Job Summary/Basic Function: The Executive Director of Information Security works directly with the CIO to develop, lead, implement, and monitor the comprehensive enterprise cybersecurity and IT risk management program. The Executive Director of Information Security will provide the leadership necessary to manage the risk to the organization and will ensure business alignment, effective governance, system and product availability, integrity, and confidentiality. This position reports to the Chief Information Officer (CIO).
Provides strategic risk guidance for IT projects, including evaluation and recommendation of technical controls. Leads IT and campus administration in response to breach incident response plan. Educates IT and Campus leaders on appropriate security risk and mitigation strategies. Collaborates with IT and District compliance team(s) as needed, and coordinates the IT component of both internal and external audits, federal and state examinations to ensure security programs are in compliance with relevant laws, regulations and policies. Develops, maintains and publishes up-to-date security policies, standards and guidelines. Guides the implementation of security practices and policies with technical staff within TCIT and in departments across the college. Oversees education and training programs for all college constituents on institutional policy, guidelines, federal and state laws and regulations, and best practices around information security. Evaluates new cybersecurity threats and IT trends and develops effective security controls. Oversees development of security awareness programs. Develops and oversees effective disaster recovery policies and standards to align with the TC's business-continuity program goals. Coordinate development of implementation plans and procedures to ensure business critical services are recovered in the event of disasters or other incidents, and provide direction, support and in-house consulting in these areas. Leads the annual IT Risk Assessment Process and maintains the efficacy of the IT Business Continuity Plan; participates in the work of the college-wide data governance group. Evaluates potential security breaches, coordinates response, and recommends corrective actions. Reviews hardware, software and services being considered for purchase or implementation by TCIT or other campus departments to assess security issues (strengths/risks) and assure proper information security features are incorporated to support university business needs; provides security requirements to be included in an RFP for software or services. Supervise security staff as assigned in the performance of the job duties. Prepare financial forecasts and budgets for security operations. Define and report on information security metrics. Maintains a collaborative and effective working relationship with TC's Office of General Counsel, the Office of Audit and Compliance, and Public Safety, and acts as coordinator between these groups on matters pertaining to campus IT security. Tracks industry and higher-education developments and best practices to maintain a thorough understanding of current and future directions, systems, applications, and data security techniques for instructional, research and administrative needs.
Additional Job Functions:
Follows adopted policies and procedures in accordance with campus Board priorities. Conducts oneself in the best interest of students, in accordance with the highest traditions of higher education and in support of College's Mission Statement.
Bachelor's degree in an IT related field. Minimum of five (5) years of experience in IT Networks, Systems or Security related positions. Experience in higher education or a research environment is preferred.
Knowledge and Abilities
Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certification. Knowledge of Information technology infrastructure library (ITIL) (certification preferred) with respect to security administration and information technology governance in a multiplatform environment. Experience with common information security management frameworks, such as ISO 2700x, NIST, COBIT, ITIL etc. Experience in establishing cybersecurity and risk metrics for reporting. Strong interpersonal and communication skills and the ability to achieve goals through influence, collaboration and cooperation and a strong commitment to providing outstanding client service. Demonstrated ability to work effectively with an array of constituencies in a community that is both demographically and technologically diverse. Demonstrated management skills, e.g., budget development and administration, policy development and implementation, personnel administration, staff training and development.