Director for Cyber Risk Management, University Information Security Office Georgetown University

Located in a historic neighborhood in the nation's capital, Georgetown offers rigorous academic programs, a global perspective, exciting ways to take advantage of Washington, D.C., and a commitment to social justice. Our community is a tight knit group of remarkable individuals interested in intellectual inquiry and making a difference in the world.

Requirements

Director for Cyber Risk Management, University Information Security Office - Georgetown University

The Director of Cybersecurity Risk Management is responsible for the development, enforcement, and general management of Georgetown's cybersecurity risk management, vulnerability management, policies, and audit activities. They support the information security program through ownership of policy development and enforcement; run the vulnerability management program; and lead the cybersecurity awareness and training program to include education, outreach, and performing phishing training campaigns. In a Senior-level, largely self-directed position of trust, they represent the Chief Information Security Officer (CISO) on cybersecurity risk and vulnerability management across GU; act as point-of-contact for the security posture concerns related to departments and organizations outside UIS; serve as the alternate representative of the organization's security presence to external auditors and agencies; and ensures compliance with current and emerging regulatory requirements related to cyber security.

Reporting to the CISO, and interacting with University senior executives, administrators, faculty, alumni, staff, and students, as well as technical staff and IT managers throughout the entire University, the Director of Cyber Risk Management has duties that include but are not limited to:

Risk Management

• Develop and implement a risk management program for security and privacy-related areas, which includes modeling threats, identifying risks and vulnerabilities, establishing a risk analysis and mitigation plan, and reporting to executive management on both a regular and event-driven basis.
• Work with other executives inside and outside of IT to prioritize security initiatives and spending based on an appropriate risk management and/or financial methodology.
• Lead a cross-functional security organization that may draw upon the resources and technical expertise from IT and other technology organizations.

Security Guidance

• Provide strategic and tactical security guidance for programs and projects that may involve security controls, including the evaluation of the enterprise architecture, hardware, software and technical controls.
• Lead an enterprise information security incident response organization, provide oversight over security investigations, and assist with disciplinary and legal matters associated with security breaches and policy violations as necessary.

Plans and Controls

Work proactively with the IT Leadership team and their direct reports to assure strategic plans, security programs, and technical controls are aligned with their respective business strategies and in compliance with policies, applicable laws and regulations.

Security Training

• Coordinate the development and delivery of a security awareness training program for employees, contractors, and other parties.
• Coordinate the use of external third party resources involved in the development, implementation and monitoring of the information security program, including performing penetration tests.
• Establish a metrics-driven dashboard to evaluate the effectiveness of the Information Security program.

Security Strategy

• Be a key thought leader in the field of Information Security, which includes working with key partners and vendors to develop thought leadership around policies, process, and capabilities that can help change or enhance the security strategy at GU.
• Keep informed of new technologies or application methodologies through publications, membership in professional organizations and contact with other IT organizations and institutions.

Qualifications

• Bachelor's degree and 12 or more years of experience [or equivalent relevant work experience; e.g. each year of work experience may be substituted for each year of education required]
• 7 years or more of information security and/or IT compliance and assurance experience - with at least 2 years in a supervisory / lead role. Higher education industry experience is preferred
• Related technical certification or equivalent combination of education (minimum of Bachelor's Degree) and experience required (with solid technical understanding of multi-platform / hosted environments and their operational/security considerations)
• Firm understanding and experience addressing key IT compliance regulations & obligations - including HIPAA, PCI, FERPA, GLBA, and others as identified
• Track record of risk assessment, problem identification, analytical problem solving, and issue resolution
• Ability to learn quickly with strong foundation in understanding and assessing processes and controls
• Excellent written/verbal communication skills with the ability to regularly present to groups
• Availability and willingness to work outside of usual business hours of Georgetown University - including potential on-call responsibilities or to provide assistance for security incidents

Preferred qualification

Higher education industry experience

Technical Responsibilities/Qualifications

• Securing communications, applications and business systems
• Performance of risk IT assessments
• Oversee drafting of policies and procedures for secure daily operations
• Physical and technical security implementation
• Security education methodology and campaign
• Selection, testing deployment and maintenance of security hardware
• Planning, testing and managing disaster recovery and security breaches
• Understanding of governance and compliance as well as ability to enforce policies
• Incident Management and investigation
• Representative when dealing with law enforcement agencies while pursuing the sources of network attacks and information theft by employees
• Understanding of threat landscape and ability to manage risk across a dispersed portfolio
• Familiarity with Cyber Security frameworks, including NIST and ISO
• Security Architecture/Engineering

Current Georgetown Employees:

If you currently work at Georgetown University, please exit this website and login to GMS (gms.georgetown.edu) using your Net ID and password. Then select the Career worklet on your GMS Home dashboard to view Jobs at Georgetown.

Submission Guidelines:

Please note that in order to be considered an applicant for any position at Georgetown University you must submit a cover letter and resume for each position of interest for which you believe you are qualified. These documents are not kept on file for future positions.

Need Assistance:

If you are a qualified individual with a disability and need a reasonable accommodation for any part of the application and hiring process, please click here for more information, or contact the Office of Institutional Diversity, Equity, and Affirmative Action (IDEAA) at 202-687-4798 or ideaa@georgetown.edu.

Need some assistance with the application process? Please call 202-687-2500. For more information about the suite of benefits, professional development and community involvement opportunities that make up Georgetown's commitment to its employees, please visit the Georgetown Works website.

EEO Statement:

Georgetown University is an Equal Opportunity/Affirmative Action Employer fully dedicated to achieving a diverse faculty and staff. All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, color, religion, national origin, age, sex (including pregnancy, gender identity and expression, and sexual orientation), disability status, protected veteran status, or any other characteristic protected by law.

Benefits:

Georgetown University offers a wide variety of comprehensive and competitive benefits. Benefits packages include comprehensive health, dental and vision plans, disability and life insurance coverage, retirement savings programs, tuition assistance, voluntary insurance options (including group legal, accident, and critical illness), and much more. Whatever your need, the Office of Faculty and Staff Benefits will be standing by to support you. You can learn more about the benefits offered to eligible faculty and staff at https://benefits.georgetown.edu or view the online interactive benefits guide for more information.


To apply, visit https://apptrkr.com/2573961





Copyright ©2021 Jobelephant.com Inc. All rights reserved.

Posted by the FREE value-added recruitment advertising agency jeid-62cf1937dddedd40ad2866b621eeb167