Director, Information Security & Compliance

About The Position

Requirements

• Typically a Bachelor’s Degree from an accredited four-year institution in Computer Science, Information Technology, or Cybersecurity.
• Seven years of experience in information security, with at least three years in a management role.
• Strong knowledge of frameworks, standards, and best practices relating to Information Security, Privacy, Data Governance, and Business Continuity and Disaster Recovery
• Experience with regulatory compliance requirements (e.g., i.e. FERPA, HIPAA, GDPR, CCPA, and PCI-DSS).
• Demonstrated excellent verbal and written communication skills, as well as presentation skills.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with diverse stakeholders.
• Demonstrated ability to lead and manage a team of security professionals.

Nice To Haves

• Experience in developing and implementing technology policy, especially in a University environment is desirable.
• Professional certifications such as CISSP, CISM, or CISA are highly desirable.
• Experience in developing and implementing technology policy, preferably in a University environment.

Responsibilities

• Enhance Security Posture: Develop and implement a comprehensive cybersecurity program that significantly reduces risks and vulnerabilities across the university's digital landscape.
• Ensure Regulatory Compliance: Achieve and maintain compliance with relevant regulations and standards, ensuring that LMU meets all legal and regulatory requirements.
• Collaborative Protection: Work closely with various campus partners, external stakeholders, and community partners to ensure that information assets and associated technologies are protected, resulting in a cohesive, unified, and well understood approach to information security and compliance.
• Risk Management: Conduct thorough risk assessments and implement effective mitigation strategies, leading to a demonstrable reduction in potential threats.
• Incident Response: Oversee and improve incident response and recovery efforts, ensuring swift and effective investigation and resolution of security incidents.
• Policy Development: Create and enforce robust policies and procedures that safeguard information assets, leading to a well-documented and easily accessible framework for cybersecurity.
• Training and Awareness: Provide comprehensive training and guidance to staff on cybersecurity best practices, resulting in a well-informed and vigilant workforce.
• Monitoring and Reporting: Continuously monitor and report on the effectiveness of the cybersecurity program, providing clear metrics and insights that demonstrate progress and areas for improvement.
• Leadership and Strategy: Plan and manage the strategy, people, processes, tools, services, and resources necessary to effectively support the program and meet strategic goals.
• Business Continuity and Disaster Recovery: Orchestrate a secure, robust, and highly reliable approach to providing ITS services, during and after a disaster or disruption, to minimize negative impacts to business operations and maintain essential services.
• Data Governance: Oversee the university’s data governance efforts, ensuring that data is managed securely and in compliance with university policies and legal requirements.
• Perform other related duties.