Senior Director, Information Security & Compliance

Job Purpose 
Reporting to the Associate Vice President and Chief Information Officer, the Senior Director, Information Security and Compliance is the chief information security officer for Wayne State University, responsible for ensuring the confidentiality, integrity, and security of University IT systems and data. Leads and directs all activities, projects and technical staff, establishing and maintaining a university-wide information protection and cyber security management program. 

Essential Functions 
Provide overall leadership and management for all activities and staff within Information Security, including network security, server security, event correlation, Identity and Access Management, IT Quality Assurance, information privacy and applicable IT security technologies to provide a secure computing environment and maintain data confidentiality, integrity, and availability for the University. Develop and deliver comprehensive information security strategy, policies, processes, and procedures throughout the University. Serve as expert on security principles, standards, and processes. 

Maintain the University's Incident Response process. Serve as primary contact point for reported data breaches. Lead efforts in resolving all identified security breaches throughout the University environment, including leading project teams for both security resolution and proactive measures to prevent future security issues. 

Provide overall leadership and direction to staff. Set expectations & focus, assign duties, delegate ‎‎responsibilities, evaluate activities, prepare performance ‎appraisals & professional development plans. Manage the ‎‎administrative process for assigned staff including hiring, ‎promotions, terminations, disciplinary procedures, ‎and salary ‎‎adjustments. Provide ongoing performance feedback, goal setting, and development plans for staff. ‎‎‎Plan for future staffing needs. Provide timely communications to staff. 

Conduct security audits and vulnerability assessments for all departments on campus. Conduct penetration testing, security assessments, and traffic analysis and generate related reports. Research, document, and explain security risks to University employees and review results with relevant system administrators for resolution. 

Educate, inform and engage the University community on current and trending topics and threats regarding information security and information privacy.  

Serve as primary liaison to internal and external auditors, ensuring timely responses to audits while managing risk and management led remediation if needed. Work in concert with the Office of General Counsel to address and resolve security and compliance issues. 

Track latest IT security innovations and keep abreast of latest cyber security technologies, processes and policies. Evaluate, test, design, and provide comparative analysis for new technologies or to make purchase recommendations to further improve information security at the University. 

Other duties as assigned.  

Qualifications

MINIMUM QUALIFICATIONS 
Education Bachelor's degree 
Bachelor's degree in computer science, business information technology, information systems or related field. Advanced degree is preferred. Equivalent combination of education and experience may be accepted. CISSP and/or CISM certifications or the ability to become certified within two years is preferred. 

Experience Expert (established subject matter expert, 7+ years experience) 
Minimum 8 years' experience in information security field. Experience evaluating new information security technologies. Experience with all major computer operating systems and how they are affected by information security issues. Experience evaluating security solutions for customers and conducting analysis of the budget, needs/expectations, network data, and technical capability. Experience conducting information security audits and presenting the results and remedial solutions to customers in an understandable format. Experience working with firewall, IDS, and VPN technologies. Experience using log analysis and event correlation to detect and identify possible malicious activity. Process automation experience. 
  
KNOWLEDGE,SKILLS and ABILITIES 

TECHNOLOGY SKILLS 
Knowledge of practical applications of security principles to all aspects of information systems, including servers, networks, applications, databases, facilities, and personnel. Ability to provide direction and guidance in information security matters to departments across campus. Ability to script in Perl, Python, or Ruby. Familiar with various database technologies and ability to interact with those programmatically. Considerable knowledge of common information security tools and software, e.g., Nessus, Nmap, tcpdump, netcat, Wireshark, and Metasploit. Sound knowledge of institutional technology strategy development and project management. 

ANALYTICAL SKILLS 
Analyzes the impact of potential actions. Demonstrates the ability to apply analytical and logical thinking to gather and analyze information. Capable of analyzing large volumes of data and summarizing results. Proposes and evaluates alternative solutions to achieve organizational goals. 

PROBLEM SOLVING SKILLS 
Identifies and resolves problems in a timely manner. Anticipates the implications and consequences of situations and takes appropriate action to be prepared for possible contingencies. Leads groups in problem analysis and process improvement initiatives. 

INTERPERSONAL SKILLS 
Relates to people in an open, friendly and acceptable manner. Effectively balances the interests and needs of own group with the broader organization. Resolves conflicts and disagreements and builds consensus. 

LEADERSHIPS SKILLS 
Proven ability to foster collaborations across diverse constituencies in a large academic institution and inspire confidence and motivate groups to collectively meet common objectives. Ability to establish clear goals and direction for teams or subordinates. 

PLANNING AND PROJECT MANAGEMENT SKILLS 
Ability to shift priorities and multi-task on various projects. Accurately scopes out length and difficulty of tasks and projects. Realistically estimates time and resource requirements on projects. Ability to plan and lead groups on large or complex projects. Develops strategies to achieve organizational goals. 

CUSTOMER FOCUS 
Establishes and maintains effective relationships with customers and gains their trust and respect. Proactively identifies customer issues and quickly and effectively resolves customer problems. Capable of working with technical as well as non-technical staff as well as academic and administrative leaders. Establishes customer service standards and objectives.  

Preferred Qualifications

Testing Requirements Not Applicable  

Job Type Full-Time  

Job Category Management