Senior Director, Information Security

Senior Director, Information Security Operations

Department of Information Technology

Regular, Exempt, Full-time, Pay grade 4.5

Location: Adelphi, Maryland

The Senior Director of Information Security Operations is responsible for developing, implementing and monitoring a strategic, comprehensive enterprise cybersecurity and IT risk management operational too portfolio and program. The Senior Director of Information Security Operations provides the vision and leadership necessary to manage the day-to-day risk to the organization and will ensure business alignment, effective governance oversite, system and product availability, integrity and confidentiality. The Senior Director of Information Security Operations is an integral part of the IT Operations team supporting our customers.  

RESPONSIBILITIES: 

• Conduct a thorough assessment of the company’s operational security needs, priorities and opportunities in order to visualize, create, and execute on an information security program  

• Design and develop an information security operational roadmap to align and scale with company growth  

• Lead security assessment and testing processes, including but not limited to penetration testing, vulnerability management, and secure software development at a global level  

• Plan for and manage incident response plans while minimizing effect on the business  

• Develop and extend security tooling and automation efforts across the organization  

• Proactively identify security issues and potential threats and continuously build processes and design systems to watch for and protect against them  

• Lead compliance activities supporting external audits, regulatory compliance projects, and overall information security reviews  

• Educate the organization about these threats and implement threat protection measures.  

• Manage implementation and monitoring of the enterprise Cybersecurity Awareness Program reporting to compliance to the VP of Information Technology and Security Operations, as well as UMGC executive sponsor and senior management. 

• Serve as cross-functional leader and provide direction to key, accountable stakeholders in a matrix environment with dotted-line reports embedded within the business  

• Serve as the information security expert in front of the Executive team  

• Advocate for and manage the portfolio of secure application and infrastructure best practices, ensuring a security presence at all stages and of the software development lifecycle tending to a zero-trust strategy 

• Manage relationships with external information security technology vendors and specialized information security professional services firms  

• Attract, develop, and retain a highly talented team as the information security program grows 

• Plan, develop, document, and implement an enterprise Disaster Recovery plan consistent the UMGC hybrid IT Cloud Infrastructure 

• Collaborate with appropriate UMGC business stakeholders to facilitate a Business Continuity Plan consistent with UMGC’s application stack (cloud SaaS and OnPrem) and business process make up 

MINIMUM QUALIFICATIONS, KNOWLEDGE, SKILLS, AND ABILITIES: 

Formal Education & Certification:

• Bachelor’s degree 

Highly desirable to hold one or more of the following certifications:  

• Certificate of Cloud Security Knowledge   

• Certified Computer Examiner (CCE)  

• Certified in Risk and Information Systems Control (CRISC) 

• Certified Information Security Manager (CISM) 

• Certified Information Systems Auditor (CISA) 

• Certified Information Systems Security Professional (CISSP) 

• Check Point Certified Master Architect (CCMA) 

• Check Point Certified Security Expert (CCSE) 

• Cisco Certified Network Professional - Security 

Knowledge & Experience:

• 10+ years of relevant experience in information security governance with direct experience in security policy development, security architecture models, and information security regulatory compliance. 

• 5+ years of progressively responsible management and/or leadership experience in information security governance and operations including two years of supervisory experience. Experience with an institution of higher education is preferred.  

• Solid knowledge of and experience with secure web architectures, tools and processes. 

• Knowledge of network architecture and design, network Security, wireless Security and client/server security. Strong computer networking skills and understanding of networking protocols.  

• Security of virtual machine environments is highly desirable.  

• Knowledgeable about securing wireless LAN and wireless IDS (Intrusion Detection Systems). 

• Knowledge of vulnerability assessment/network discovery and associated tools.  

• Understands infrastructure monitoring. 

• Knowledge of securing Linux and Windows systems.  

• Experience with VPN technologies. 

• Experience with various types of firewalls and technologies. 

• Previous application development experience is very helpful for secure code reviews. 

• Enterprise aware (change control/windows, downstream impacts, understand cause/effect, etc.). 

• Must have knowledge of IT security technologies such as firewalls, intrusion detections systems, antivirus, patch management, etc., and experience working on security policy and architecture. 

• Experience in engineering and operational roles (a plus if both roles at the same time). 

• Knowledge of various control & risk management concepts and methologies as well as knowledge and expertise of all applicable regulations and audit standards (e.g., GLBA,  FERPA, PCI-DSS, and SSAE-16. 

• Clear understanding of relevant information security governance, technical and security standards and regulations. Familiarity with industry security standards and compliances including OWASP, FedRAMP, AICPA SOC, NIST 800-53, 800-171 ISO 27001, CMMC, and ISO 27018 as well as current data privacy regulations, including GDPR and regional standards. Deep knowledge of networking and network security 

• Familiar with DHS and NIST security policy and be able to review against security architecture technical requirements. Especially, NIST SP 800-53, 800-35, 800-171, and CMMC. 

• Applicants selected will be subject to a government security investigation and must meet eligibility requirements for a public trust clearance or higher.   

All submissions should include a cover letter and resume.

The University of Maryland Global Campus (UMGC) is an equal opportunity employer and complies with all applicable federal and state laws regarding nondiscrimination. UMGC is committed to a policy of equal opportunity for all persons and does not discriminate on the basis of race, color, national origin, age, marital status, sex, sexual orientation, gender identity, gender expression, disability, religion, ancestry, political affiliation or veteran status in employment, educational programs and activities, and admissions.

Workplace Accommodations:

The University of Maryland Global Campus Global Campus (UMGC) is committed to creating and maintaining a welcoming and inclusive working environment for people of all abilities. UMGC is dedicated to the principle that no qualified individual with a disability shall, based on disability, be excluded from participation in or be denied the benefits of the services, programs, or activities of the University, or be subjected to discrimination. For information about UMGC’s Reasonable Workplace Accommodation Policy or to request an accommodation, applicants/candidates can contact Employee Accommodations via email at employee-accommodations@umgc.edu. 

Benefits Package Highlights:

• Generous Time Off: Enjoy 22 days of paid vacation, 15 days of sick leave, 3 personal days, and 15 paid holidays (16 during general election years). For part-time employees, time off rates will be prorated based on the number of hours worked.
• Comprehensive Health Coverage: Access to health care, medical with vision, dental, and prescription plans for both individuals and families, effective from the 1st of the month following your hire date.
• Insurance Options: Term Life Insurance, Accidental Death and Dismemberment Insurance, and Long-Term Disability (LTD) Insurance. Part-time employees working less than 0.5 FTE are not eligible for LTD.
• Flexible Spending Accounts: Available for medical and dependent care expenses.
• Retirement Plans: Choose between the Optional Retirement Program (ORP) or the Maryland State Retirement and Pension System (MSRPS).
• Supplemental Retirement Plans: include 401(k), 403(b), 457(b), and various Roth options. The university does not provide matching funds.
• Tuition Remission: Immediate availability for Regular Exempt Staff. Spouses and dependent children are eligible for undergraduate tuition remission after two years of service. NOTE: For part-time employees (at least 50 percent of the time), tuition remission benefits are prorated.

Hiring Range: