Director of IT Cybersecurity, Risk and Compliance

About The Position

Requirements

• Knowledge of cybersecurity governance and risk management frameworks, including establishing strategy, roles, policies, and oversight.
• Knowledge of NIST CSF 2.0 and ability to implement and report using the six core functions: Govern, Identify, Protect, Detect, Respond, and Recover.
• Ability to lead incident management and coordination, including communication, mitigation, and continuous improvement.
• Knowledge and understanding of campus policy development and dissemination.
• Must be familiar with policies affecting the higher education environment in the following areas of Student Privacy, Health Care, Finance, Institutional Research and State/Federal Regulations.
• Possess skills needed to assess computer hardware, software, and network systems for security risks or violations and work with ITS and campus staff and technology vendors to recommend solutions.
• Excellent interpersonal, communication, and presentation skills, including formal report writing.
• Possess strong customer service skills and the ability to project that attitude to customers in remote locations.
• Ability to assess the status of complex multi-location projects as well as identify and implement appropriate corrective measures to resolve issues as they arise.
• Ability to operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates that align with mission.
• Ability to develop security standards and guidelines based on best practices and industry standards.
• Ability to effectively work and interact with various cultures and ethnicities.
• Bachelor’s Degree in Information Technology or related field.
• Seven (7) years of full-time related work experience to include communicating, analyzing and responding to information security incidents.
• Experience planning and managing projects required.
• Must pass a background check.

Nice To Haves

• Information security experience in a higher education or state/local government environment preferred.
• CISM or CISSP preferred.
• Equivalent combination of education and/or work experience considered.

Responsibilities

• Demonstrates leadership in ethical and practical compliance to enhance institutional trust, strengthen reputation, and support risk-informed decision-making.
• Promotes ethical business practices across the College by providing comprehensive education and establishing procedures to achieve the highest standards of compliance.
• Maintains the College’s goals, culture, data collection, data storage, data processing, and data reported.
• Recommends programmatic and technical strategies, demonstrating a high level of independence in conducting investigations while upholding confidentiality and assessing the impact and analysis of security incidents, as well as making informed decisions regarding risk management and implementing computer and network security measures.
• Establishes and maintains the College’s cybersecurity governance model, including policies, standards, risk oversight, and performance reporting to senior leadership.
• Develops and maintains security metrics and dashboards (risk posture, compliance status, control health, vulnerability trends, training completion, and audit remediation status).
• Provides senior level guidance on cybersecurity priorities and risk acceptance decisions while communicating risk in clear business terms.
• Leads the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
• Internally assesses, evaluates and makes recommendations to management regarding the adequacy of the security controls for the College's information and technology systems.
• Leads the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
• Develops and implements effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Executes strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI DSS, FERPA, HIPAA, NIST 800-171,GDPR, and GLBA safeguards.
• Interacts in both oral and written communications with all levels of System staff including; computer support staff, developers and other ITS staff, Enrollment Services, Financial Aid, Instructional Design Services, Finance, General Counsel, MCC Police, auditors, and all system staff and students, technology vendors and contractors, in matters related to information security and security awareness materials.
• Coordinates cyber readiness and resilience activities with business continuity and disaster recovery planning, including recovery testing and restoration validation.
• Oversees governance for identity and access management (IAM) and privileged access controls in collaboration with IT teams, ensuring least privilege and compliance-driven access practices
• Develops strategies to address awareness and training for all stakeholders as well as technical solutions.
• Works with College Financial office, and outside consultants as appropriate on required security assessments and audits.
• Coordinates and tracks all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes.
• Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit.
• Provide guidance, evaluation and advocacy on audit responses.
• Consistently and dependably attends work, activities, and functions as scheduled or assigned.

Benefits

• competitive salary commensurate with experience and qualifications
• comprehensive benefits package that supports your health, well-being, and professional growth