Senior Director of IT Security

Full-Time Administrator (Level 19)
Salary Range: $100,000 - $120,000 (Annual salary is commensurate with experience) 

FLSA Status: Exempt
Position Reports to the Chief Information Officer

This position is open until filled. 

*This position has college-wide responsibilities and requires travel between all campuses but will be based at the Blue Bell campus.

**This position has been approved for a flexible work option arrangement. Flexible work options can be ended at any time by the College, Cabinet, and/or supervisors based on employee performance and/or as institutional needs change.

Basic Purpose:

The Senior Director of IT Security, who serves as the Information Security Officer (ISO) for the College, is the expert responsible for leading the strategic direction and execution of a comprehensive IT Security Program. This role is pivotal in creating a secure and compliant digital environment that protects the confidentiality, integrity, and availability of the College's technology systems, information assets, and data. The ISO is a key leader in mitigating cyber risk, enhancing the overall security posture, and fostering a culture of security awareness across the institution.

The position is responsible for developing IT Security Strategy that adapts to the internal organization and external environment through the implementation of industry-defined best practices focusing on cybersecurity management and technology-related risks. The position leads the IT Security team in the performance of operational responsibilities outlined in the IT Security Program as well as through projects that affect institutional exposure and reduce risk. The position informs and guides institutional leadership on IT Security matters including identification of new threats and recommended institutional responses.

Essential Duties and Responsibilities:

• Lead the development, maintenance, and implementation of the College's IT Security Program, including robust security policies, standards, and procedures for areas such as Access Control, Security Awareness and Training, and Incident Response.
• Ensure a comprehensive, risk-based approach to securing the college’s information assets and digital infrastructure.
• Lead the identification, planning, and implementation of advanced technical systems and projects, including the design of a security architecture that rigorously verifies all users and devices, to safeguard all College technology and information assets. This includes ensuring the security of all technology, including interconnected databases and web applications.
• Manage operational risk management activities, including regular risk assessments, to limit financial, reputational, and operational damage to the College.
• Monitor the external threat environment for emerging threats and advise institutional leadership on appropriate courses of action. This includes planning and executing annual IT security processes such as security audits, business continuity and disaster recovery planning, and vulnerability and penetration testing.
• Conduct regular vulnerability scans and assessments to identify and mitigate risks.
• Lead advocacy of IT security in a manner that ensures a security-minded organizational culture where employees know to implement best practices in the business processes they use and develop.
• Provide direction and oversight to the IT Security team and collaborate with other IT functions and staff to perform operational responsibilities outlined in the IT Security Program. This includes directing efforts in vulnerability management, configuration management, and incident response to reduce the college’s attack surface.
• Actively participate in IT security organizations and maintain professional relationships that facilitate effective and up-to-date management of the IT security program and awareness of current global IT security threats.
• Communicate new threats and trends to the executive team in a manner that facilitates appropriate prioritization and resource allocation of IT security initiatives.
• Oversee and continuously improve incident response and recovery efforts. This includes leading the forensic investigation of security breaches and assisting with disciplinary and legal matters as necessary.
• Identify IT Security third-party partners that can be utilized when needed to supplement the MCCC IT Security team in the response to incidents or other critical IT Security priorities.
• Other duties as assigned.

Essential Knowledge and Skills

1. Education/Training/Work Experience:

• Bachelor’s degree in information technology or related field required. Master’s Degree preferred.
• A minimum of 5 years of progressive experience in information security and risk management, with a demonstrable track record of successfully managing enterprise-level security programs.
• Approved industry Security Certification (e.g., CISSP, CISM, or similar) is required.
• Experience with regulatory compliance requirements common in higher education, such as FERPA, HIPAA, GLBA, and PCI-DSS, is required.
• Experience in securing infrastructure systems such as internetworking devices, server operating systems, web servers, transaction servers, databases, etc
• Experience managing partnerships with 3rd party vendors
• Experience communicating with internal and external stakeholders
• Experience in managing information security professionals
• Advanced knowledge of modern cybersecurity frameworks (e.g., NIST, ISO 27001).
• Demonstrated ability to communicate complex security issues to both technical and non-technical audiences, including executive leadership and the broader community.

2. Specialized Knowledge & Skills:

• Advanced understanding of technical and business process controls that ensure the confidentiality, integrity and availability of technology and data.
• Execution of risk assessments, security audits, business continuity, vulnerability and penetration testing
• Ability to work autonomously and make quick and effective decisions.
• Implementation of IT security best practices.
• Strong interpersonal skills and the ability to effectively communicate with a wide range of individuals and constituencies in a diverse community

Montgomery County Community College is committed to assuring equal opportunity to all persons and does not discriminate on the basis of race, color, religion, religious creed, sex, pregnancy, ancestry, national origin, age, affectional or sexual orientation, genetic information, gender identity, gender presentation, veteran’s status, marital status or disability in its educational programs, activities, or employment practices as required by Title IX of the Educational Amendment of 1972, section 504 of the Rehabilitation Act of 1973, and other applicable statutes.

Inquiries concerning Title IX relating to equal opportunity on the basis of sex should be referred to: Title IX Coordinator, Mikiba W. Morehead, Ed.D., TNG, LLC, at [email protected].

All other equal opportunity inquiries, including those based upon disability, should be referred to: The Director of Equity, Diversity & Belonging, at [email protected] or 215-619-7383.