Director, Information Security Compliance and Governance - University Information Services

Location
Washington D.C.
Posted
Jul 22, 2017
Closes
Aug 29, 2017
Function
Executive, Director
Industry
Education, Security
Hours
Full Time
Located in a historic neighborhood in the nation's capital, Georgetown offers rigorous academic programs, a global perspective, exciting ways to take advantage of Washington, D.C., and a commitment to social justice. Our community is a tight knit group of remarkable individuals interested in intellectual inquiry and making a difference in the world.

Requirements

Director, Information Security Compliance and Governance - University Information Services

The Director, Information Security Compliance and Governance, is responsible for the development, enforcement, and general management of the University's cyber-security compliance, assurance and IT risk management activities.  S/he supports the Georgetown University Information Security Program through ownership of policy development, managing the University's IT compliance efforts, providing security assurance of IT operations and associated obligations; provides key support for the University's IT risk management process; and leads efforts to engage and support the University community regarding security awareness, education, and outreach.  Reporting to the Chief Information Security Officer (CISO), and supervising Security Analysts, the Director has duties that include but are not limited to:

Compliance

  • Directs University IT compliance program to ensure proper fulfillment with compliance obligations - including those requirements and obligations for PCI, HIPAA, FERPA, GLBA, research, and others as identified.
  • Maintains appropriate reporting and metrics to document and provides positive assurance of the University's IT compliance status,
  • Coordinates with external and internal auditors to ensure that the security environment supports proper internal controls as appropriate.

Risk Management

  • Develops the security governance model by following industry best practices such as ISO 27002, or the US-CERT and NIST Cyber Security Frameworks to achieve desired security program maturity.
  • Develops and establishes executive dashboard reporting on Cyber Security events and trends, and publishes to senior management and key stakeholders.
  • Create a process to periodically update policies and procedures to ensure they accurately reflect business requirements and needs, and align to industry leading security practices.
  • Lead program self-assessments and other reviews of University cyber practices.
  • Develop and direct the University's IT third-party risk management program.
  • Coordinate with applicable IT and business groups to identify and address general business continuity and recovery needs.

Security Awareness

  • Manages cyber security awareness, education and communications program - ensuring continuous improvement through the development and tracking of metrics to determine impact and success of initiatives.
  • Develops outreach plan to actively engage the wider University community on key cybersecurity issues.

Incident Response

  • Collaborates with UIS Security Operations team on incident response activities - including planning and post-mortem follow-up for improvement.
  • Coordinates with key UIS and University personnel to identify key incident response needs and opportunities for improvement.

Requirements

  • Related technical certification or equivalent combination of Bachelor's degree and experience - with solid technical understanding of multi-platform / hosted environments and their operational/security considerations
  • 7 years or more of information security and/or IT compliance and assurance experience - with at least 2 years in a supervisory / lead role - preference for higher education industry experience
  • Firm understanding and experience addressing key IT compliance regulations & obligations - including HIPAA, PCI, FERPA, GLBA, and others as identified
  • Track record of risk assessment, problem identification, analytical problem solving, and issue resolution
  • Ability to learn quickly with strong foundation in understanding and assessing processes and controls
  • Excellent written/verbal communication skills with the ability to regularly present to groups
  • Availability and willingness to work as needed outside of usual business hours of Georgetown University - including potential on-call responsibilities or to provide assistance for security incidents

Current Employees:

If you currently work at Georgetown University, please exit this website and login to GMS (gms.georgetown.edu) using your Net ID and password. Then select the Career worklet on your GMS Home dashboard to view Jobs at Georgetown.

Submission Guidelines:

Please note that in order to be considered an applicant for any position at Georgetown University you must submit a cover letter and resume  for each position of interest for which you believe you are qualified. These documents are not kept on file for future positions.

Need Assistance:

If you are a qualified individual with a disability and need a reasonable accommodation for any part of the application and hiring process, please click here for more information, or contact the Office of Institutional Diversity, Equity, and Affirmative Action (IDEAA) at 202-687-4798 or ideaa@georgetown.edu.

Need some assistance with the application process? Please call 202-687-2500

EEO Statement:

Georgetown University is an Equal Opportunity/Affirmative Action Employer fully dedicated to achieving a diverse faculty and staff.  All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, color, religion, national origin, age, sex, disability status, protected veteran status, or any other characteristic protected by law.