Director, Information Security

The mission of The University of St. Augustine for Health Sciences is the development of professional health care practitioners through innovation, individualized, and quality classroom, clinical, and distance education.

GENERAL SUMMARY

The Director, Information Security is responsible for keeping the University safe, secure, and compliant all aspects of data security, including policies and procedures, data loss prevention (DLP), anti-virus monitoring, vulnerability and threat assessments, and penetration test coordination.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Work alongside other University IT teams and departments to identify areas of cyber risk to the organization and assist with reducing those risks to acceptable levels
• Work with system engineers to embed best practices in design and development
• Ensure that all systems are resilient to cyber events
• Develop and maintain the University’s Incident Response Plan; ensuring all required participants are trained in response protocols
• Define, direct, and oversee the execution of security processes in the areas of intrusion prevention, security event monitoring/SIEM, vulnerability management, privilege access management, web filtering, and VPN
• Serve as a subject matter expert providing advisory services related to security architecture strategy, as well as, security requirements for all internal and external business partners, including students
• Participate in quarterly audit reporting - including reports to leadership and external compliance entities
• Establish, monitor, evaluate, and report key performance and risk indicators (KPIs and KRIs) to provide leadership with accurate and timely information regarding the effectiveness of the information security strategy
• Manage the gathering and analysis of University data to ensure actionable information is available and responded in accordance with defined SLAs
• Define 3rd party data security requirements and perform cyber risk assessments of current and prospective 3rd party vendors ensuring all appropriate controls are applied
• Maintain a roadmap for the development of security architecture and standards
• Ensure that the institution’s security strategy is meeting the security and privacy needs of internal and external customers
• Provide strategic and tactical security guidance for new and existing technical solutions
• Communicate and promote the awareness of information security, information risk, and privacy to business units, customers and partners
• Build and guide the Information Security team in developing individual skill sets to maximize personal growth and team success

OTHER DUTIES AND RESPONSIBILITIES

May perform other duties and responsibilities that management may deem necessary from time to time.

POSITION IN ORGANIZATION



Reports to: Executive Director, Information Technology

Positions Supervised: Not applicable

TECHNICAL, MANAGERIAL & PEOPLE SKILLS REQUIRED



To perform this job successfully an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Incumbents will be evaluated, in part, based on performance of each essential function. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

• Excellent written and verbal communication skills
• Strong knowledge of budgeting, accounting and other related processes
• Excellent contract negotiation and management skills
• Strong knowledge of Compliance Standards: PCI DSS, ISO27001:2013, SSAE-16 SOC-2
• Strong understanding and/or experience with Security Information and Event Management (SIEM), Vulnerability Management, Penetration Testing, Authentication Methods, Identity and Access Management (IAM), Anti-Malware and Malware Analysis/Remediation, Intrusion Detection and Intrusion Prevention (IDS/IPS), Web Application Firewalls, File Integrity Monitoring (FIM), Incident Response/Forensics, Physical Access Controls and Security Best Practices
• A proactive mindset

EDUCATION and/or EXPERIENCE

• Bachelor’s degree in information systems, management information systems, computer science, business or related field or a combination of education and experience equivalent to a bachelor’s degree
• Master’s degree preferred
• 5-7 years' experience in a Cyber Security leadership role
• 7+ years' experience operating, monitoring and enforcing security policies, standards, tools, controls and systems in large scale organizations where you directly managed employees.
• Ten (10) or more years of IT experience with five (5) years being in a management role
• Experience leading enterprise IT projects and programs
  

TRAVEL

Up to 20% Travel required to campus locations in the U.S. required


BUSINESS COMPETENCIES

To perform the job successfully, an individual should demonstrate the following competencies:

• 
  Collaborates - Building partnerships and working collaboratively with others to meet shared objectives.
• Being Resilient - Rebounding from setbacks and adversity when facing difficult situations.
• 
  Instills Trust - Gaining the confidence and trust of others through honesty, integrity, and authenticity.
• 
  Drives Results - Consistently achieving results, even under tough circumstances.
• 
  Innovation - Creating new and better ways for the organization to be successful.
• 
  Customer Focus - Building strong customer relationships and delivering customer-centric solutions.
• 
  Drives Engagement (People Managers Only) - Creating a climate where people are motivated to do their best to help the organization achieve its objectives.
• 
  People Leadership (People Managers Only) - Leads by example when it comes to finding and developing talent, with a focus on talent acquisition strategies, setting performance targets that raises standards and development of high potential talent.
  

WORK ENVIRONMENT
Work is performed primarily in a standard office environment but may involve exposure to moderate noise levels. Work involves operation of personal computer equipment for six to eight hours daily and includes physical demands associated with a traditional office setting, e.g., walking, standing, communicating, and other physical functions as necessary.

The University of St. Augustine for Health Sciences is an equal opportunity at will employer and does not discriminate against any employee or applicant for employment because of age, race, religion, color, disability, sex, sexual orientation or national origin.