Description: This director level position is responsible for all aspects of information security on a campus with 4,500 students, 700 full time employees, and a total average network device count of approximately 10,000 devices. This position will develop a comprehensive information security program, create administrative policies for all campus personnel, and partner with the campus community on risk management, incident response, and other security initiatives. This position reports to the AVP for Information Technology and is a member of the IT leadership team, along with three other directors and three managers. Working with all employees the institution, the director will provide strategic direction, oversee and maintain the implementation of improved security.
Required Knowledge: Exceptional writing and presentation skills Extensive knowledge of ISO 2700X, ITIL, COBIT/Risk IT & NIST frameworks. High level of initiative and self-direction Strong analytical skills Strong consensus building skills Continuous improvement and growth
Preferred/Desirable Knowledge: Example of a written policy document, approved by an institution, that you authored. Example of a presentation on security that youve made.CISSP certification Professional experience with EDUCAUSE Security group, REN-ISAC, ISACA, and/or Infraguard.
Required Prior Work Experience: 5 years experience in an IT position with significant information security responsibilities.
Diversity Statement: Emerson College believes diversity enriches the educational experience by providing students with the opportunity to learn from individuals who may have different backgrounds, experiences, and perspectives. Engagement with diversity in the curriculum, in our co-curricular offerings, and all other aspects of the College enhances the personal and intellectual growth of all members of our campus community. Emerson is committed to strengthening communities, including our workplace, by fostering the development of the intercultural competencies necessary for meaningful citizenship in an increasingly complex, pluralistic society.
Classification Title: Director 1
Salary Grade: 19
Job Family: Executive
Develop, implement and monitor a strategic, comprehensive enterprise-wide information security and IT risk management program to ensure appropriate integrity, confidentiality and availability of data.
Provide leadership for security governance through the creation of a new committee or integration into an existing campus committee.
Work directly with business units to facilitate IT risk management processes, and work with stakeholders on identifying acceptable levels of residual risk.
Develop, maintain, and amend security policies to improve campus security posture based on thorough analysis and continuous work with campus stakeholders.
Audit compliance and assess risk with respect to federal and industry requirements.
Provide regular reporting on current status of information security program to institutional risk team, senior leaders & the board of trustees.
Oversee training in, dissemination of, and compliance with security policies and practices.
Create and manage security awareness training programs for all employees, students and approved system users.
Provide strategic risk guidance for IT and institutional projects, including evaluation & recommendation of technical controls.
Work with the IT infrastructure and enterprise applications teams to ensure alignment between security & enterprise systems.
Lead security incident response, create and chair the Computer Incident Response Team, and lead campus-wide coordination during security incidents.
Maintain regular coordination and be the primary point of contact in work with general counsel, campus police, external auditors, the risk management team, and communications department.
Serve as a liaison to federal, state, local, and professional organizations for information security/cybersecurity matters.
Develop extensive security metrics on the regular operating environment and incident data, correlate data sets and identify trends to inform risk assessments.
Provide recommendations for security budgetary needs.
Provide guidance on the technical security infrastructure, working closely with the systems security administrator, to include initiation of new security technologies such as SIEM and DLP.
Monitor external threats for emerging threats, and advise stakeholders on appropriate courses of action.
Emerson College is the nation’s premier private college dedicated exclusively to majors in communication and the arts in a liberal arts context. It is located in the theater district in the dynamic multi-cultural city of Boston in close proximity to major arts institutions, media outlets, and research centers. The College enrolls 3,783 undergraduate students and 671 graduate students from 71 count...ries and 48 states. Emerson College is committed to an active, intentional, and ongoing engagement with diversity – in its people, in the curriculum, and in the College’s intellectual, social, cultural and geographical communities. Our inclusive excellence framework recognizes that institutional excellence comes from fully engaging with diversity in all aspects of institutional activities. Members of historically under-represented groups are encouraged to apply.