Director of Information Security

Job Level
Senior position
Job Category
Director
Sector
  • Information Technology
Job Status
Areas of Responsibility
  • Security
Position Title

Director of Information Security 

About the University Western Washington University, with over 16,000 students in seven colleges and the graduate school, is nationally recognized for its educational programs, students and faculty. The campus is located in Bellingham, Washington, a coastal community of 83,000 overlooking Bellingham Bay, the San Juan Islands and the North Cascades Mountain range. The city lies 90 miles north of Seattle and 60 miles south of Vancouver, British Columbia. Western is the highest-ranking public, master's-granting university in the Pacific Northwest, according to the 2019 U.S. News & World Report rankings.
About the Department

The Information Technology Services department encompasses three central areas (please see http://www.wwu.edu/vpit/): 

  • Academic Technology & User Services (ATUS) 
    ATUS is the face of information technology at Western, providing desktop services and support for teaching and learning. 

  • Enterprise Application Services (EAS) 
    EAS is responsible for the implementation, maintenance and evolution of Western's enterprise applications. 

  • Enterprise Infrastructure Services (EIS) 
    EIS provides the underlying infrastructure and core information technology services for the university. 

The Director of Information Security will help establish a fourth central area for ITS. 

Information Technology Services supports the university’s mission, which states that together with our students, staff, and faculty, we are committed to making a positive impact in the state and the world with a shared focus on academic excellence and inclusive achievement.   We encourage applications from women, people of color, people with disabilities, veterans, and other candidates from underrepresented backgrounds and with diverse experiences interested in this opportunity. 

About the Position

The Director of Information Security is a new, full-time exempt position in the Information Technology Services department at Western Washington University. As a new position, it will play a unique and crucial role in serving the university’s increasing cyber security needs in the years ahead. The Director will report to the VP for Information Technology/CIO and also supervise the existing Information Security Manager position. 

Your responsibilities will include:

  • Direct the University’s information security program: 

    • Under the general direction of the VPIT/CIO, collaborate with other ITS Directors in the development, implementation, and maintenance of the University’s information security program. 

    • In collaboration with the University community, assist in the responsibility for developing and maintaining the campus information security roadmap for ensuring the security of technology services, computer systems, data networks, and data.

    • Establish and maintain information security programs, including: policy, practices, and standards; awareness and training; incident response and management; IT risk management; and relevant IT architecture. 

  • Manage the information security team:

    • Direct and manage the information security team. 

    • Ensure the delivery of a suite of high-quality information security services to the University.

    • Develop and implement appropriate professional training programs. 

    • Maintain the appropriate knowledge, skills and abilities for the position. 

  • Provide information security leadership:

    • Participate in planning and development of goals and objectives, with special attention to providing direction for those related to information security.

    • Serve on the ITS team for information technology security incidents affecting the institution. 

  • Serve as security liaison:

    • Serve as liaison to federal, state, local and professional organizations.

    • Serve as contact for information security vendors and contractors. 

Required Qualifications
  • Bachelor’s degree from an accredited college or university, especially in computer science, management information systems, information security, business or public administration 

  • Five (5) or more years of experience in the Information Technology field with direct experience in the specific technical areas of systems administration, applications development, database administration, network operations and/or data center operations 

  • Three (3) or more years of experience, beyond the five-year experience listed above, dedicated specially to the information security field. General System/Network Administration work, such as system patching or configuring access control lists, does not count toward these three years  

  • Experience working with sensitive/confidential information and to handle such information as required by federal and state law 

  • Demonstrated experience designing and presenting complex security concepts to a variety of non-IT audiences or groups (e.g., end-user training, security conference presentations, campus briefings) 

  • Successfully pass a criminal background check 

  • Excellent demonstrated written and verbal communication skills 

  • Proven team management skills 

  • Experience with evolving information security technologies and approaches 

  • Willingness and ability to provide off-hours support as needed 

  • Experience in and/or a commitment to cultivating learning and working environments that are equitable and inclusive of IT users with diverse social identities and backgrounds. 

Preferred Qualifications
  • Master's degree from an accredited college or university  

  • Experience working in a large enterprise IT environment  

  • Experience managing both locally hosted and remotely/cloud-hosted systems  

  • Experience with virtualization technologies, such as VMware ESX, Microsoft Hyper-V, Xen, KVM, etc.  

  • GIAC/GSEC, CISM, CISSP, etc. certification 

  • Demonstrated experience with three (3) or more of these areas: SaaS, IaaS, and/or PaaS; identity and access management solutions; or IDS/IPS and firewalls 

  • Knowledge of information security standards; and federal, state, and local regulations including PCI, FERPA, HIPAA, and NIST 800 

  • Experience working in higher education 

  • Project planning/management experience 

  • Ability to work in a collaborative, technical, team-driven environment 

Salary $110,000 - $120,000 depending on qualifications and experience
Application Instructions

Required application materials:

  • Cover letter addressing the required and preferred qualifications
  • Resume
  • Names and contact information for three professional references
  • Provide specific reference to the diversity requirement for this position.  Please address your experience in and/or a commitment to cultivating learning and working environments that are equitable and inclusive of IT users with diverse social identities and backgrounds.  You may address the diversity requirement in your cover letter or resume, or in a separate statement regarding diversity.
Closing Date  Review of applications begins March 4, 2019; position is open until filled.