POSITION TITLE: DIRECTOR, INFORMATION SECURITY
STATUS: Full time
DEPARTMENT: Information Security Office
DIVISION: Information Technology
CLASSIFICATION: Exempt
UNION: Non-union
REPORTS TO: Executive Director, Information Technology
PLACEMENT: Administrative, grade 12
PAY RATE: Commensurate with experience

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

The student population at the college is diverse in ethnicity, gender, language, age and background. Joliet Junior College is an AA/EO employer and strongly encourages applications from candidates who would enhance the diversity of its staff.

POSITION SUMMARY
Provides College-wide strategic leadership, analysis, planning, and recommendations related to the security of the College’s information assets. Reports directly to the Executive Director of Information Technology and will have a dotted-line to the President. Works closely with the members of the Information Technology management team as well as the College Police Department, HR, and Senior Administrators of the College. Exercises enterprise-wide authority for compliance with college information security policies consistent with applicable industry standards and governmental regulations. Ensures a framework for managing risk and aligning information security strategies with the College’s missions and administrative functions. Manages the Information Security Office (ISO) and the Information Assurance and Security Engineer. The focus is to protect not only the confidentiality, integrity and availability of information, but also the safety, privacy and recovery of information owned or processed by the college in compliance with regulatory requirements.

ESSENTIAL JOB DUTIES AND KEY RESPONSIBILITIES
1. Provide leadership in the development, maintenance, monitoring, and support of information security policies and procedures; make recommendations for new policies and procedures to Senior Leadership to protect the College’s information resources.
2. Work with the Business Auxiliary Services (BAS) office to ensure that information security requirements are included in contracts by liaising with BAS with vendor management and procurement organizations.
3. Create and manage a targeted information security awareness training and communication program for all employees, approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
4. Manage the operations of information security events.
5. Serve as an information security liaison for users, administrators, and senior management of systems with confidential or protected information and provide security advice and expertise to faculty, staff and students.
6. Monitor changes in legislation and accreditation standards and regulatory compliance within the organization with respect to College information security policies, state and federal regulations; appropriately escalate problems.
7. Provide guidance and advocacy regarding prioritization of infrastructure investments that impact security. Liaise with the Enterprise Architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design.
8. Provide alerts and advisories to the college community regarding current security incidents and threats.
9. Identify information security risks, develop appropriate processes to address vulnerabilities, provide operational recommendations that can be implemented centrally and at the local (departmental) level, and assist in implementation of those strategies.
10. Manage the cost-efficient information security organization, consisting of direct reports and dotted line reports (such as individuals in business continuity and IT operations) to support IT strategic goals, incident response, disaster recovery, and business continuity planning.
11. Embed the practice of information security into the business processes, culture and philosophy of the College.
12. Develop and enhance an up-to-date information security management Cybersecurity framework based on the National Institute of Standards and Technology (NIST).
13. Work with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the college is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
14. Must stay up to date on current technology, trends, attacks, and risk mitigation techniques.
15. Perform other duties as assigned.

MINIMUM QUALIFICATIONS
1. Bachelor’s Degree in Computer Science or closely related field.
2. Information security management experience with six (6) or more years of direct responsibility for management of security professionals, risk management, policy and compliance, training and awareness, and incident management.
3. Excellent verbal and written communications skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences.
4. Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
5. Demonstrated ability to manage projects and time effectively utilizing resources and project plans to meet deadlines.
6. Knowledge in security investigation and computer forensics.

PREFERRED QUALIFICATIONS
1. Master’s degree from an accredited institution of higher education.
2. Project Management (PMP) Certified or demonstrated project management experience
PHYSICAL DEMANDS
1. Normal office physical demands.
2. Ability to travel between campus locations and to and from community events.
3. Ability to travel in state and nationally.

WORKING CONDITIONS
1. Duties are performed indoors in the usual office and/or outdoor environment.

Application Procedures: “Apply to this Job at employment.jjc.edu”

Application Deadline: Open until filled

All offers of employment are contingent upon the following:
• Satisfactory results of a background check
• Post-offer, pre-employment Drug Screening for employees that are new to the College
• Post-offer, pre-employment physical exam in circumstances where the nature of the work renders it appropriate or where Federal law or regulation requires

Joliet Junior College is an equal opportunity/affirmative action college supporting diversity.

ANNUAL CLERY SAFETY REPORT (ASR) NOTICE FIRE SAFETY REPORT (FSA) and MISSING PERSON POLICY (MPP) FOR STUDENTS RESIDING IN “ON CAMPUS” STUDENT HOUSING
Joliet Junior College is committed to assisting members of the JJC community in providing for their own safety and security. The annual CLERY security compliance document along with the Fire Safety Report (FSR) and the Missing Person Policy (MPP) for students residing in “on campus” student housing is available at the JJC Police Department website :
www.jjc.edu/cleryreport

If you would like to receive the ASR, FSR or MPP in booklet form, you may stop by the Campus Police Department located on Main Campus in G 1013 or call Campus Police at 815-280-2234. The website and booklet contain information regarding campus security and personal safety such as crime prevention and reporting, police law enforcement authority, disciplinary procedures and other related security policies. They also contain information about crime statistics for the three previous years for all JJC campuses, property owned and controlled by JJC District 525 and on public property immediately adjacent to JJC campuses.
This information is required by law and is made available by the Joliet Junior College Police Department.