This job has expired

Sr. Director of Information Security

Colorado School of Mines
Colorado, United States
Salary Not Specified
Posted Date
Aug 5, 2022

View more

Position Type
Administrative, Business & Administrative Affairs, Computer Services & Information Technology, Technology Administration/Other, Chief Technology & Information Officers, Executive, Executive Directors, Other Executive
Employment Level
Employment Type
Full Time
You need to sign in or create an account to save a job.

Position Title Sr. Director of Information Security The Opportunity

The Sr. Director of Information Security provides vision and leadership for developing and supporting security initiatives such as development and implementation of the strategies, processes, tools, and policies necessary to prevent, detect, document, and counter threats to digital and non-digital information. The Sr. Director of Information Security directs the planning and implementation of enterprise IT systems, business operations, and facility defenses against security breaches and vulnerability issues. This individual is also responsible for auditing existing systems, while directing the administration of security policies, activities, and standards.


Strategy & Planning
  • In partnership with the CIO, develop and implement a long-term information security strategy and framework to ensure that Mines’ information assets are protected.
  • Participate as a member of the IT leadership team in governance processes of the organization’s security strategies.
  • In partnership with the CIO, lead strategic security planning, working with the institutional leadership to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies using a risk-based assessment methodology that goes beyond the traditional compliance only view to one that adopts a comprehensive approach to information security.
  • Develop and communicate security strategies and plans to staff, faculty, students, partners, customers, and stakeholders.
  • Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
  • Develop, implement, maintain, and oversee enforcement of policies, procedures, guidelines, and associated plans for system security administration and user system access based on industry-standard best practices and coordinate their approval and dissemination.
Acquisition & Deployment
  • Define and communicate institutional procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, IoT devices, and other technologies.
  • Partner with IT leadership on the evaluation, selection, implementation, and maintenance of information security technologies, including but not limited to multi-factor authentication (MFA), single sign-on (SSO), sender policy framework (SPF), and identity access management (IAM).
  • In partnership with the CIO, organize information security tabletop exercises at all levels of the organization, in collaboration with trusted security partners.
Operational Management
  • Lead recruitment, development, and retention of security staff.
  • People management, including staffing models, project scheduling, career development, succession planning, performance reviews, etc.
  • Reviews and assesses skills and capabilities of assigned staff. Seeks opportunities to increase staff capability through training and other methods.
  • Establish annual goals and conduct performance reviews for staff.
  • Act as advocate and primary liaison for the institution’s security vision via regular written and in-person communications with the leadership, department heads, and end users.
  • In partnership with the IT Leadership team develop institution-wide technology procedures to fully secure information, computer, network, and processing systems.
  • Identify, evaluate, implement and report on information security best practices and standards (e.g. FERPA, HIPPA, PCI, CMMC, NIST).
  • Manage the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, SIEMs, cryptography systems, and anti-virus software.
  • Develop, and track the security services annual operating and capital budgets for purchasing, staffing, and operations.
  • Partner with teams within the IT department and across campus to ensure that technologies are developed and maintained according to security policies and guidelines and recommend and implement changes in security policies and practices in accordance with changes in local or federal law.
  • Creatively and independently provide resolution to security problems in a value-added manner.
  • Lead the assessment and communicate security risks associated with purchases or practices performed by the institution.
  • Collaborate with the CIO, privacy officer, and HR to establish and maintain a system for ensuring that security and privacy policies are met.
  • Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, partner organizations, and internal and external IT audit groups.
  • Remain informed on trends and issues in the security industry, including current and emerging technologies. Advise, counsel, and educate executives, management teams, and all relevant stakeholders on their relative importance, financial impact and appropriate courses of actions.
  • Liaise with law enforcement and other advisory bodies as necessary to ensure that the organization maintains a strong security posture.
  • Help to foster a security-aware culture across the Mines community through the development of a comprehensive information security awareness campaign that engages with students, instructors, researchers, and administration.
  • Coordinate incident response planning and the investigation of security breaches and assist with any associated disciplinary, public relations and legal actions.
Minimum Qualifications

