Director of Information Security Operations
Director of Information Security Operations - University Information Services
The Director of Information Security Operations serves as the expert on cybersecurity protection, detection, response, and recovery. S/he manages a unified incident command structure during UIS incidents in coordination with the Networking/Operations divisions; develops strategies and plans, in concert with GU's Business Continuity Plans, to provide for timely business resumption in the event a serious disruption; and plans and develops budgets and advocates for the resources required to protect the University's computers, networks, data, and workstations. Reporting to the Chief Information Security Officer, the Director has duties that include but are not limited to:
- Assesses the security of GU's computers, networks, and data, as well as that of personal workstations that access and/or store data.
- Reviews existing security mechanisms.
- Maintains regular contact with Local Information Security Personnel and department liaisons to advocate and enforce "best practices" regarding security of data and systems.
- Directs efforts for including data security safeguards at the development stages of new automated information systems.
- Recommends and enforces the implementation of security practices and procedures.
- Works with UIS Management, the University Audit Office, Georgetown University Police Department investigators, University Counsel, other high-level university representatives, and local information security personnel to establish, implement and maintain an information security program that supports the academic and administrative use of information technologies in a distributed environment.
- Exercises leadership regarding the formation and promulgation of campus-wide standards for security; and reviews relevant policies and procedures in the context of these standards.
- Coordinates the selection, installation, implementation, testing, and administration of information security software packages that will protect and monitor the integrity of data, application programs, computer operating systems, and communications networks.
Security Incidents, Emergencies and Other Legal Process
- Develops procedures to handle routine and crisis situations, including both operational, day-to-day ‘Incident' response activities as well as unique, critical emergencies.
- Organizes a task force when necessary and acts as technical lead in investigations.
- As necessary, works with campus security and safety personnel and law enforcement agencies to investigate security breaches.
- Promotes security awareness to administrators, department heads and groups representing students, especially in regard to local, state, and federal regulatory conditions and changes affecting the University.
- Advises senior university representatives with timely intelligence on security issues and/or events.
- Maintains regular contact with the GU Police Department Investigators and Legal Counsel to advise and train on technical aspects of security.
- Oversees the periodic reviews of existing security awareness programs to ensure desired effectiveness.
- Sponsors and conducts security lectures and training programs for the purpose of raising the awareness of responsibility by clients to safeguard data entrusted to them.
- Writes position papers pertaining to data security.
- Consults with the University community to learn and understands the spectrum of current and future University security requirements to assist in security needs assessment of data and systems, and to coordinate effective centralized and distributed responses for these needs.
- Performs risk analysis of new technologies.
- Develops plans and budgets to meet these needs and requirements.
- In conjunction with the Internal and external auditors, performs periodic audits to assure compliance with security policies and standards; and recommends enhancements in such areas as personnel, communication networks, data access, and confidentiality.
- In response to any complaints, audits, if needed, individual workstations using established procedures.
- In addition to technical system and security developments, keeps abreast of changes to existing and proposed local and federal legislation and regulatory laws pertaining to information system security and privacy.
- Keeps management aware of the regulatory changes that will affect information privacy, information processing and/or security standards and techniques.
- Bachelor's degree or equivalent with relevant course work in computing, information technologies or related field(s)
- 5 to 10 years of experience in the computer field, with experience in computer systems and security (Master's degree may substitute for experience)
- Professional security certification
- Knowledge of audit procedures
- Supervisory experience
- Knowledge of budget preparation, oversight, and management
- Extensive UNIX systems administration skills and a thorough understanding of wired and wireless IP networking
- In-depth knowledge of operating systems, such as HP Unix, Linux, Mac and Microsoft Windows environments
- In-depth knowledge of security policies and procedures and network systems appropriate to large-scale installations in university environments
- Excellent interpersonal, communications, collaborative, and negotiating skills
- Understanding and experience implementing technical security controls on a network. Implementing operational measures against the NIST CSF (Identify, Protect, Detect, Respond, Recover)
- Experience implementing technical controls, such as firewalls, data leakage protection systems, patching, encryption, vulnerability scanning, and pen testing, among other tactics
- Ability to monitor and troubleshoot all security operations and infrastructure
- Ability to provide maintenance of all security tools and technology
- Understanding of security architecture and how it interfaces with security network operations.
- Familiarity with diverse, distributed computing environment (BYOD endpoints, non-centrally managed technology assets)
- Availability and willingness to work hours outside the usual business hours of Georgetown University and to carry and use a University-issued cell phone
- Master's degree
- Experience in higher education
- Familiarity with local, state, and federal regulations
Current Georgetown Employees:
If you currently work at Georgetown University, please exit this website and login to GMS (gms.georgetown.edu) using your Net ID and password. Then select the Career worklet on your GMS Home dashboard to view Jobs at Georgetown.
Please note that in order to be considered an applicant for any position at Georgetown University you must submit a cover letter and resume for each position of interest for which you believe you are qualified. These documents are not kept on file for future positions.
If you are a qualified individual with a disability and need a reasonable accommodation for any part of the application and hiring process, please click here for more information, or contact the Office of Institutional Diversity, Equity, and Affirmative Action (IDEAA) at 202-687-4798 or email@example.com.
Need some assistance with the application process? Please call 202-687-2500. For more information about the suite of benefits, professional development and community involvement opportunities that make up Georgetown's commitment to its employees, please visit the Georgetown Works website.
Georgetown University is an Equal Opportunity/Affirmative Action Employer fully dedicated to achieving a diverse faculty and staff. All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, color, religion, national origin, age, sex (including pregnancy, gender identity and expression, and sexual orientation), disability status, protected veteran status, or any other characteristic protected by law.