterprise-wide digital transformation. This is a high-impact, executive-level role responsible for shaping the strategic direction of information security across our system, protecting data and technology assets, and enabling innovation at scale.

As our next CISO, you will provide the vision and leadership required to protect the organization's information assets, intellectual property, and business operations against evolving digital threats. You will serve as a trusted advisor to executive leadership and the Board of Directors, and ensure the security strategy is fully aligned and embedded in the broader business strategy. You will be a key enabler of innovation, responsible for building a resilient and trustworthy digital environment that empowers the university system to achieve its goals, win customer confidence, securely seize new market opportunities, and act as a catalyst for sustainable, risk-aware growth.

What You Will Do

Strategic Leadership & Governance: Lead the development and execution of the enterprise security vision, strategy, and governance framework in alignment with business objectives. Serve as the primary security advisor to the C-suite and Board of Directors, translating complex technical risks into clear business implications and reporting on the enterprise security posture.
Enterprise Risk & Compliance Management: Lead a holistic digital risk management program, encompassing technology, data, and third-party/supply chain risks. Ensure and demonstrate compliance with applicable legal, statutory, and regulatory requirements (e.g., GDPR, CCPA, HIPAA, SOX, PCI DSS) in collaboration with legal and compliance teams. Lead and maintain a robust Third-Party Risk Management (TPRM) program.
Security Operations & Resilience: Provide executive oversight of Security Operations Center (SOC) functions, including threat detection, vulnerability management, and incident response capabilities. Lead crisis management during security incidents. Ensure robust business continuity and disaster recovery plans are in place and regularly tested through exercises such as tabletop simulations.
Data Security & Governance: Partner with the Chief Data Officer, General Counsel, and other stakeholders to develop and enforce data governance, classification, and privacy policies. Implement technical controls, including encryption and Data Loss Prevention (DLP) solutions, to safeguard critical information assets.
Technology & Innovation Security: Drive the security strategy for both foundational and emerging technologies to enable secure innovation.
Zero Trust Architecture: Lead a multi-year, enterprise-wide transformation toward Zero Trust architecture, enforcing principles of least privilege, micro-segmentation, and continuous verification.
Cloud Security: Architect and manage a comprehensive security program for multi-cloud and hybrid environments, focusing on secure configuration and cloud-native protection mechanisms.
AI Security & Governance: Establish a robust AI governance framework to manage risks associated with artificial intelligence. Develop policies to mitigate “Shadow AI” risks from unauthorized public tools and secure the proprietary AI/ML supply chain from threats like data poisoning.
DevSecOps: Champion a “shift-left” cultural transformation, partnering with engineering teams to embed automated security controls and a “security as code” mindset into the CI/CD pipeline.
Culture & Team Leadership: Build, mentor, and lead a high-performing, diverse cybersecurity team. Address skill gaps and foster a culture of continuous learning. Champion a pervasive culture of security awareness and shared responsibility across the organization through continuous training and simulated phishing exercises.
This full-time position is remote, with a standard work schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m. EST. Occasional evening or weekend work may be required.

What We Are Looking For

Executive Communication & Influence: World-class ability to articulate complex security concepts and risk analysis to non-technical audiences, including C-Suite and Board of Directors, in a clear, compelling, business-centric manner.
Business & Financial Acumen: Strong grasp of business operations, financial statements, and budget management, with the ability to build a compelling business case for security investments and demonstrate return on investment (ROI).
Collaborative & Empathetic Leadership: A proven “bridge-builder” with exceptional emotional intelligence and interpersonal skills, capable of fostering trust-based partnerships across all business and technology functions. A leader with “no ego” who is approachable and supportive of their team.
Strategic Vision: Ability to anticipate future threats, technological shifts, and regulatory changes, and to craft a long-term, forward-looking security vision that actively enables and supports the organization’s strategic plan.
Resilience & Decisiveness: Ability to lead with a calm, steady hand during high-stakes crises, make difficult decisions under intense pressure, and cope effectively with complexity and constant change.
Proactive Problem Solving: Possess a proactive, can-do attitude, with a passion for their work and a relentless desire to learn, improve, and solve complex challenges.
Qualifications

Required

Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field.
A minimum of 15 years of progressive experience in information security and risk management, including at least 7 years in a senior leadership capacity, managing cross-functional teams and influencing enterprise-wide strategy.
Demonstrated success in developing, implementing, and executing a strategic, comprehensive information security program that is demonstrably aligned with business goals.
Deep expertise in modern risk management methodologies and a strong command of major global compliance frameworks and regulations (e.g., NIST CSF, ISO 27001, GDPR, CCPA, HIPAA, SOX, PCI DSS).
Proven experience in architecting and securing modern technology stacks, including multi-cloud environments (AWS, Azure, GCP), Zero Trust principles, and sophisticated Identity and Access Management (IAM) solutions.
Extensive, hands-on experience with modern security operations, cyber threat intelligence, vulnerability management, and proven leadership experience in high-stakes crisis and incident response scenarios.
Working knowledge of key security technologies, including firewalls, intrusion detection/prevention systems (IDPS), Security Information and Event Management (SIEM) platforms, and encryption protocols.
Preferred

An advanced degree, such as an MBA or a Master’s in Cybersecurity.
Professional Certifications such as:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified in Risk and Information Systems Control (CRISC)
Certified Information Systems Auditor (CISA)
Experience developing and implementing governance and security controls for Artificial Intelligence and Machine Learning (AI/ML) systems and mitigating Shadow AI risks.
Experience leading a “shift-left” cultural transformation by successfully implementing DevSecOps principles and practices in an agile development environment.
Knowledge of ethical hacking and penetration testing techniques.