Information Security Director (Officer)
- Job Title
- Information Security Director (Officer)
- Job ID
- Williamstown, MA 01267
- Other Location
International Consortium of Minority Cybersecurity Professionals (ICMCP) is assisting Williams College with identify diverse cybersecurity professionals. Williams is pleased to announce that it is now accepting applications for an Information Security Director (Officer) in the Office of Information Technology. Reporting to the chief information officer (CIO), the director of information security is responsible for the strategic and operational direction of Williams’ information security program. The director works collaboratively with the campus community and stakeholder groups to build shared ownership of information security across the institution. The position develops and maintains programs including information security policy and standards; information security awareness and training; information security incident response and management; risk assessment and management; and information security-related information technology architecture. The director of information security demonstrates a commitment to ensure that data in all forms, as well as the systems and networks used to transmit, store, and provide access to it are designed, configured, and operated in a manner that ensures security, integrity, privacy, and compliance with statutory and regulatory requirements.
Williams is committed to enriching its educational experience and its culture through the diversity of its faculty, staff, and students. We strongly encourage candidates from underrepresented groups to apply. Our expectation is that the successful candidate will excel at working in a community that is broadly diverse with regard to race, ethnicity, socioeconomic status, gender, nationality, sexual orientation, and religion.
ESSENTIAL FUNCTIONS AND RESPONSIBILITIES
- Coordinate the College’s overall information security program, develop and maintain the campus information security roadmap to ensure the security of technology services, computer systems, networks, and data
- Establish and maintain information security policies, processes, and standards in collaboration with the campus community
- Enhance information security awareness and coordinate related training for security, privacy, and confidentiality.
- Conduct, review, and report on ongoing vulnerability assessments of IT systems and coordinate periodic information security assessments at an organizational level
- Review and assess information security risks, recommend controls, oversee their implementation and management in collaboration with IT and other staff
- As a member of the IT leadership team, participate in strategic planning and development of goals and objectives, specifically for information security and also infusing it into all other goals
- Facilitate the communication of policies, practices, and awareness to the College community
- Manage and coordinate incident response procedures to track and address information, system and network security incidents, alleged policy violations, and external requests or complaints. Test disaster recovery and continuity annually.
- Assist in vendor and/or product assessments to evaluate information security risks
- Serve as liaison to federal, state, local and professional organizations in collaboration with counsel, risk management, and campus security, assist in legal discovery and data gathering
- Maintain a working knowledge of laws, regulations, and industry standards, where compliance requires specific data or information security policies, practices, reporting, or audits. These include and are not limited to - HIPAA, FERPA, PCI, GDPR, etc.
- Coordinate with the General Counsel to ensure that information technology practices and policies are compliant with applicable standards and laws
- Participate in the higher education information security community for awareness of best practices and emerging threats
- Perform additional duties as assigned; duties, responsibilities, and activities may change at any time with or without notice
- Bachelor’s degree or the equivalent in education and experience; degree in a technology related field preferred
- Minimum five years of relevant experience in information security or related field
- Ability to work independently and as a member of a team, establish priorities, and work collaboratively as a member of a diverse community
- Collaborative, constructive, and positive approach to work
- Exceptional oral, written, and interpersonal communication skills
- Excellent project management skills and ability to balance multiple priorities
- Attention to detail in both completion of work and documenting work products
- Effective time management practices, applied in a fast-paced environment
- Must embrace learning and working with constantly changing technology
- Familiarity with information security and data breach standards, regulations, and laws including PCI, FERPA, HIPAA, and NIST 800 series
- Experience presenting complex security concepts to a variety of audiences or groups (e.g. end-user training, recommendations to IT leader peers, executive-level briefings)
- Knowledge of network and authentication protocols, encryption types, event management (SEIM), and information security technologies
- CISSP, SSCP, GIAC or similar certification(s)
- Experience working in higher education
- Review of applications will begin June 16, 2019, and continue until the position is filled. Job Group 2-B.
Conditions of Employment
Employment at Williams is contingent on the verification of background information submitted by the applicant, including the completion of a criminal record check, and education when applicable.
Equal Employment Opportunity
Beyond meeting fully its legal obligations for non-discrimination, Williams College is committed to building a diverse and inclusive community where members from all backgrounds can live, learn and thrive.