18 Feb
Director of Information Security
Vacancy expired!
- CISSP Certification Preferred.
- Professional security management certification, such as Certified Information Systems Security Professional (CISSP), or similar credentials, is desire.
- Bachelor’s or master’s degree in Computer Science, Information Systems, or other related field.
- Minimum of seven years’ experience in information technology field, with five to seven years of experience in an information security role.
- Three to five years’ experience in large
- Experience in designing and managing new and existing security systems.
- Proven track record and experience in developing information security programs, policies and procedures, including successful implementations in large enterprise environments.
- High degree of initiative, dependability; experience managing multiple, simultaneous and high-profile information security initiatives and responses.
- High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgement and maturity.
- Strong knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, NIST, CSA and deep knowledge and understanding of relevant legal and regulatory requirements/standards, including but not limited to: Family
- Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Children's Online Privacy Protection Act (COPPA), Payment Card Industry Data Security Standard (PCI DSS), Illinois School Student Records Act (ISSRA).
- Ability to advise infrastructure and applications staff in securing their respective environments.
- Exhibit strong written and verbal communication skills, interpersonal and collaborative skills.
- Strong ability to convey security information to non-technical end-users in a way that inspires adoption and adherence to all IT and Board security policies and programs.
- Develop and maintain information security policies, standards, guidelines and oversee the dissemination of security policies and practices; identify knowledge gaps to increase district awareness of relevant information security practices.
- Lead investigations of any actual or potential information security violations and manage escalation of security events; assist with related legal matters associated with such events as needed and make recommendations to correct or prevent future incidents.
- Liaise with relevant business units (such as Internal Audit, Law, Finance, Safety & Security, Risk Management, HR teams) and external agencies as needed to ensure that Client maintains a strong security posture.
- Provide leadership and guidance on information security topics, advising and collaborating on security processes, business continuity and disaster recovery plans.
- Provide regular reporting on current state of information security program to the CIO and other senior managers as appropriate.
- Provide oversight to the architecture and engineering of new security systems; including the evaluation of technical designs.
- Work with system administrators and application developers to audit, monitor and validate their environment’s security, including conducting gap analysis and other comprehensive internal assessments of existing systems to improve the security infrastructure and mitigate risks.
- Ensure that system and application security design is in accordance with Policy; consult with IT teams to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
- Monitor external threat environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
Vacancy expired!