Director of IT Risk and Compliance

Fairfax, VA
Commensurate with education and experience.
Apr 05, 2022
Oct 07, 2022
Full Time
Director of IT Risk and ComplianceThe George Mason University Information Technology Services department - located on the Fairfax, Va., campus - invites applications for a Director of IT Risk and Compliance within the Enterprise Service Delivery team. George Mason University has a strong institutional commitment to the achievement of excellence and diversity among its faculty and staff, and strongly encourages candidates to apply who will enrich Mason's academic and culturally inclusive environment.About the Position: The Director of IT Risk and Compliance has responsibility, jointly with the IT Security Office, to ensure that information technology services are delivered within the context of an acceptable risk management framework. This includes collaborating with stakeholders, identifying and mitigating Risk and Compliance issues associated with ITS policies and processes, driving audit issue remediation's, and ensuring that established security controls are operating effectively. The Director of IT Risk and Compliance is responsible for driving a culture of information security compliance within the Information Technology Services (ITS) unit, building and managing an effective "second line of defense" between ITS technical teams and internal and external auditors. Acting under general direction of the CIO and the Assistant Vice President, Enterprise Service Delivery and Deputy CIO the incumbent leads reviews of cybersecurity compliance, coordinates audit response activities, and ensures that technology infrastructure, operations, services, and processes are managed according to university policy and state and federal regulatory requirements.Responsibilities:Responsibilities include but are not limited to:Identifies potential compliance risks within ITS and works collaboratively with the IT Security Office and ITS technical groups to develop and implement remediation plans;Manages ITS communications with internal and external auditors; coordinates and documents corrective action plans for audit findings pertaining to ITS;Performs an annual review of ITS policies and procedures, and works with the appropriate groups to update the documents as required; Maintains the ITS Disaster Recovery Plan, and coordinates annual tests of its effectiveness; andDevelops and maintains an Information Technology Risk Register.Required Qualifications:Some (generally three (3)+ years') experience in information security, compliance, risk, audit, or directly related areas, preferably at a college or university;An MS degree in an appropriate technical discipline, or equivalent combination of education and experience;Experience leading cross-functional teams and working effectively in a matrix environment with extensive collaboration;Demonstrated ability to communicate effectively, orally and in writing, at a variety of technical levels with a wide audience;Solid understanding of NIST information security standards and publications including SP800-53, SP800-171, SP800-37, and Cybersecurity Framework;Experience leading projects and using project management standards and tools;Understanding of common IT security and audit practices, frameworks, and standards, and demonstrated experience working with auditors and technical staff to remediate findings and concerns;Ability to assess security policies, standards, and procedures for key cybersecurity concerns in order to identify gaps with regulatory requirements (FERPA, GLBA, HIPAA, etc.) and information security frameworks;Ability to multi-task and organize, prioritize, and follow multiple projects and tasks to completion with good attention to detail; andPreference given to individuals having CISA, CISM, CISSP, or similar certifications in the area of information security, risk, and compliance.Salary is commensurate with education and experience.George Mason University is a great place to work where employees are given an opportunity to develop skills and expand horizons. We have tuition waivers; telecommuting (typically one day a week) and flextime schedules; facilities that will meet your physical fitness needs; and the campus environment is dynamic and ethnically and culturally diverse.

For full consideration, applicants must apply for position number FA764Z at by April 22, 2022; complete and submit the online application; and upload a resume and letter of interest and a list of three professional references with contact information.

"Great Careers Begin at Mason! George Mason University is an innovative, entrepreneurial institution with national distinction in both academics and research. Mason holds a top U.S. News and World Report "Up and Coming" spot for national universities and is recognized for its global appeal and excellence in higher education. Mason is currently the largest and most diverse university in Virginia with students and faculty from all 50 states and over 135 countries studying in over 200 degree programs at campuses in Arlington, Fairfax and Prince William, as well as at learning locations across the commonwealth. Rooted in Mason's diversity is a campus culture that is both rewarding and exciting, work that is meaningful, and opportunities to both collaborate and create. If you are interested in joining the Mason family take a look at our current opportunities and catch some Mason spirit at! George Mason University, Where Innovation is Tradition."

Similar jobs