• Deputy Chief Security Officer

    Job Locations US-NE-Lincoln | US-CO-Highlands Ranch | US-CO-Aurora
    Posted Date 3 months ago(7/15/2019 4:50 PM)
    Job ID
    # of Openings
    Information Technology
  • Overview

    The Deputy Chief Security Officer (DCSO) role works closely with the Chief Security Officer (CSO) to provide vision and leadership for developing and implementing enterprise-wide business technology cybersecurity initiatives. The DCSO assists with directing the planning and implementation of cybersecurity solutions for IT systems in support of business operations in order to ensure business systems and relevant data maintains the highest levels of confidentiality, integrity and availability. This role is responsible for providing recommendations to and executing guidance from the CSO for all aspects of the organization’s information technology and systems.  The DCSO is a member of the executive management team and contributes to the strategic direction of the company, including evaluation of relevant merger and acquisition opportunities and associated integration strategies. 


    This position requires work in support of the Company’s contract with the United States Department of Education (“ED”). As such, the United States Government requires that any applicant for this position must complete United States Government security clearance. Effective June 1, 2018, ED has informed Nelnet that security clearance applications for foreign nationals are not being accepted or processed. In light of this direction from ED, Nelnet will be unable to hire applicants without United States citizenship for such positions.


    Strategy & Planning

    1. Participate in strategic and operational governance processes of the business as a member of the executive management team.
    2. Lead cybersecurity strategic and operational planning to achieve business goals by fostering innovation, prioritizing security initiatives, and coordinating the evaluation, deployment, and management of current and future IT systems across the enterprise from a security perspective.
    3. Work directly with Nelnet business unit leadership to ensure strategic alignment and appropriate initiative and investment prioritization.
    4. Assist with development and maintenance of appropriate cybersecurity organizational structure that supports the needs of the business.
    5. Identify opportunities for appropriate and cost-effective investment of financial resources in cybersecurity-related systems and resources, including staffing, sourcing, purchasing, and in-house development.
    6. Assess and communicate risks and opportunities associated with cybersecurity investments.
    7. Assist with development, tracking, and control of the cybersecurity annual operating and capital budgets.
    8. Develop business case justifications and cost/benefit analyses for cybersecurity spending and initiatives.
    9. Direct development and execution of an enterprise-wide incident response plan.
    10. Assess and make recommendations on the improvement or re-engineering of the cybersecurity organization.
    11. Develop and evaluate strategic partnership opportunities.

    Acquisition & Deployment

    1. Coordinate and facilitate consultation with stakeholders to ensure business and systems requirements for new technology implementations includes security considerations.
    2. Approve, prioritize, and control projects and the project portfolio as they relate to the selection, acquisition, development, and installation of major cybersecurity systems.
    3. Provide oversight of hardware and software acquisition and maintenance contracts and pursue master and enterprise agreements to capitalize on economies of scale.
    4. Define and communicate corporate plans, policies, and standards for the organization associated with acquiring, implementing, and operating cybersecurity systems.
    5. Evaluate and deploy emerging technologies to enhance enterprise cybersecurity capabilities and maximize ROI.
    6. Maximize consumption of existing and new cybersecurity capabilities to enhance business value.

    Operational Management

    1. Define and communicate cybersecurity capabilities and considerations to all stakeholders to enable business-level decision-making.
    2. Develop and maintain a closed feedback loop with business unit, IT stakeholders and cybersecurity leadership.
    3. Ensure continuous confidentiality, integrity and availability of business systems through oversight of service level agreements with end users and monitoring of IT systems security activities.
    4. Ensure business system operation adheres to applicable laws and compliance requirements through a comprehensive security first, compliance always, audit anytime strategy.
    5. Keep current with trends and issues in the cybersecurity industry, including current technologies and prices. Advise, counsel, and educate executives and management on their competitive or financial impact.
    6. Promote and oversee strategic relationships between internal cybersecurity resources and external entities, including government, vendors, and partner organizations.
    7. Supervise recruitment, development, retention, and organization of all cybersecurity staff in accordance with corporate budgetary objectives and personnel policies.
    8. Leverage industry standard and contractually required cybersecurity frameworks such as NIST, ISO 27000 series and CIS Critical Controls to improve system security and audit compliance.



    University degree in the field of computer science, information security, other relevant technical fields or business administration. Master’s degree or higher preferred.



    1. 7 years of experience managing and/or directing cybersecurity operations
    2. Experience driving compliance with various regulatory requirements such as NIST 800-53, PCI, SOX, GLBA and others.
    3. Experience in strategic planning and execution, including profit and loss responsibilities.
    4. Experience with systems design and development from business requirements analysis through to day-to-day management.
    5. Proven experience in IT and/or cybersecurity planning, organization, and development.



    1. Considerable knowledge of business theory, business processes, management, budgeting, and business office operations.
    2. Extensive knowledge of industry best-practice based frameworks to include NIST Cybersecurity Framework, ISO 27000 series and CIS Critical Controls.
    3. Substantial exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems, including enterprise storage, payment processing and highly available systems.
    4. Solid grasp of service oriented architecture (SOA).
    5. Excellent understanding of project management principles.
    6. Demonstrated ability to apply cybersecurity principles in the context of enabling business operations and proven ability to communicate with both technical and non-technical audiences.
    7. In-depth knowledge of applicable laws and regulations as they relate to IT, cybersecurity and the business.
    8. Strong understanding of human resource management principles, practices, and procedures.
    9. Proven leadership ability.
    10. Ability to set and manage priorities judiciously.

    EEO Statement

    Nelnet is an Equal Opportunity Employer, complies with Executive Order 11246, and takes affirmative action to ensure that qualified applicants are employed, and that employees are treated during employment, without regard to race, color, religion/creed, national origin, gender, or sex, marital status, age, disability, use of a guide dog or service animal, sexual orientation, military/veteran status, or any other status protected by Federal or State law or local ordinance. Qualified individuals with disabilities who require reasonable accommodations in order to apply or compete for positions at Nelnet may request such accommodations by contacting Nelnet Talent Acquisition & Recruiting.
    Nelnet is a Drug Free and Tobacco Free Workplace.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed