Columbia College Chicago is an acclaimed undergraduate and graduate institution that provides a comprehensive education in the arts, communications and public relations. We constantly aim to reach our full potential as an educational innovator, incubator of new creative practice and generator of real-world success for young creatives. We are located in the heart of Chicago, across the street from historic Grant Park, and housed in some of the most iconic buildings in the South Loop.
Columbia College Chicago a private urban institution of over 6,000 undergraduate and graduate students, four-year College offering a distinctive curriculum that blends liberal arts, creative and media arts and business is currently searching for a Cyber Information Security Director.
The Cyber Information Security Director reports to the CIO and is a member of the CIO leadership team. Working closely with senior administration, academic leaders, and the campus community, this role is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the college. The Director leads the development and implementation of a security program that leverages collaborations and campus-wide resources, facilitates information security governance, advises CIO and senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risk. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities at the college.
DUTIES & RESPONSIBILITIES
- Hands on role working directly with business and technology teams to integrate security into current and new capabilities.
- Provide guidance and counsel to the CIO and key members of the college leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security, while building relationships and goodwill.
- Create and manage an institution-wide information security governance processes - establishment of an information security program and project priorities.
- Analyze and architect solutions to information technology cybersecurity threats that relate to confidentiality, integrity, and availability of data and systems.
- Facilitate and manage the information security planning processes to establish an inclusive and comprehensive information security program for the entire institution. Identify and advocate annual and long-range security goals and, security strategies. Develop metrics, reporting mechanisms and program services, and create maturity models and a roadmap for continual program improvements.
- Manage third-party relationships and technology vendors that provide information security functions to ensure contract compliance. Facilitate communication between staff, administration, vendors, and other technology resources within and outside of the organization. Share highly complex information related to areas of expertise. Interact with senior administration to keep abreast of objectives. Interact with peers in organization and vendors to interpret information and improve cross-functional processes and programs. Create and enhance key internal and external contacts.
- Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level, participate in national policy and practice discussions, and communicate to campus on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Policy, Compliance and Audit
- Work with the Chief Audit Officer to drive effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Monitor and restrict access to sensitive, confidential, or other high-security data.
- Work with Internal Audit, State Board of Regents, Auditor General's Office and outside consultants as appropriate on required security assessments and audits.
Outreach, Education and Training
- Work closely with IT leaders, technical experts, deans and administrative leaders across campus on a wide variety of security issues that require an in-depth understanding of the IT environment.
- Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
- Work with campus groups to build awareness and a sense of common purpose around security.
- Pursue student security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program.
Risk Management and Incident Response
- Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise.
- Convene Ad Hoc Security Committee as appropriate and provide leadership for breach response and notification actions for the College.
- Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
- Provide direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
- Examine impacts of new technologies on the Institution's overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
- Perform other related duties and/or responsibilities as assigned or required.
- Bachelor’s degree in Computer Science, Information Management or other related field is required; an advanced degree is preferred.
- 7 + years of information security, IT operations and compliance experience.
- Professional certification (e.g., CISSP, CISM, CISA, CEH) is highly desirable.
- Demonstrate current knowledge of emerging privacy legislation, security threats, technical challenges, and developments in system protection and IT security standards.
- Demonstrate current knowledge of latest security regulations, adversaries, alerts, and vulnerabilities.
- Demonstrated experience advising and collaborating with senior management is required. The ability to work in a team/collaborative environment with a broad range of constituencies is essential. Higher Education experience a plus.
- Working knowledge and experience in the policy and regulatory environment of information security, particularly in higher education, is highly desirable.
- Experience risk mitigation and management required.
- Demonstrated project management skills; financial/budget management, scheduling, and resource management.
At Columbia, we offer a rewarding work environment for our faculty and staff. We take pride in offering competitive benefits with affordable health, dental and vision coverage; flexible spending accounts; commuter benefit program, life and accidental, death & dismemberment coverage; paid and unpaid leave options; work/life benefits; educational assistance programs; and retirement and financial planning benefits.
We invite you to join our talented faculty and staff and become part of our collective aspiration to ensure Columbia prepares students for success in their creative fields through innovation, engagement and real-world experiences.
Position subject to a background screening.
This is a non-union position.
This position is not overtime eligible.
Qualified candidates of diverse backgrounds are encouraged to apply.
Columbia College Chicago is an equal opportunity employer and complies with all local, state, and federal laws and regulations concerning civil rights. The college does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national or ethnic origin, age, disability, protected veteran status, genetic information, or other protected classes under the law.
This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities required of the employee and is subject to change based on the needs of the department and/or college.