Stevenson University seeks an experienced leader to serve as the University's first Director of Information Security. This newly created position will join the Stevenson University (SU) Office of Information Technology (OIT) division and will report directly to the Chief Information Officer (CIO) and serve as part of the division's leadership team.
The Director of Information Security is responsible for leading the development and implementation of a comprehensive information security program that leverages collaborations and campus-wide resources, facilitates information security governance, advises on security direction and resource investments, designs appropriate measures and policies to manage information security risk, and provides strategic guidance and technical assistance in securing and accessing University-wide systems. This role will be responsible for designing and implementing regular information security training and outreach programs for all SU faculty, staff, and students in collaboration and coordination with other OIT staff.
The successful candidate must position all information security efforts in support of and alignment with Institutional priorities through their knowledge and experience of industry standards and best practices.
Required: Bachelor's Degree in Information Technology, Computer Science, IT Security or related field
3-5 years of work experience in information security field with proficiency in at least two of the following areas: threat monitoring, incident management, risk management, compliance (HIPPA, FERPA, GDPR, PCIDSS), vulnerability management, or security awareness
Experience working in a higher education environment
Preferred: One or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), or CompTIA Security+
Policy writing and resource management experience
Understanding of NIST framework
Hands on technical experience with security assessment, monitoring, and management tools
Evidence of effective communication, problem solving, and collaboration skills in a technical environment
Evidence of effective team and consensus building towards achieving a greater goal or initiative
Information Security Leadership Responsible for the development and strategic leadership of the University’s information security program.
Provide guidance and counsel to the CIO and key members throughout the campus community in defining objectives for information security.
Establish and lead institution-wide information security governance processes in both administrative and academic units.
Direct information security planning processes to establish an inclusive and comprehensive information security program for the Institution in support of academic and administrative information systems and technology.
Establish security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
Maintain current knowledge of information security issues and regulatory changes affecting higher education at the state and national level, participate in industry policy and practice discussions, and communicate to campus on a regular basis about those topics.
Establish and maintain standards and engage with all external vendors and service providers to verify their information security practices and rigor.
Participate in and coordinate with other University committees offering expertise related to information security
Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Perform special projects as assigned.
Policy, Compliance and Audit Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
Establish procedures and lead efforts to internally assess, evaluate and make recommendations to key stakeholders regarding the adequacy of the security controls for the University’s information and technology systems.
Collaborate with appropriate parties on required security assessments and audits.
Coordinate and track all information technology and security related audits and inquires including scope, parties involved, timelines, agencies, outcomes, and offer guidance, evaluation and advocacy to University leadership on related responses.
Work with responsible parties to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements.
Outreach, Education and Training Lead and collaborate closely with the various stakeholders and the campus community addressing a variety of information security issues that require a more in-depth understanding and explanation of the network and computing environment at the University.
Develop education, training, and awareness programs and advise all areas throughout the University on security issues, best practices, and vulnerabilities.
Partner with and develop user focused security initiatives to address unique needs in protecting against identity theft, mobile access of University resources, social media presence, and online reputation attacks.
Risk Management and Incident Response Establish procedures to identify, track, and manage all security incidents and act as the primary control point during significant information security incidents.
Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise.
Develop, implement and administer technical security standards to address and mitigate security risk.
Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with appropriate policies.
Evaluate the impact of all new technologies, processes, and policies on the Institution’s overall information security program.
Review the contracting, procurement, and implementation of all new technologies to ensure security compliance.
As Maryland's third-largest independent university, Stevenson serves more than 4,400 students pursuing bachelor's, master's, and adult undergraduate degrees in the classroom and online. Founded in 1947 as Villa Julie College, the University is committed to providing a career-focused education and to offering programs that ensure our students' success in an increasingly dynamic job market.The University imbues its emphasis on career throughout the educational experience, from coursework to experiential learning. In addition to providing students with a quality liberal arts education, the University also stays true to its tagline, "Imagine Your Future. Design Your Career." Stevenson graduates gain the knowledge and skills that they can apply to not just their first job or graduate course but also carry with them throughout their lives. This promise is made explicit through the Career ArchitectureSM model, which carefully mentors students through a process of learning who they are within a framework of theory, practice, and mentoring. Stevenson has historically high job and graduate school placement rates for its students, helping them find success by starting their careers or by ente...ring graduate school for continuing their education. In 2013, the Maryland Career Development Association (MCDA) recognized the impact of the Career Architecture process by awarding Stevenson with its annual MCDA Organizational Career Planning Award. This award recognizes an institution that has developed an excellent program for career development within the organization.