The Director, Information Security is a member of the Office of Information Technology Leadership team and works closely with the other members to develop and implement a comprehensive information security program to include defining security policies, processes and standards. The incumbent in this position works with the IT department to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained.

Works with District’s operating units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments; Components of this activity include but are not limited to: Business system analysis and Communication, facilitation and consensus building Assists in the coordination and completion of information security operations documentation Works with IT leadership to develop strategies and plans to enforce security requirements and address identified risks Reports to the District’s management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance Plays an advisory role in infrastructure, school technology, and application development projects to assess security requirements and controls and to ensure that security controls are implemented as planned Collaborates on critical projects to ensure that security issues are addressed throughout the project life cycle Works with the infrastructure team to identify, select and implement technical controls Develops security processes and procedures, and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained Advises security administrators on normal and exception-based processing of security authorization requests Researches, evaluates and recommends information-security-related hardware and software, including developing business cases for security investments Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems Develops and validates baseline security configurations for operating systems, applications, and networking and telecommunications equipment Provides second- and third-level support and analysis during and after a security incident Assists security administrators and IT staff in the resolution of reported security incidents Participates in security investigations and compliance reviews, as requested by internal or external auditors Acts as a liaison between incident response leads and subject matter experts Monitors daily or weekly reports and security logs for unusual events Manages relationship with the audit group; Receives audit findings and manages the collection of responses and remediation plans with owners Works within the information security governance process to define control recommendations that are both efficient and effective Provides oversight and management of audit finding remediation, including generating requirements for full remediation, providing feedback and suggestions on managerial responses to findings, and tracking progress and providing status and updates to the enterprise compliance team for reporting purposes Supports e-discovery processes to include identification, collection, preservation and processing of relevant data Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security; Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes Assists in the development of security architecture and security policies, principles and standards Participates in the enterprise architecture (EA) community, and provides strategic guidance during the EA process Researches, evaluates, designs, tests, recommends and plans the implementation of new or updated information security technologies; Researches and assesses new threats and security alerts, and recommends remedial actions Provides guidance for security activities in the system development life cycle (SDLC) and application development efforts Participates in organizational projects, as required Performs other duties as assigned by the appropriate administrator

Minimum of 7 years of progressively responsible experience within the Information Technology field, with a minimum of 3 years information security experience; Experience working in an educational organization preferred; Audit, compliance or governance experience is preferred