Director Enterprise Security
- Employer
- University of Utah
- Location
- Utah, United States
- Salary
- Salary Not specified
- Date posted
- Jan 4, 2025
View more categoriesView less categories
- Position Type
- Administrative, IT & Technology
- Employment Level
- Mid-Level
- Employment Type
- Full Time
Director Enterprise Security
Job Summary
Information Security Office, Director Enterprise Security
The Director of Enterprise Security (DES) is a key position within the Information Security Office (ISO) with leadership responsibilities over the Enterprise Security groups (ISO-ES) and is responsible for facilitating communication between Senior IT and business leadership and operationally focused IT management and administrators at the University of Utah. Reporting directly to the Chief Information Security Officer (CISO), the DES plays a critical role within the Information Security Office and the Chief Information Security Officer's team, serving both University of Utah Health and the University of Utah as a whole.
Responsibilities
The DES will be responsible for aligning ISO-ES strategic and operational efforts with the CISO's direction and the University's objectives and missions. The DES will be responsible for assessing risks, evaluating emerging technologies and determining long-term needs for ISO-ES.
The DES will serve as a primary liaison between the ISO-ES with other parts of the organization, including senior leadership and other key stakeholders. The DES will communicate unmanaged risk, escalate security related issues or incidents, and ensure alignment with business strategies. The DES will regularly communicate cybersecurity risks and initiatives to stakeholders, ensuring they are informed and engaged with the organization's security posture. The DES will maintain cross-departmental collaboration by working closely with other IT leaders, business units, and external partners to ensure cybersecurity measures are integrated across all areas of the organization.
The DES is responsible for leadership and supervision for three groups that make up ISO Enterprise Security: Security Operations Center (SOC), Security Assurance, and Security Engineering. All three groups have an Associate Director which will report to the DES. The DES will provide guidance, set priorities, and ensure the teams are working cohesively. The Associate Directors will maintain operational leadership, project and team management for each group. Through these groups the DES will oversee the continuous monitoring of the University's IT systems for potential security threats.
The DES will lead ISO incident response and management efforts and planning. This includes collaboration in developing and managing ISO incident response plans and preparations for cybersecurity incidents, such as data breaches or ransomware attacks. The DES will also lead crisis management and response to significant security incidents, coordinating internally within ISO-ES and ISO as well as with other departments, Office of General Counsel, leadership and external entities.
The DES will also participate with the evaluation of the cybersecurity practices of third-party vendors and partners to ensure they meet the organization's security standards. This includes conducting security assessments and managing vendor risks.
The DES will also support the CISO in helping develop and manage the overall ISO-ES budget, making decisions on how resources may be allocated across projects, teams and in support of initiatives.
The DES will need to remain up to date and informed on emerging threats and vulnerabilities. Incorporating threat intelligence into ISO's strategy and defense posture.
This job description is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job.
Minimum Qualifications
Bachelor's degree in related computer science, Business Administration, or related area, or equivalency (one year of education can be substituted for two years of related work experience); eight years of progressively more responsible management experience; and demonstrated leadership, human relations and effective communications skills required.
Applicants must demonstrate the potential ability to perform the essential functions of the job as outlined in the position description.
Preferences
• Professional information security experience in higher education and/or the health care industry.
• Industry accepted certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other comparable professional certifications.
• A strong understanding of the institutional impact of security tools, technologies, and policies.
• An excellent understanding of information security concepts, protocols, industry best practices, and strategies.
• Experience working with legal, audit, and compliance staff.
• Experience with common information security management frameworks, such as CIS 18, NIST Special Publication 800-171, and NIST Cyber Security Framework (CSF).
• Familiarity with applicable legal and regulatory requirements, including, but not limited to, the US Health Insurance Portability and Accountability Act (HIPAA), EU General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS).
• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining remediation strategies.
• Knowledge of and experience in developing and documenting security assessments and remediation plans, including strategic, tactical, and project plans.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Special Instructions
Requisition Number: PRN40069B
Full Time or Part Time? Full Time
Work Schedule Summary:
Department: 00954 - UIT Systems & Security
Location: Campus
Pay Rate Range: $103,700 - $202,300
Close Date:
Open Until Filled:
To apply, visit https://utah.peopleadmin.com/postings/172759
jeid-0fbf29ffe99cc449b480bc4b3e83916d
Get job alerts
Create a job alert and receive personalized job recommendations straight to your inbox.
Create alert