Manager: Information Security

Anne Arundel County Public Schools•Annapolis, MD

15h

About The Position

Oversees the district's cybersecurity strategy to ensure the confidentiality, integrity, and availability of all information systems. This role ensures compliance with federal, state, and local regulations, including FERPA and COPPA, while leading efforts to identify risks, establish policies, and implement technical solutions to safeguard the district's technology infrastructure. The Manager directs all cybersecurity operations, oversees identity and access controls, and ensures secure integration of emerging technologies. Responsibilities include coordinating risk assessments, cybersecurity compliance reporting, developing and maintaining incident response plans, developing and maintaining IT disaster recovery and business continuity plans, incident commander for cybersecurity and disaster recovery events, and monitoring cybersecurity threats. The position also provides staff training, promotes a culture of cybersecurity awareness, and collaborates with IT leadership to align security strategies with district goals. This role requires strong leadership, technical expertise, and the ability to communicate effectively with diverse stakeholders in a K–12 educational environment. Additional Work Days/Hours Based on the assignment, the following additional work days and/or hours may be required as needed: Ability to work flexible schedules Emergencies Evenings/Nights Extended hours Holidays Inclement weather conditions On call Outside of normal business hours Overtime as needed Peak season Weekends

Requirements

Bachelor's Degree in Computer Science or related field of education from a regionally accredited college or university required.
Five (5) years professional experience in cybersecurity required; and
Three (3) years experience in a supervisory or management role required.
Proven track record of successfully leading security programs and projects.
Experience with regulatory compliance and audit processes.
Familiarity with cybersecurity tools and NIST special publication documentation.
Experience with cloud technology, database security, and cybersecurity principles.
Previous experience supporting transition/handover of data gathering, enrichment, storage, and usage.
Collaboration with cybersecurity teams and existing application development teams.
Budget preparation and oversight.
Demonstrated experience performing confidential IT security-related investigations and audits.
Demonstrated ability to work effectively within a team environment.
Demonstrated project management experience.
Ability to organize and manage multiple assignments with concurrent time sensitive deadlines.
Ability to maintain confidentiality in all security-related matters.
Strong knowledge of network security, encryption, and access controls.
Excellent oral and written communication skills.
Experience with regulatory compliance and audit processes.
Proficiency in risk assessment, threat modeling, and security frameworks.
Demonstrated ability to effectively work and communicate with diverse populations
Demonstrated proficiency with business technology applications (e.g. Video/Web Conferencing, Microsoft Office Suite -Word, Excel, Outlook, and/or PowerPoint preferred).
Hold or be eligible for Driver's License (DL) Class C Non-Commercial issued by Maryland or State of Legal Residence (MVA/DMV) required; and
Daily access to reliable transportation.

Nice To Haves

Master's Degree in related field of education from a regionally accredited college or university preferred.
Hold or be eligible for Certified Ethical Hacker (CEH) issued by EC-Council preferred.
Hold or be eligible for Project Management Professional (PMP) Certification issued by Project Management Institute (PMI) preferred.
Hold or be eligible for Certified Information System Security Professional (CISSP) issued by (ISC)² preferred.
Hold or be eligible for RIMS-Certified Risk Management Professional (CRMP) issued by Risk Management Society (RIMS) preferred.

Responsibilities

Develops and executes the organization’s cybersecurity strategy, aligning it with business goals and risk tolerance; collaborates with executive leadership to define cybersecurity policies, standards, and procedures; leads cross-functional teams to implement cybersecurity initiatives and drives continuous improvement; oversees the implementation of security controls, risk assessments, and vulnerability management.
Oversees day-to-day security operations, including incident response, threat detection, and vulnerability management, and managed Security Operations Center services; coordinates with security administrators and specialists to maintain a secure IT environment; ensures compliance with industry standards (e.g., ISO 27001, NIST, CIS, State of Maryland Minimum Cybersecurity Standards, etc. ) and other regulatory requirements in all current and proposed IT systems, vendor contracts, and related operational functions.
Leads incident response efforts during cybersecurity breaches or incidents; works with external partners, law enforcement, and forensics teams; develops and tests incident response plans to minimize organizational IT impact, recovery point, and recovery time objectives.
Serves as project manager for all IT Cybersecurity projects; ensures effective communication with all stakeholders across all levels, including detailed development and operational communications; identifies and manages project dependencies.
Leads all IT Change Management processes for the district; ensures all operational changes, incidents, work orders, and tasks are tracked in the district-approved ITSM system.
Collaborates with business units, legal, compliance, and IT teams to integrate security into project lifecycles and business best practices; communicates security risks and requirements to senior management and board members; fosters a security-aware culture through training and awareness programs, and available communication channels.
Performs other related duties as assigned within the same classification or lower.