Title: Director, Information Security

Department: Information Technology

Narrative Description:

The Director of Information Security will lead the University's information security strategy; drive the University's information security posture, using a risk based approach; and adopt a comprehensive approach to information security. The position holder will lead the IT security activities within the University, managing the risk to the University's IT facilities and information from internal and external threats. The position holder will advise the University at a strategic level on existing and emerging threats, and will develop the necessary IT security policies, processes and procedures.

As a member of the leadership team of the Information Technology department, the Director of Information Security works collaboratively with university leadership and with IT leadership. The position holder will develop and lead outreach, communication, and education efforts to raise campus wide awareness of information security risk, requirements, and solutions; provide strategic and technical guidance and assistance in the design and implementation of appropriate security processes for campus wide information systems; recommend and monitor computing practices to prevent and to recover from security breaches; and coordinate the handling of security incidents when such breaches occur.

Responsibilities:

• Develop, implement and monitor a strategic and comprehensive information security and IT risk management program that ensures the integrity, confidentiality, and availability of the SJU network.
• Maintain a close and effective working relationship with professionals in SJU's Office of General Counsel, Internal Audit, and Public Safety, and act as coordinator among these groups and professionals on matters pertaining to campus IT security.
• Advise university leaders on emerging information security risks and opportunities created by SJU's ongoing development as a world class institution of teaching, learning, and research with increasingly global relationships and activities.
• Direct the development of effective information security awareness, training and education programs for all employees, students and approved system users.
• Recommends strategies and practices to ensure information security and leads the design, development, and implementation of the university's security and governance policies and procedures in consultation with university leadership, technical personnel and IT senior staff.
• Assume responsibility of implementation of information security policies and for ensuring effective IT risk management and compliance across the university; recommend enhancements in information security policy to university leaders; coordinates campus-wide initiatives for governance and security. Lead the annual IT Risk Assessment Process and maintain the efficacy of the IT Business Continuity Plan; participate in the work of the university-wide Information Security Governance Committee.
• Assist Engineering, Development and Vendor teams to ensure proper security controls are implemented across technology initiatives, as well as assist in response to audits, penetration tests, and vulnerability assessments.
• Establish and implement a process for incident management to proactively identify threats, respond, contain and communicate a suspected or confirmed incident. Lead and coordinate institutional responses to security incidents, providing timely reports during the incident and responses to security incidents; provide timely reports during the incident and response, as well as propose cost effective solutions to prevent or mitigate future incidents.
• Evaluate risk and act expeditiously in making decisions and recommendations, while considering the technology environment as well as the varying needs and viewpoints of a university community.
• As a member of the CIO's leadership team contribute to the overall development of the IT department's strategic goals, performance metrics, communication practices, and culture.

Qualifying background and experience:

• A Bachelor's degree in Computer Science, Information Systems Management, Information Security, Business Administration, or a related field.
• At least 10 years of current experience directly related to the responsibilities of Information Systems or Information Security.
• Minimum of one professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences alike.
• Proven track record and experience in developing information security policies and procedures.
• Self-starter that requires minimal supervision and can provide oversight for any assigned projects.
• Excellent analytical skills, including the ability to assess the capabilities of SJU's existing information security architecture and develop strategies to maintain and strengthen its integrity.
• Extensive management experience that includes directly managing employees and budget responsibilities
• Demonstrated ability to work under pressure and time constraints and automate processes.

I understand that any offer of employment is subject to receipt by St. John's University of satisfactory references, verification of employment and education.

St. John's offers a competitive compensation program which is commensurate with your qualifications, experience, and contingent upon the departmental budget. We also offer an extremely comprehensive benefits program to meet the diverse needs of our workforce. Along with exceptional benefits such as medical, dental, life insurance, long term disability insurance, tuition remission, generous 403(b) employer contribution, employee assistance program, and liberal paid time off policies, faculty and staff can also enjoy St. John's performing arts, libraries, bookstores, dining facilities, campus recreation and sporting events.

St. John's University is an Equal Opportunity Employer and encourages applications from women and minorities.



To apply please click here!