The Director of Information Security is a new, full-time exempt position in the Information Technology Services department at Western Washington University. As a new position, it will play a unique and crucial role in serving the university’s increasing cyber security needs in the years ahead. The Director will report to the VP for Information Technology/CIO and also supervise the existing Information Security Manager position.
Academic Technology & User Services (ATUS) ATUS is the face of information technology at Western, providing desktop services and support for teaching and learning.
Enterprise Application Services (EAS) EAS is responsible for the implementation, maintenance and evolution of Western's enterprise applications.
Enterprise Infrastructure Services (EIS) EIS provides the underlying infrastructure and core information technology services for the university.
The Director of Information Security will help establish a fourth central area for ITS.
Direct the University’s information security program:
Under the general direction of the VPIT/CIO, collaborate with other ITS Directors in the development, implementation, and maintenance of the University’s information security program.
In collaboration with the University community, assist in the responsibility for developing and maintaining the campus information security roadmap for ensuring the security of technology services, computer systems, data networks, and data.
Establish and maintain information security programs, including: policy, practices, and standards; awareness and training; incident response and management; IT risk management; and relevant IT architecture
Manage the information security team:
Direct and manage the information security team.
Ensure the delivery of a suite of high-quality information security services to the University.
Develop and implement appropriate professional training programs.
Maintain the appropriate knowledge, skills and abilities for the position
Provide information security leadership:
Participate in planning and development of goals and objectives, with special attention to providing direction for those related to information security.
Serve on the ITS team for information technology security incidents affecting the institution
Serve as security liaison:
Serve as liaison to federal, state, local and professional organizations.
Serve as contact for information security vendors and contractors.
Information Technology Services supports the university’s mission to bring together individuals of diverse backgrounds and perspectives in an inclusive, student-centered university that develops the potential of learners and the well-being of communities. We encourage applications from women, people of color, people with disabilities, veterans, and other candidates from underrepresented backgrounds and with diverse experiences interested in this opportunity.
Western Washington University—with more than 16,000 students in seven colleges and the graduate school—is nationally recognized for its educational programs, students and faculty. Western is the highest-ranking public, master’s-granting university in the Pacific Northwest, according to the 2019 U.S. News & World Report rankings. The campus is located in Bellingham, Washington, a coastal community of 83,000 overlooking Bellingham Bay, the San Juan Islands and the North Cascades mountain range. The city lies 90 miles north of Seattle and 60 miles south of Vancouver, British Columbia.
Bachelor’s degree from an accredited college or university, especially in computer science, management information systems, information security, business or public administration
Five (5) or more years of experience in the Information Technology field with direct experience in the specific technical areas of systems administration, applications development, database administration, network operations and/or data center operations
Three (3) or more years of experience, beyond the five-year experience listed above, dedicated specially to the information security field. General System/Network Administration work, such as system patching or configuring access control lists, does not count toward these three years.
Experience working with sensitive/confidential information and to handle such information as required by federal and state law
Demonstrated experience designing and presenting complex security concepts to a variety of non-IT audiences or groups (e.g., end-user training, security conference presentations, campus briefings)
Successfully pass a criminal background check
Excellent demonstrated written and verbal communication skills
Proven team management skills
Experience with evolving information security technologies and approaches
Willingness and ability to provide off-hours support as needed
Experience in and/or a commitment to cultivating learning environments that are equitable and inclusive of IT users with diverse social identities and backgrounds
Master's degree from an accredited college or university
Experience working in a large enterprise IT environment
Experience managing both locally hosted and remotely/cloud-hosted systems
Experience with virtualization technologies, such as VMware ESX, Microsoft Hyper-V, Xen, KVM, etc.
GIAC/GSEC, CISM, CISSP, etc. certification
Demonstrated experience with three (3) or more of these areas: SaaS, IaaS, and/or PaaS; identity and access management solutions; or IDS/IPS and firewalls
Knowledge of information security standards; and federal, state, and local regulations including PCI, FERPA, HIPAA, and NIST 800
Experience working in higher education
Project planning/management experience
Ability to work in a collaborative, technical, team-driven environment
Additional Salary Information: depending on qualifications and experience Relocation expenses are negotiable.