unit logo

Chief Information Security Officer


UF Information Technology Classification*

Reporting directly to the Vice President and Chief Information Officer, the Chief Information Security Officer (CISO), a single incumbent position, is responsible for the organization’s development and enforcement of security policy and strategy related to the security of the University’s information assets.  The role of the CISO spans the entire University of Florida enterprise, including Direct Service Organizations and Affiliates.  The CISO exercises enterprise-wide authority for compliance with University information security policies consistent with applicable industry standards and governmental regulations.

Examples of Work

Job Functions are specific duties that would be included in the essential functions of the job description.  These functions are not all-inclusive nor do they cover the full extent of the duties performed.

  • Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management
  • Manage the University’s security organization, consisting of direct reports and indirect reports
  • Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices
  • Facilitate information security governance through implementation of a hierarchical governance program
  • Create, communicate and implement a risk-based process for vendor risk management, including assessment and treatment for risks that may result from partners, consultants and other service providers
  • Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection
  • Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders through the enterprise on identifying acceptable levels of residual risk
  • Oversees the selection, development, deployment, monitoring, maintenance, and enhancement of the organization’s security technology
  • Oversees performance of IT risk assessments, audits, and security incident investigation

Education and Experience

Master’s degree in an appropriate area of specialization and six years of appropriate experience; or a bachelor’s degree in an appropriate area of specialization and eight years of appropriate experience.

Licensure and Certification



This position does have supervisory responsibility.

*Reserved Classification – Use of this classification outside of UFIT requires prior approval by Classification and Compensation


To see common career pathways for each position at the University of Florida please visit the Career Paths section of the UFHR website.