Director of Information Security

About The Position

Requirements

• Bachelor's Degree in Information Security and/or equivalent experience; Master's Degree preferred.
• Ten years or more experience as an Information Security Officer or lead IT Security engineer role, developing and administering an information security program.
• Demonstrated experience advising and collaborating with senior management is required.
• The ability to work in a team/collaborative environment with a broad range of constituencies is essential.
• Extensive experience leading cybersecurity operations, incident response, and recovery initiatives.
• Deep understanding of the policy, compliance, and regulatory frameworks governing information security—particularly those impacting academic and research institutions.
• Track record of designing, implementing, and advancing a comprehensive information security program aligned with institutional mission and risk posture.
• Exceptional communication and collaboration skills, with the ability to effectively engage executive leadership, academic stakeholders, and cross-functional IT teams to drive alignment and shared accountability.
• Demonstrated professional maturity and composure, with the capacity to lead decisively in challenging situations, respond constructively to feedback, and foster a culture of respect, integrity, and steady leadership.
• CISSP or CISM Required
• ITIL Foundation (Required within 6 months)

Nice To Haves

• Master's Degree preferred.
• Working knowledge and experience in policy and regulatory environment of information security, particularly in higher education, is highly desirable.
• GIAC certifications (GCIA, GCED, GCIH, GMON, or similar)
• Microsoft cybersecurity or identity certifications (SC-200, SC-300, AZ-500)
• Certified Cloud Security Professional (CCSP)

Responsibilities

• Defines and executes the university’s multi-year information security strategy and roadmap.
• Establishes governance structures, policies, standards, and risk management frameworks aligned with NIST and regulatory requirements.
• Presents security posture, roadmap progress, and risk trends to Sr. Director of Infrastructure & Operations
• Develop institutional risk models that reflect academic, clinical, and research environments.
• Leads the design and engineering of technical controls, including SIEM, SOAR, EDR, logging pipelines, MFA, vulnerability management, email security, and administrative privilege management.
• Ensures alignment with enterprise infrastructure, networking, cloud operations, and data governance teams.
• Ensures cybersecurity compliance for HIPAA-aligned clinics, academic research, financial systems, and federal reporting requirements.
• Leads security components of internal and external audits.
• Creates institutional documentation, controls matrices, and evidence packages aligned with regulatory frameworks and accreditation needs.
• Develops institution-wide security training, awareness campaigns, and behavior-based education programs.
• Builds strong relationships with colleges, schools, and clinical programs to support secure and compliant environments.
• Encourages a campus culture of shared responsibility for cybersecurity.
• Leads security engineering, risk, compliance, and incident response teams.
• Develops staff skillsets in threat detection, architecture, identity governance, cloud security, and compliance.
• Fosters a culture of transparency, continuous improvement, and operational rigor.
• Leads enterprise vulnerability identification, prioritization, and remediation workflows across servers, endpoints, networks, and cloud services.
• Establishes risk-based SLAs, reporting dashboards, and remediation playbooks.
• Partners with system owners, infrastructure engineering, and academic/clinical environments to implement secure baselines and configuration standards.
• Proven ability to lead and facilitate cross-campus advisory councils and governance committees, driving alignment on strategic initiatives and fostering collaborative decision-making.
• Experienced in building and developing high-performing teams, including talent acquisition, retention, coaching, and mentoring.
• Skilled in strategic sourcing, vendor partnerships, and managed service oversight, optimizing cost, performance, and compliance across complex technology ecosystems.
• Adept at prioritizing and deploying talent effectively across multiple initiatives to maximize impact, maintain operational resilience, and achieve institutional objectives.
• Cultivates strong, trust-based relationships with internal stakeholders and external partners through transparent communication, influence, and a customer-centric leadership approach.