The Cybersecurity Director is responsible for overseeing our organization's overall cybersecurity posture. The role supervises all aspects of IT security including staff, policy, design, development, implementation, incident response, budgets, and internal business partners. This position requires demonstrated experience in implementing, overseeing, and transforming security operations, including vulnerability assessments and security in a hybrid cloud environment.

This position is based in Washington, DC where we have a hybrid work environment (roughly 40% of the time in the office).

Major Duties and Responsibilities:

• Provide direction for the College’s cybersecurity and data protection and oversee security governance and policies.Define metrics and report on information security metrics to senior level staff as required.

• Supervise staff as assigned in the performance of the job duties.

• Develop and maintainan enterprise-wide security strategy, individual security awareness programs, security architecture,and security incident response plans and required artifacts.

• Provide strategic risk guidance and mitigation strategies for IT projects, including evaluation and recommendationof security and technical controls.

• Educate IT leadership on appropriate security risks and mitigation strategies.

• Collaborate with IT and internal compliance team(s) as needed. Coordinate the security component of both internal and external auditsto ensuresecurity programs followall applicable laws, regulations, and policies.

• Develop, maintain, and publish up-to-date security policies, standards, and guidelines.

• Manage and lead security focused initiatives and work closely with various Scrum teams to maintain a strong security posture for the College.

• Oversee training and dissemination of security policies and practices for the enterprise.

• Evaluate new and emerging cybersecurity threats and IT trends and develop effective securitycontrols and mitigation strategies. Oversee development of security awareness programs for the enterprise.

• Develop, review, and test incident response plans to align withthe College’sbusiness continuity management program goals. 

• Evaluates potential security breaches, coordinates response, and recommends correctiveactions.

• Performs effective and comprehensive root cause analysis for all applicable security and data related incidents and ensures internal incident reports thoroughly document that facts surrounding incidents and ensure corrective action steps have been documented and completed.

• Other duties as assigned

Required Qualifications:

• Minimum of five years (5) of experience in the field of IT security

• Experience leading a cybersecurity team and their day-to-day activities

• Experience in establishing cybersecurity and risk metrics for reporting

• Strong interpersonal and emotional Intelligence skills 

• Demonstrated management skills, e.g., budget development and administration, policy development and implementation, personnel administration, staff training anddevelopment

• Demonstrated ability to collaborate with diverse people

• Effective oral and writtencommunication

• Experience and understanding of O365 products and services, cloud authentication and authorization, cloud security. 

• Experience with security tools, such as Qualys, Splunk, NewRelic

• Self-directed and initiative-taking. Thinks beyond the immediate problem

• Flexibility to adjust to shifting priorities and possess strong analytical and problem-solving capabilities

• A willingness and aptitude to learn modern technologies

• Experience working both independently and, in a collaborative environment

• Strong analytical and critical thinking skills

• Ability to manage multiple activities and/or tasks simultaneously

Desired Qualifications:

• Bachelor’s degree from an accredited institution, with degree preferred in ComputerScience or Information technology systems security or related field. 

• Knowledge of Information technology infrastructure library (ITIL) (certification preferred)

• Certified Information Security Manager (CISM) or Certified Information Systems SecurityProfessional (CISSP) Certification.

• Experience in Healthcare IT

• Experience working with Scrum teams and Agile software development methodology