Director of Information Security

Under the general direction of the Vice President of Information Technology Services, the Director of Information Security is responsible for overseeing and guiding the information security strategy and programs within an organization. This role plays a critical part in protecting the organization’s information assets, ensuring compliance with regulations, and managing risks associated with information security.

The Director of Information Security is responsible for developing, implementing, and managing the organization’s information security strategy to safeguard its data, systems, and networks from cyber threats. This role involves leadership, strategic planning, and collaboration with various departments to ensure the effective protection of sensitive information and compliance with relevant regulations and industry standards.

Requires availability for emergency call-in.

SUPERVISES OTHERS: YES

FLSA STATUS: EXEMPT

COMPENSATION: $170,000 - $190,000 Based on Experience

ESSENTIAL FUNCTIONS

• Develop and execute an enterprise security strategy aligned with business goals, incorporating the latest security trends and technologies. Some examples include, AI/ML defenses, OT Security, and cloud security.
• Lead, recruit, and develop a high-performing InfoSec team; conduct evaluations and foster growth through accountability, mentorship, and certifications (e.g., CISSP, CISM).
• Establish, update, and enforce security policies, standards, and architectures to mitigate risks and ensure compliance.
• Oversee cyber incident response, post-event analysis, and continuous threat monitoring with KPIs like MTTD/MTTR under 4 hours.
• Collaborate and foster relationships with all Authority departments, especially IT, legal, executives, and board on risks, reporting quarterly metrics (e.g., vulnerability patch rates >95%).
• Drive security awareness training and technology evaluations (e.g., SIEM, EDR, SASE).
• Stay ahead of trends (quantum, GenAI threats); lead improvements per NIST CSF 2.0 and ITIL/Agile.
• Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, PCI DSS, CJIS) affecting information security.
• Prepare regular reports and presentations on the organization’s security posture, incidents, and compliance status for senior management and stakeholders.
• Serve as the LASO for the Authority police department, functioning as a key point of contact for compliance with state and federal law enforcement compliance standards specific to IT applications and security.
• Lead initiatives to improve security processes, technologies, and practices based on industry best practices and lessons learned.
• Regular attendance is essential; duties may expand.
• These essential functions enable the Director of Information Security to effectively safeguard the organization’s information assets, manage risks, and ensure compliance with relevant regulations and standards while promoting a culture of security throughout the organization.

This list is not intended to be all-inclusive, and you may not be responsible for every item listed. The employer reserves the right to assign additional functions and responsibilities as necessary.

COMPETENCIES

• Organizational Focus: Applying a broad understanding of the industry, possibilities for the organization, and financial acumen; focusing on what the organization needs to do to succeed today and in the future; demonstrating and understanding longer-term trends when setting priorities; focusing on the sustainability of the organization.
• Cultural IQ: Fully understands and is able to apply our Cultural IQ philosophy. Consistently considers the cultural alignment of all decisions made; Intentionally seeks ways to reinforce our cultural beliefs through day-to-day operations; Contributes to achieving our key initiatives.
• Developing Organizational Talent: Thinking about the evolving needs of the organization and encouraging skill and individual development in light of this; fostering and promoting long-term learning to improve organizational and individual capability; focusing on developing skills and capabilities the organization will require in the future.
• Sound Judgement: The ability to make sound and timely decisions by analyzing and understanding situations and information clearly by carefully examining the details. Exhibits a sense of urgency where appropriate.

REQUIRED FOR ALL HCAA JOBS

• In the event of an emergency or disaster that impacts the Hillsborough County Aviation Authority (HCAA), an employee may be required to respond promptly to duties and responsibilities as assigned by the employee’s department or the HCAA Emergency Operations Center (EOC). Such assignments may be before, during, or after the emergency/disaster.
• Complies with all HCAA Policies, Procedures, and Standards.
• Must pass a security threat assessment (STA) and a fingerprint-based criminal history records check (CHRC) as well as SIDA training in order to obtain the required SIDA badge. Successful completion of an FDLE CJIS background check is an absolute requirement for this position. Candidates must have a clean criminal record and be able to obtain and maintain clearance for access to CJIS systems.
• Serve as LASO: Ensure CJIS compliance for police IT systems; pass law enforcement background checks at time of hire.

QUALIFICATIONS (EDUCATION, EXPERIENCE, LICENSES & CERTIFICATIONS)

• Bachelor’s degree in management information systems, Computer Science, Information Technology, or related field.
• Eight (8) years of professional experience in enterprise technology operations and customer support, or related field.
• Four (4) years of leadership experience.
• Or equivalent combination of education, training, and experience.
• Must possess a valid Florida Driver License.

PREFERRED QUALIFICATIONS

• Master's degree in management information systems, Computer Science, Information Technology, or related field.
• CISSP, CISM, CCSP or other industry standard Information Security Certifications

KNOWLEDGE, SKILLS, AND ABILITIES

• Expertise in zero trust, AI security, cloud (Azure/AWS), ITIL/ITSM/Agile, and CJIS.
• Strong risk assessment, crisis management, and business continuity skills.
• Excellent oral/written communication for C-suite/board; customer-focused.
• Ability to handle sensitive data and build cross-functional relationships.
• Ability to establish and enforce technology best practices across IT operations, ensuring adherence to industry standards and guidelines.
• Ability to communicate effectively orally and in writing.
• Ability to establish and maintain effective working relationships with others within and outside the Authority.
• Ability to handle restricted, sensitive, and confidential information.
• Ability to provide outstanding customer service, serve the public, and represent the Authority with courtesy and professionalism.

PHYSICAL ABILITIES

• Standing up to 6 hours per day
• Continuous walking
• Frequent sitting
• Continuous typing
• Occasional use of car/light truck

The Aviation Authority-Tampa International Airport provides equal employment opportunity to all persons, regardless of age, race, religion, color, national origin, sex, political affiliations, marital status, non-disqualifying physical or mental disability, sexual orientation, membership, or non-membership in an employee organization, or based on personal favoritism or other non-merit factors.

The Aviation Authority-Tampa International Airport welcomes and encourages applications from minorities, veterans, and persons with physical and mental disabilities, and will reasonably accommodate the needs of those persons in the application, testing and hiring process. The decision to grant reasonable accommodation requests will be made case-by-case.