Education and Experience:
  • Bachelor's degree in Computer Science, Information Security, or a closely related field. Individuals without a degree may be considered if they demonstrate possession of substantially the same knowledge level found in a degree but have attained advanced knowledge through a combination of work experience and intellectual instruction.
  • 5+ years of experience managing and/or directing an IT and/or security operation, including information security governance and risk-based decision support.
  • 7+ years of experience working in the cyber-security industry.
  • Demonstrated experience creating and driving enterprise security programs including but not limited to security awareness training programs and risk assessments programs.
  • Proven experience in planning, organizing, and developing IT security and facility security system technologies.
  • Experience in planning and executing security policies, procedures, and standards development.
Knowledge, Skills, and Abilities:
  • Excellent knowledge of technology environments, including information security, building security, and defense solutions.
  • Considerable knowledge of business processes, management, budgeting, and security risk reduction and mitigation operations.
  • Substantial exposure to data processing, outsourced systems, hardware platforms, enterprise software applications, including but not limited to SIEMs, Firewalls, and intrusion prevention and detection systems.
  • An understanding of trends and benchmarks in the information security landscape.
  • Knowledge of applicable laws and regulations as they relate to security including but not limited to security standards like NIST (National Institute of Standards and Technology), CMMC (Cybersecurity Maturity Model Certification) compliance.

Education and Experience:
  • Master's degree in Computer Science, Information Security, or a closely related field.
  • Experience working in education.
  • Experience running and managing a Security Operations Center (SOC).
  • Experience with process improvement techniques and methodologies.
Certifications and Licenses:
  • CEH (Certified Ethical Hacker)
  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CISA (Certified Information Security Auditor)
Knowledge, Skills, and Abilities:
  • Understanding and support of project management principles.
  • On occasion, this position may be assigned other duties needed to help drive to the vision, fulfill the mission, and uphold Mines’ and the Department’s organizational values.

About Mines & Golden, CO
Mines is consistently ranked among the top engineering colleges in the United States and ranks number one as the best public school in the state for best value colleges. Mines is located in the heart of Golden, Colorado, a western suburb of Denver. The campus location offers a small-town ambiance with close proximity to all that the Denver metropolitan area has to offer with an abundance of cultural events, museums, theaters and sporting venues. An arid climate and an average 300 days of sunshine per year make the area an ideal place to live, work and play. We seek individuals who value a diverse and inclusive community – offering different perspectives, experiences, and cultures that enrich the educational and work experience. Equal Opportunity

Colorado School of Mines is committed to equal opportunity for all persons. Mines does not discriminate on the basis of age, sex, gender (including gender identity and gender expression), ancestry, creed, marital status, race, ethnicity, religion, national origin, disability, sexual orientation, genetic information, veteran status or current military service. Further, Mines does not retaliate against community members for filing complaints regarding or implicating any of these protected statuses.

Mines’ commitment to nondiscrimination, affirmative action, equal opportunity and equal access is reflected in the administration of its policies, procedures, programs and activities and in its efforts to achieve a diverse student body and workforce.

Through its policies, procedures and resources, Mines complies with federal law, Colorado state law, administrative regulations, executive orders and other legal requirements to prevent discrimination (including harassment or retaliation) within the Mines campus community and to address potential allegations of inequity or concerns for safety.

Pay Range

$145,000 - $157,000

Mines takes into consideration a combination of candidate’s education, training and experience as well as the position’s scope and complexity, the discretion and latitude required in the role, work location, and external market and internal value when determining a salary level for potential new employees.

Total Rewards Mines is proud to provide exceptional benefits that include pay, health & wellness and work/life balance offerings. Our portfolio of benefits includes medical, dental, vision, disability insurance, flexible spending accounts, life insurance, and retirement savings plans. Additionally, Mines employees are eligible for tuition benefits (for employees and dependents), generous paid holidays and leaves and discount programs. For more information, visit Mines benefits . How to Apply For full consideration apply by 8/17. Applicants will be asked to complete an online application (personal information, demographic information, references, veterans status) and upload a resume and cover letter (required). References will not be contacted until later in the selection process and you will be informed before that contact is made.

Contact Kathy White at with any questions about this opportunity. Background Investigation Required Yes COVID-19 Vaccine Requirement This position will require documented proof of full COVID-19 vaccination or exemption because of a medical or religious exclusion. New employees will be required to provide attestation to their status with proof of vaccination upon hire. Religious and medical exemptions and reasonable accommodation shall be addressed as required by law pursuant to the Equal Employment Opportunity Commission’s vaccination guidance.

Advertised: Aug 5, 2022 Mountain Daylight Time
Applications close:

You need to sign in or create an account to save a job.

Get job alerts

Create a job alert and receive personalized job recommendations straight to your inbox.

Create alert