Director of IT Risk and Compliance

The George Mason University Information Technology Services department – located on the Fairfax, Va., campus – invites applications for a Director of IT Risk and Compliance within the Enterprise Service Delivery team. George Mason University has a strong institutional commitment to the achievement of excellence and diversity among its faculty and staff, and strongly encourages candidates to apply who will enrich Mason’s academic and culturally inclusive environment.

About the Position:

The Director of IT Risk and Compliance has responsibility, jointly with the IT Security Office, to ensure that information technology services are delivered within the context of an acceptable risk management framework. This includes collaborating with stakeholders, identifying and mitigating Risk and Compliance issues associated with ITS policies and processes, driving audit issue remediation’s, and ensuring that established security controls are operating effectively. The Director of IT Risk and Compliance is responsible for driving a culture of information security compliance within the Information Technology Services (ITS) unit, building and managing an effective “second line of defense” between ITS technical teams and internal and external auditors. Acting under general direction of the CIO and the Assistant Vice President, Enterprise Service Delivery and Deputy CIO the incumbent leads reviews of cybersecurity compliance, coordinates audit response activities, and ensures that technology infrastructure, operations, services, and processes are managed according to university policy and state and federal regulatory requirements.

Responsibilities:

Responsibilities include but are not limited to:

• Identifies potential compliance risks within ITS and works collaboratively with the IT Security Office and ITS technical groups to develop and implement remediation plans;
• Manages ITS communications with internal and external auditors; coordinates and documents corrective action plans for audit findings pertaining to ITS;
• Performs an annual review of ITS policies and procedures, and works with the appropriate groups to update the documents as required;
• Maintains the ITS Disaster Recovery Plan, and coordinates annual tests of its effectiveness; and
• Develops and maintains an Information Technology Risk Register.

Required Qualifications:

• Some (generally three (3)+ years’) experience in information security, compliance, risk, audit, or directly related areas, preferably at a college or university;
• An MS degree in an appropriate technical discipline, or equivalent combination of education and experience;
• Experience leading cross-functional teams and working effectively in a matrix environment with extensive collaboration;
• Demonstrated ability to communicate effectively, orally and in writing, at a variety of technical levels with a wide audience;
• Solid understanding of NIST information security standards and publications including SP800-53, SP800-171, SP800-37, and Cybersecurity Framework;
• Experience leading projects and using project management standards and tools;
• Understanding of common IT security and audit practices, frameworks, and standards, and demonstrated experience working with auditors and technical staff to remediate findings and concerns;
• Ability to assess security policies, standards, and procedures for key cybersecurity concerns in order to identify gaps with regulatory requirements (FERPA, GLBA, HIPAA, etc.) and information security frameworks;
• Ability to multi-task and organize, prioritize, and follow multiple projects and tasks to completion with good attention to detail; and
• Preference given to individuals having CISA, CISM, CISSP, or similar certifications in the area of information security, risk, and compliance.

Salary is commensurate with education and experience.

George Mason University is a great place to work where employees are given an opportunity to develop skills and expand horizons. We have tuition waivers; telecommuting (typically one day a week) and flextime schedules; facilities that will meet your physical fitness needs; and the campus environment is dynamic and ethnically and culturally diverse.

Special Instructions to Applicants  

For full consideration, applicants must apply for position number FA764Z at https://jobs.gmu.edu by April 22, 2022; complete and submit the online application; and upload a resume and letter of interest and a list of three professional references with contact information.

George Mason University is an equal opportunity/affirmative action employer, committed to promoting inclusion and equity in its community. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any characteristic protected by law.