Chief Information Security Officer (CISO) | Information Technology

Organization Overview

Information Technology (IT) aims to provide information resources and services to accelerate and support scientific research and administrative operations at The Rockefeller University. Our department is responsible for the university's software environment, decision support, data analytics, cyberinfrastructure (including cloud infrastructure and services), and cybersecurity programs. DevOps and Agile practices have been adopted and are in use by the department, representing a major cultural transition. The Information Technology Department works within the Office of the CIO, which oversees additional departments, including the universitys Data Science Platform, High-Performance Computing Resource Center, Bioinformatics Resource Center, and Library.

Overview

Rockefeller University is seeking a strategic and forward-thinking Chief Information Security Officer (CISO) to lead and manage the university's information security program. Reporting to the Chief Information Officer (CIO), and working with the IT leadership team and members of the university's administration, the CISO will build upon the university's current security strategy to safeguard sensitive research data, regulated information, and infrastructure across academic and administrative domains.

The ideal candidate will have experience in academic or research-intensive environments, a deep understanding of emerging cybersecurity threats-including those involving AI-and demonstrated success in integrating security practices within modern DevSecOps frameworks.

Responsibilities

Key responsibilities include, but are not limited to the following :

Define and lead the university's enterprise-wide information security strategy to support and advance research and business goals.

Develop, implement, and maintain policies and procedures aligned with research compliance, grant requirements, and federal regulations (e.g., NIST 800-171, NIH GDS, , GDPR, FISMA).

Identify and assess cybersecurity risks to scientific data, research systems, and enterprise infrastructure. Work with stakeholders to communicate, manage, and mitigate risks.

Work with Human Resources, the Office of General Counsel, external partners, and other stakeholders to support litigation hold implementations.

Oversee cybersecurity incident response planning activities; investigate and manage response to security breaches as needed.

Continuously evaluate and improve defenses against evolving threats, including those driven by generative AI and adversarial ML techniques.

Implement scalable DevSecOps pipelines for secure code development, vulnerability scanning, and automated compliance testing.

Stay abreast of how AI is both leveraged for cyberattacks (e.g., phishing, deepfakes, LLM-based social engineering) and as a defensive tool (e.g., anomaly detection, threat intelligence).

Cultivate a campus-wide culture of cybersecurity awareness through regular training and communication.

Provide tailored guidance to faculty, lab managers, and data custodians handling sensitive and / or regulated datasets.

Manage audits and assessments of security posture and readiness.

Support and champion the university's data classification program; additional duties and special projects as assigned.

Qualifications

REQUIRED QUALIFICATIONS :

Master's degree in computer science, cybersecurity, information systems, or a related field. A minimum of ten (10) years of progressive experience in information security leadership roles.

Must possess a deep knowledge of cybersecurity frameworks (e.g., NIST CSF, ISO 27001), federal research security requirements, and risk management practices. Experience with implementing practical security controls in Bring-Your-Own-Device ("BYOD") environments.

Prior experience with securing hybrid (cloud computing and on premises) computing and storage environments, and a desire to support the university's goal to embrace a "cloud first" transformative strategy. Familiarity with the cybersecurity implications of artificial intelligence and machine learning.

A demonstrated ability to lead diverse technical teams and communicate effectively with researchers, faculty, executives, and auditors.

Prior direct support of scientific research infrastructure, including high-performance computing (HPC), lab systems, or genomic data platforms.

Prior hands-on experience integrating security into agile development environments.

PREFERRED QUALIFICATIONS :

Advanced degree is preferred.

Prior experience in an academic or biomedical research setting strongly preferred.

Experience deploying and managing DevSecOps pipelines and tools (e.g., CI / CD security scanning, container security, IaC validation) is preferred.

Relevant certifications preferred (e.g., CISSP, CISM, CCSP, GIAC).

The Rockefeller University is an equal opportunity employer - veterans / individuals with disabilities. Qualified applicants will receive consideration for employment without regard to characteristics protected by applicable local, state or federal law, including but not limited to disability and protected veteran status.

The salary of the finalist selected for this role will be set based on various factors, including but not limited to organizational budgets, qualifications, experience, education, licenses, specialty, and training. The hiring range provided represents The Rockefeller University's good faith and reasonable estimate of the range of possible compensation at the time of posting.

Compensation Range : Min

USD $200,000.00 / Yr.

Compensation Range : Max

USD $245,000.00 / Yr.