Assistant Director, Information Security

Position Title:

Assistant Director Information Security

Time Type:

Full time

Position Summary and Qualifications:

The Assistant Director of Information Security plays a critical leadership role in executing the Universitys information security vision and strategy. This position works closely with the Chief Information Security Officer (CISO) to implement and manage technical policy and compliance-based initiatives that safeguard University systems data and operations.

The role is central to security operations including risk management incident response audit coordination and vendor reviews. The Assistant Director also leads efforts to strengthen the Universitys information security awareness and training programs fosters a culture of shared responsibility and ensures alignment with institutional goals and regulatory obligations.

Essential Duties & Responsibilities:

• Provides leadership and oversight for the day-to-day operations and technical aspects of the Information Security department with a primary focus on identity and access management GRC (governance risk and compliance) and network security/operations.

• Collaborates closely with those responsible for IAM functions in the Applications & Infrastructure division to strategically enhance the security awareness program ensuring a robust understanding of information security and safe computing practices across the University community.

• Manages technical support and contributes expertise in overseeing vendor relationships pertaining to information security including leading the formal review of university contracts with significant technology components.

• Utilizes and refines the vendor questionnaire process to thoroughly assess each vendors overall capabilities including infrastructure controls security practices regulatory compliance and ability to safeguard University information assets providing expert security opinions on vendor suitability.

• Participates in the investigation and assessment of security incidents coordinating efforts with technology managers in IT and partnering effectively with the Office of General Counsel.

• Serves as a point of contact and escalation for security threats potential breaches and privacy issues including sensitive matters involving law enforcement.

• Engages proactively with internal and external auditors and agencies on security and compliance matters particularly during incident response scenarios.

• Partners with the IT Audit Analyst to develop and implement comprehensive strategies for addressing audits assessments and broader compliance efforts.

• Actively participates in the establishment of annual and long-term security and compliance goals for the department.

• Drives the creation and implementation of detailed security strategies metrics and reporting processes to monitor effectiveness and demonstrate progress.

• Develops maintains champions and enforces robust data management and information security policies standards guidelines and procedures encompassing those for end users system and application administrators service providers and legal/regulatory compliance.

• Initiates and develops communication and education initiatives aimed at elevating awareness of information security risks along with mitigation strategies and protective measures implemented across the university.

• Engages actively with IT advisory councils administrative and academic units through committees ensuring the cohesive development and consistent application of policies and standards across all technology projects systems and services including privacy risk management compliance and business continuity management.

• Collaborates extensively with stakeholders to conduct thorough risk assessments and business impact analyses identifying vulnerabilities and assessing risk exposure.

• When risks are identified provide expert recommendations on effective risk management strategies including acceptance avoidance transference and mitigation techniques to minimize potential impact on the university.

• Stays abreast of emerging governmental regulatory initiatives security alerts and relevant issues that could impact the university environment proactively assessing their implications.

• Provides expert guidance planning and monitoring for adherence to various industry requirements (e.g. FERPA HIPAA PCI) influencing the implementation of relevant systems.

• Oversees the preparation and submission of required reports to external agencies ensuring accuracy and timeliness

• Supervision includes:IT Audit Analyst (1); Network security analyst (1); Graduate Assistant/Student worker as funding permits

• This role provides direct management technical guidance mentorship and project oversight to junior staff analysts and interns.

• May lead and manage specific security projects or work streams.

Minimum Qualifications: (Education/Training and Experience Required)

• Bachelors degree preferably in Computer Science Information Security or a related field OR an equivalent combination of education training and experience.

• Minimum of 4 years of progressive professional experience in information technology with at least 2 years in a dedicated information security role (e.g. Identity and Access Management Risk Management Security Operations Incident Response).

• At least 1 year of demonstrated direct experience managing people (direct reports ) in a professional capacity.

• Excellent written oral communication and presentation skills with the ability to articulate complex security concepts clearly and concisely.

• Proven ability to effectively communicate technical and security information to diverse audiences from technical teams to executive leadership.

• Demonstrated experience working with compliance and regulatory matters such as FERPA PCI HIPAA and HEOA.

• Strong understanding and practical knowledge of NIST GLBA and GDPR frameworks.

• Superior troubleshooting and advanced problem-solving skills with a track record of resolving complex security issues.

• Extensive experience in drafting and maintaining comprehensive security policies standards and related documentation.

• Proven ability to work autonomously while also fostering a highly collaborative environment.

• Demonstrated ability to effectively manage multiple concurrent work streams and consistently meet internal deadlines in a dynamic environment.

Preferred

• Advanced experience with Microsoft security technologies (Azure Security Center Microsoft 365 Security Azure AD IAM CASB SSO MFA solutions).

• Industry-recognized security certifications such as Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA).

• Experience with contract and vendor vetting processes negotiations and detailed document reviews from a security perspective.

• Demonstrated experience collaborating with General/External Counsel and various Law Enforcement agencies on security-related investigations and compliance.

Physical Requirements and/or Unusual Work Hours:

• Will require prolonged periods of work at a computer workstation.

• Will require occasional evening and weekend hours to address critical issues or project demands.

• Must be available to respond to emergencies on a 7x24 basis and actively participate in the IT On Call rotation process.

Saint Josephs University is a private Catholic Jesuit institution and we expect members of our community to be knowledgeable about and to make a positive contribution to our mission. Saint Josephs University is an equal opportunity employer that seeks to recruit develop and retain a talented and diverse workforce. The University is committed to the diversity of its faculty and staff so that our students our disciplines and our community as a whole can benefit from the multiple perspectives it offers. The University seeks qualified candidates who share our commitment to equity diversity and inclusion. EOE

Saint Josephs University prohibits discrimination on the basis of sex in its programs and activities including admission and employment in accordance with Title IX of the Education Amendments of 1972. The Title IX Coordinator is responsible for overseeing compliance with Title IX and other civil rights laws and regulations. To contact the Title IX Coordinator e-mail visit Campion Student Center suite 243 or call . To learn more about the Universitys Title IX policies the process for filing a report or formal complaint of sex discrimination sexual harassment or other form of sexual misconduct and the Universitys response to reports and/or formal complaints please visit Inquiries may also be directed to the Federal agency responsible for enforcing Title IX the U.S. Department of Education Office for Civil Rights.

Pay Transparency & Benefits Overview

Please click to read more about the universitys approach to pay and benefits transparency. Adjunct instructor compensation can be found in the article. Otherwise an estimated pay range is listed below. This positions estimated pay range is:

$102400.00 - $127500.00