Summary: Stevenson University seeks an experienced leader to serve as the University's first Director of Information Security. This newly created position will join the Stevenson University (SU) Office of Information Technology (OIT) division and will report directly to the Chief Information Officer (CIO) and serve as part of the division's leadership team.
The Director of Information Security is responsible for leading the development and implementation of a comprehensive information security program that leverages collaborations and campus-wide resources, facilitates information security governance, advises on security direction and resource investments, designs appropriate measures and policies to manage information security risk, and provides strategic guidance and technical assistance in securing and accessing University-wide systems. This role will be responsible for designing and implementing regular information security training and outreach programs for all SU faculty, staff, and students in collaboration and coordination with other OIT staff.
The successful candidate must position all information security efforts in support of and alignment with Institutional priorities through their knowledge and experience of industry standards and best practices.
Department: Information Technology (OIT)
Education/Experience: Required: Bachelor’s Degree in Information Technology, Computer Science, IT Security or related field
3-5 years of work experience in information security field with proficiency in at least two of the following areas: threat monitoring, incident management, risk management, compliance (HIPPA, FERPA, GDPR, PCIDSS), vulnerability management, or security awareness
Experience working in a higher education environment
Preferred: One or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), or CompTIA Security+
Policy writing and resource management experience
Knowledge/Skills/Ability: Understanding of NIST framework
Hands on technical experience with security assessment, monitoring, and management tools
Evidence of effective communication, problem solving, and collaboration skills in a technical environment
Evidence of effective team and consensus building towards achieving a greater goal or initiative
Physical Requirements: Medium work: Exerting up to 50 pounds of force occasionally and/or up to 20 pounds of force frequently, and/or up to 10 pounds of force constantly to move objects. Frequent Reaching, Standing, Walking, Keyboarding, Grasping, Feeling, Talking, and Hearing. Periodic Climbing, Balancing, Stooping, Kneeling, Crouching, Crawling, Pushing, Pulling, Lifting, and Repetitive Motions. Close visual acuity to perform an activity such as: preparing and analyzing data and figures; viewing a computer terminal; visual inspection involving small defects, small parts and/or operation of machines (including inspection). Frequently subject to both environmental conditions: Activities occur inside and outside. Periodically subject to noise: There is sufficient noise to cause worker to shout in order to be heard above the ambient noise level. Periodically subject to hazards: Includes a variety of physical conditions, such as proximity to moving mechanical parts, moving vehicles, electrical current, working on scaffolding and high places, exposure to high heat or exposure to chemicals. Periodically subject to atmospheric conditions: One or more of the following conditions that affect the respiratory system of the skin: Fumes, odors, dusts, mists, gases or poor ventilation. Periodically required to function in narrow aisles or passageways.
Essential Functions: Information Security Leadership
Responsible for the development and strategic leadership of the University’s information security program.
Provide guidance and counsel to the CIO and key members throughout the campus community in defining objectives for information security.
Establish and lead institution-wide information security governance processes in both administrative and academic units.
Direct information security planning processes to establish an inclusive and comprehensive information security program for the Institution in support of academic and administrative information systems and technology.
Establish security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
Maintain current knowledge of information security issues and regulatory changes affecting higher education at the state and national level, participate in industry policy and practice discussions, and communicate to campus on a regular basis about those topics.
Establish and maintain standards and engage with all external vendors and service providers to verify their information security practices and rigor.
Participate in and coordinate with other University committees offering expertise related to information security
Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Perform special projects as assigned.
Policy, Compliance and Audit
Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
Establish procedures and lead efforts to internally assess, evaluate and make recommendations to key stakeholders regarding the adequacy of the security controls for the University’s information and technology systems.
Collaborate with appropriate parties on required security assessments and audits.
Coordinate and track all information technology and security related audits and inquires including scope, parties involved, timelines, agencies, outcomes, and offer guidance, evaluation and advocacy to University leadership on related responses.
Work with responsible parties to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements.
Outreach, Education and Training
Lead and collaborate closely with the various stakeholders and the campus community addressing a variety of information security issues that require a more in-depth understanding and explanation of the network and computing environment at the University.
Develop education, training, and awareness programs and advise all areas throughout the University on security issues, best practices, and vulnerabilities.
Partner with and develop user focused security initiatives to address unique needs in protecting against identity theft, mobile access of University resources, social media presence, and online reputation attacks.
Risk Management and Incident Response
Establish procedures to identify, track, and manage all security incidents and act as the primary control point during significant information security incidents.
Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise.
Develop, implement and administer technical security standards to address and mitigate security risk.
Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with appropriate policies.
Evaluate the impact of all new technologies, processes, and policies on the Institution’s overall information security program.
Review the contracting, procurement, and implementation of all new technologies to ensure security compliance.
Reports To: Chief Information Officer
Work Location: Owings Mills
Position Category: Staff
Position Type: Full-Time
Open Until Filled: Yes
To be considered for this position please visit our web site and apply on line at the following link:stevenson.peopleadmin.com
EOE/AA Employer of Minorities/Females/Veterans/Disability