Director, Information Security

Position Title:

Director, Information Security

Time Type:

Full time

Position Summary and Qualifications:

The Director, Information Security assists the CISO in developing an information security vision and strategy that is aligned to organizational priorities.

They will manage the day to day operations and staff of the Information Security department. This area focuses on identity and access management, GRC (governance, risk and compliance) as well as network security/operations.

They will assist the CISO in the management and coordination of security standards, along with implementation and execution to ensure compliance to security standards and policies and provide expertise in managing audits, vulnerability remediation and incident response.

They will assist in managing the University information security awareness program and promote best practices in security and compliance management.

Note to applicants: In the Resume/CV upload field, please submit a resume, a cover letter, and 3 references that can speak to your direct experience in information security and management

Essential Duties & Responsibilities

• Manages the day to day operations and staff of the Information Security department. This area focuses on identity and access management, GRC (governance, risk and compliance) as well as network security/operations.

• Assists the IAM Analyst with the management of the security awareness program to ensure that there is an appropriate awareness of information security and safe computing practices across the University.

• Provides support in managing vendor relationships pertaining to information security, including the formal review of university contracts which have technology components. Using a vendor questionnaire, assesses each vendor’s overall capabilities including infrastructure, controls, security practices, regulatory compliance, ability to protect University information assets, etc. Issue a security opinion on the suitability of each vendor.

• Provides support in investigating and assessing security incidents in collaboration with technology managers in IT, and in partnership with the Office of General Counsel. Responds to alleged policy violations and complaints received from external parties. Documents findings via a formal security incident report.

• Serves as the backup point of contact for security threats, potential breaches, and privacy issues, including matters involving law enforcement. Works with internal and external auditors and agencies on security and compliance matters, including incident response.

• Assists the IT Audit Analyst in developing a strategy for addressing audits, assessments and compliance efforts.

• Assists the CISO in establishing annual and long term security and compliance goals. Creates and implements security strategies, metrics, and reporting processes.

• Develops, maintains, promotes and enforces data management and information security policies, standards, guidelines, and procedures, including those for end users, system and application administrators, service providers, and legal/regulatory compliance.

• Assists in developing communication and education initiatives around the awareness of information security risks as well as mitigation strategies and protections that are in place at the university.

• Understands and interacts with IT advisory councils, administrative and academic units through committees, to ensure the development of and consistent application of policies and standards across technology projects, systems and services, including privacy, risk management, compliance and business continuity management.

• Works collaboratively with others to conduct risk assessments and business impact analysis to identify vulnerabilities and risk exposure.

• Where risks have been identified, provides recommendations on managing that risk, including acceptance, avoidance, transference, and mitigation techniques to minimize potential impact on the university.

• Keeps current with emerging governmental regulatory initiatives and security alerts and issues which could have an impact on the university environment.

• Provides guidance, planning, and monitoring for compliance with various industry requirements (e.g. FERPA, , HIPAA, PCI), which impact the way in which various systems are implemented. Prepares and submits required reports to external agencies.

• Direct supervisor for: Identity Access Management Analyst; IT Audit Analyst; Graduate Assistant as funding permits; and future incumbents as identified by the University

Minimum Qualifications

Required

• Bachelor’s degree, preferably in computer science, OR an equivalent combination of education, training and experience.

• Minimum of 6 years of progressive professional experience with information technology, including 3 years minimum in a formal information security position (i.e Identity and Access management, Risk Management, Privacy, etc.) with 3 years minimum of management experience.

• Strong written, oral communication, and presentation skills.

• Ability to communicate technical/security information effectively to individuals with varying degrees of experience and skill.

• Experience working with compliance and regulatory matters such as FERPA, PCI, HIPAA and HEOA. Experience and knowledge of NIST, GLBA and GDPR.

• Superior troubleshooting and problem solving skills.

• Experience in writing security policies and related documents.

• Ability to work independently and with others in a collaborative environment.

• Demonstrated ability to work and effectively manage multiple work streams while meeting internal deadlines.

Preferred

• Microsoft experience - Azure, Security, IAM, CASB, SSO, MFA.

• Certified Information Systems Security Professional (CISSP) OR Certified Information Security Manager (CISM) OR Certified Information Systems Auditor (CISA).

• Any Microsoft “SC” specific certifications.

• Experience with contract and vendor vetting, negotiations and document reviews.

• Experience working with General/External Counsel and Law enforcement agencies.

Physical Requirements

• Will require long periods of work at a computer

• This position may be eligible for a flexible work arrangement per the University’s guidelines and meeting performance expectations

Unusual Work Hours

• Will require occasional evening and weekend hours. Must be available to respond to emergencies on a 7x24 basis and participate in the IT On Call process

Saint Joseph’s University is a private, Catholic, Jesuit institution and we expect members of our community to be knowledgeable about – and to make a positive contribution to – our mission. Saint Joseph’s University is an equal opportunity employer that seeks to recruit, develop and retain a talented and diverse workforce. The University is committed to the diversity of its faculty and staff so that our students, our disciplines and our community as a whole can benefit from the multiple perspectives it offers. The University seeks qualified candidates who share our commitment to equity, diversity and inclusion. EOE

Saint Joseph’s University prohibits discrimination on the basis of sex in its programs and activities, including admission and employment, in accordance with Title IX of the Education Amendments of 1972. The Title IX Coordinator is responsible for overseeing compliance with Title IX and other civil rights laws and regulations. To contact the Title IX Coordinator, e-mail titleix@sju.edu, visit Campion Student Center suite 243, or call 610-660-1145. To learn more about the University’s Title IX policies, the process for filing a report or formal complaint of sex discrimination, sexual harassment, or other form of sexual misconduct, and the University’s response to reports and/or formal complaints, please visit www.sju.edu/titleix. Inquiries may also be directed to the Federal agency responsible for enforcing Title IX, the U.S. Department of Education Office for Civil Rights.