IT - Director, Information Security

Job Level
Senior position
Job Category
Director
Sector
  • Technology
  • Information Technology
Job Status
Areas of Responsibility
  • Information Technology
  • Security

The Director of Information Security reports directly to the CIO.  The Director of Information Security provides strategic leadership for centralized, enterprise-level technology service delivery for the Office of Information Technology. Responsible for the development, delivery, and oversight of comprehensive information security and risk management plans for the University.  Accountable for ensuring alignment with IT vision and strategy within area of responsibility. Ensures the area’s technological level remains up to date, defines standards, and implements new policies, procedures and techniques. Establishes department goals and objectives. As part of the Leadership Team, the Director must effectively communicate and collaborate with leadership, and staff, across the university to support strong partnerships between IT and the community, and to ensure that the Office of Information Technology is positioned to meet the current and future needs of UCO.

Position Overview

Oversee the institution's information technology projects/activities. Direct/Manage/Supervise technology projects to meet specific university requirements. Develop and implement programs to maximize customer satisfaction and operational efficiencies. Hire and maintain staff and ensure adequate staffing for projects and university IT operations. Work closely with other leaders on campus to develop plans to meet institutional objectives and provide support resources.

Department Specific Essential Job Functions

The Director of Information Security has university wide responsibility regarding all matters of information technology security.  Provides security oversight for all information technology assets, including infrastructure, end-point devices, applications, communications technology, etc. This position works closely with the IT leadership team to create, articulate and implement university-wide security vision and strategy to support the high quality and reliability of the services offered by UCO OIT. Oversees the creation and maintenance of the university's information technology security policies and practices, lead security risk assessments and their management for the university, and develop and manage university wide education and training regarding information technology security policies.

  • Partner with the University stakeholders and other IT domains to define and establish an enterprise wide Information Security Management Program (SMP) with supporting organization structure and clear ownership and accountability.

  • Direct/oversee all activities related to Information Security – Cyber Security, Incident Response, Risk Management, Policy Development / Enforcement, Security Monitoring, and Security Compliance

  • Deploy an information security and risk management framework, leveraging industry best practices, that can support a cross-organizational strategy for information security management. 

  • Develop, implement and maintain a University-wide information security plan.

  • Prepare, document, maintain and disseminate information security policies and procedures including information security controls, incident response planning, and identity and access management policies. Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced.

  • Ensure information security compliance through implementation of university-wide information security training and periodic security audits. These audits should be scheduled periodically and be both internal and external in nature. 

  • Review and respond to breaches or incidents in the confidentiality, integrity or availability of institutional data including impact analysis and recommendations for avoiding similar vulnerabilities.

  • Ensure compliance with the changing laws and applicable regulations.

  • Identify vulnerabilities, threats and incidents in the university's information technology infrastructure and work with OIT service owners to resolve these issues.

  • Maintain a current understanding of the IT threat landscape for the industry. Constantly update the cyber security strategy to leverage new technology and threat information.

  • Manage, coach, and mentor direct reports and others in the organization.

  • Ensure team members’ technical skills are kept current by identifying and supporting appropriate training and other professional development opportunities.

  • Facilitate effective communications and knowledge sharing between IT Managers by facilitating regular leadership team meetings for those within area of responsibility.

  • Oversee key performance indicators and Service Level Agreement (SLA) metrics to meet management targets.

  • Report performance to senior leadership on a frequent basis.

  • Understand and proactively manage the funding/budget for area of responsibility.

  • Proactively negotiate and manage the contracts for all consultants and contractors working within area of responsibility.

  • Assists in the development and maintenance of an IT Policy framework and a holistic set of IT Policies for the university.

  • Create, support and drive change leadership and transformational initiatives. Leads and promotes efforts for innovation, creative problem solving, and continuous improvement in the organization.

  • Performs other duties as assigned.

Qualifications/Experience Required

Requires a university degree or equivalent work experience that provides extensive knowledge of fundamental theories, principles, and concepts. Requires the application of expertise in a chosen field to achieve results. Extensive knowledge and compressive understanding of functional area. 7+ years of experience with leading planning, including program development and innovation, program prioritization, and assessment. Appropriate profession accomplishments and credentials.

Qualifications/Experience Preferred

  • Proven experience as an Information Security Officer or in a related role.

  • Proven management experience in IT field.

  • Professional Certifications in field of information security, e.g. CISSP, GIAC, preferred.

  • Experience working in Higher Education and within a large university environment, preferred.

Knowledge/Skills/Abilities

  • Familiarity with FERPA, state and federal guidelines on privacy, transactions and security. 

  • Familiarity with security industry trends and best practices.

  • Knowledge of systems risk and risk assessment concepts.

  • Knowledge of information technology security monitoring and identity systems 

  • Excellent understanding and knowledge of the field of information technology security.

  • Excellent leadership skills, the ability to work collaboratively within a team, and ability to inspire team members.

  • Must have broad, technical IT knowledge with analytical skills and business acumen.

  • Strong management skills with direct experience managing a diverse group of technology staff.

  • Strong written and verbal skills with proven project management experience.

  • Excellent analytical, organizational, and communication skills.

  • Demonstrated capacity for self-directed learning and ability to exercise independent thinking and judgment.

  • Demonstrated capacity to foster trust and develop the talents and expertise of staff so that they are able to assume expanded responsibilities.

  • Demonstrated and exceptional customer-focus and service orientation.

  • Strong interpersonal skills and the ability to work effectively and collegially with business stakeholders and colleagues is required.

  • Adheres to and complies with UCO’s shared values and the Office of Information Technology’s Code of Ethics.

  • This position is on-call 24x7x365 and requires the successful candidate to have high-speed internet access to their residence, and maintain a smart phone on which to receive telephone calls, email, SMS messages from servers and authorized OIT personnel.

Physical Demands

Repetitive movement of hands and fingers - typing and/or writing. Frequent standing, and/or sitting. Occasional walking, stooping, kneeling or crouching. Reach with hands and arms. Visually identify, observe and assess. Ability to communicate with supervisor/students/colleagues. Regular physical attendance required. The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations (in accordance with ADA requirements) may be made, upon request, to enable individuals with disabilities to perform essential functions.