Director, Cybersecurity Governance, Risk and Compliance

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
• At least five (5) years of experience in cybersecurity governance, risk management, and compliance
• A minimum of three (3) years in a leadership and management role within cybersecurity governance, risk management, and compliance
• Professional certification(s) such as CISSP, CISM, CRISC, CGRC, or CISA
• Working knowledge of information security frameworks, standards, and best practices
• Experience with risk assessment methodologies and compliance management
• In-depth understanding of cybersecurity governance, risk management, and compliance principles
• Excellent communication and interpersonal skills
• Strong analytical and problem-solving skills
• Ability to lead and motivate a team of security professionals
• Excellent project management skills, with the ability to manage multiple projects simultaneously
• Strong understanding of privacy laws and regulations
• Ability to communicate complex security concepts to non-technical stakeholders
• High level of integrity and ethical conduct
• Proof of legal authority to work in the United States on the first day of employment

Nice To Haves

• Master's degree in a related field
• Experience working in a higher education environment
• Additional certifications such as CGEIT, CIPT, or CIPM
• Experience with cloud security and privacy
• Working knowledge of data protection regulations such as GDPR, HIPAA, and FERPA
• Proven track record of successfully managing compliance initiatives and risk management programs

Responsibilities

• Develop and maintain the university's cybersecurity governance framework, including policies, procedures, and standards.
• Conduct regular risk assessments and audits to identify and mitigate security risks.
• Ensure compliance with federal, state, and local regulations, as well as industry standards (e.g., NIST, PCI, GDPR, HIPAA, FERPA).
• Oversee the implementation of IT operations, applications, infrastructure, and data risk management strategies and controls.
• Collaborate with internal and external stakeholders, including the University Enterprise Risk Manager, to address compliance and risk management issues.
• Develop and deliver training programs to promote security awareness and compliance.
• Monitor and report on the university's cybersecurity risk posture and compliance status to senior leadership.
• Lead the response to regulatory inquiries and audits.
• Stay current with emerging cybersecurity threats, regulations, and best practices.
• Regular, reliable, and non-disruptive attendance is an essential job duty, as is the ability to create and maintain collegial, harmonious working relationships with others.

Benefits

• University contributions to health, dental, life and disability insurance
• Tuition waivers for employees and their families
• 12 official holidays
• Immediate leave accrual
• Choice of retirement programs with university contributions ranging from 5 to 10% of employee salary