Director of Information Security and Data Privacy

Job Level
Senior position
Job Category
Director
Sector
  • Information Technology
Job Status
Areas of Responsibility
  • Security

PRINCIPLE RESPONSIBILITIES:

  • Work with the Information Technology Division (ITD) to develop and establish a security program and security projects that address identified risks and business security requirements.

  • Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the CIO with a realistic overview of risks and threats in the enterprise environment.

  • Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department.

  • Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.

  • Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.

  • Provide security communication, awareness and training for campus constituents, which may range from senior leaders to field staff.

  • Work as a liaison with vendors to establish mutually acceptable service-level agreements.

  • Manage production issues and incidents, and participate in problem and change management forums.

  • Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.

  • Serve as an active and consistent participant in the information security governance process.

  • Provide support and guidance for legal and regulatory compliance efforts, including audit support.

  • Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.

  • Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.

  • Manage security projects and provide expert guidance on security matters for other IT projects.

  • Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.

  • Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.

  • Design, coordinate and oversee security-testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.

EDUCATION:

  • Master's degree in computer science, information systems or a related field is required.

EXPERIENCE:

  • Four (4) years of IT experience with two (2) years in an information security role and two (2) years in a supervisory role.

  • Experience in higher education is desired.

  • Experience working with audit and compliance staff.

  • Experience developing and maintaining policies, standards and guidelines.

KNOWLEDGE, SKILLS, AND ABILITIES:

  • Ability to work effectively with business managers, IT engineering and IT operations staff.

  • Must have the ability to interact with Coppin personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.

  • Strong understanding of the business impact of security tools, technologies and policies.

  • Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.

  • Excellent understanding of information security concepts, protocols, industry best practices and strategies.

  • Familiarity with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), the Family Education Rights and Privacy Act (FERPA), and the European Union Privacy Directive.

  • Proficiency in performing vulnerability assessments, and in defining treatment strategies.