Director Information Security
Director Information Security
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Position Title:
Director Information SecurityTime Type:
Full timePosition Summary and Qualifications:
The Director Information Security assists the CISO in developing an information security vision and strategy that is aligned to organizational priorities.They will manage the day to day operations and staff of the Information Security department. This area focuses on identity and access management GRC (governance risk and compliance) as well as network security/operations.
They will assist the CISO in the management and coordination of security standards along with implementation and to ensure compliance to security standards and policies and provide expertise in managing audits vulnerability remediation and incident response.
They will assist in managing the University information security awareness program and promote best practices in security and compliance management.
Note to applicants: In the Resume/CV upload field please submit a resume a cover letter and 3 references that can speak to your direct experience in information security and management
Essential Duties & Responsibilities
Manages the day to day operations and staff of the Information Security department. This area focuses on identity and access management GRC (governance risk and compliance) as well as network security/operations.
Assists the IAM Analyst with the management of the security awareness program to ensure that there is an appropriate awareness of information security and safe computing practices across the University.
Provides support in managing vendor relationships pertaining to information security including the formal review of university contracts which have technology components. Using a vendor questionnaire assesses each vendors overall capabilities including infrastructure controls security practices regulatory compliance ability to protect University information assets etc. Issue a security opinion on the suitability of each vendor.
Provides support in investigating and assessing security incidents in collaboration with technology managers in IT and in partnership with the Office of General Counsel. Responds to alleged policy violations and complaints received from external parties. Documents findings via a formal security incident report.
Serves as the backup point of contact for security threats potential breaches and privacy issues including matters involving law enforcement. Works with internal and external auditors and agencies on security and compliance matters including incident response.
Assists the IT Audit Analyst in developing a strategy for addressing audits assessments and compliance efforts.
Assists the CISO in establishing annual and long term security and compliance goals. Creates and implements security strategies metrics and reporting processes.
Develops maintains promotes and enforces data management and information security policies standards guidelines and procedures including those for end users system and application administrators service providers and legal/regulatory compliance.
Assists in developing communication and education initiatives around the awareness of information security risks as well as mitigation strategies and protections that are in place at the university.
Understands and interacts with IT advisory councils administrative and academic units through committees to ensure the development of and consistent application of policies and standards across technology projects systems and services including privacy risk management compliance and business continuity management.
Works collaboratively with others to conduct risk assessments and business impact analysis to identify vulnerabilities and risk exposure.
Where risks have been identified provides recommendations on managing that risk including acceptance avoidance transference and mitigation techniques to minimize potential impact on the university.
Keeps current with emerging governmental regulatory initiatives and security alerts and issues which could have an impact on the university environment.
Provides guidance planning and monitoring for compliance with various industry requirements (e.g. FERPA HIPAA PCI) which impact the way in which various systems are implemented. Prepares and submits required reports to external agencies.
Direct supervisor for: Identity Access Management Analyst; IT Audit Analyst; Graduate Assistant as funding permits; and future incumbents as identified by the University
Minimum Qualifications
Bachelors degree preferably in computer science OR an equivalent combination of education training and experience.
Minimum of 6 years of progressive professional experience with information technology including 3 years minimum in a formal information security position (i.e Identity and Access management Risk Management Privacy etc. with 3 years minimum of management experience.
Strong written oral communication and presentation skills.
Ability to communicate technical/security information effectively to individuals with varying degrees of experience and skill.
Experience working with compliance and regulatory matters such as FERPA PCI HIPAA and HEOA. Experience and knowledge of NIST GLBA and GDPR.
Superior troubleshooting and problem solving skills.
Experience in writing security policies and related documents.
Ability to work independently and with others in a collaborative environment.
Demonstrated ability to work and effectively manage multiple work streams while meeting internal deadlines.
Preferred
Microsoft experience Azure Security IAM CASB SSO MFA.
Certified Information Systems Security Professional (CISSP) OR Certified Information Security Manager (CISM) OR Certified Information Systems Auditor (CISA).
Any Microsoft SC specific certifications.
Experience with contract and vendor vetting negotiations and document reviews.
Experience working with General/External Counsel and Law enforcement agencies.
Physical Requirements
Will require long periods of work at a computer
This position may be eligible for a flexible work arrangement per the Universitys guidelines and meeting performance expectations
Unusual Work Hours
Will require occasional evening and weekend hours. Must be available to respond to emergencies on a 7x24 basis and participate in the IT On Call process
Saint Josephs University is a private Catholic Jesuit institution and we expect members of our community to be knowledgeable about and to make a positive contribution to our mission. Saint Josephs University is an equal opportunity employer that seeks to recruit develop and retain a talented and diverse workforce. The University is committed to the diversity of its faculty and staff so that our students our disciplines and our community as a whole can benefit from the multiple perspectives it offers. The University seeks qualified candidates who share our commitment to equity diversity and inclusion. EOE
Saint Josephs University prohibits discrimination on the basis of sex in its programs and activities including admission and employment in accordance with Title IX of the Education Amendments of 1972. The Title IX Coordinator is responsible for overseeing compliance with Title IX and other civil rights laws and regulations. To contact the Title IX Coordinator email visit Campion Student Center suite 243 or call. To learn more about the Universitys Title IX policies the process for filing a report or formal complaint of sex discrimination sexual harassment or other form of sexual misconduct and the Universitys response to reports and/or formal complaints please visit www.sju/titleix. Inquiries may also be directed to the Federal agency responsible for enforcing Title IX the U.S. Department of Education Office for Civil Rights.
Required Experience:
Director
Employment Type
Full-Time
