Assistant Director, Information Security

Position Title:

Assistant Director, Information Security

Time Type:

Full time

Position Summary and Qualifications:

The Assistant Director of Information Security plays a critical leadership role in executing the University’s information security vision and strategy. This position works closely with the Chief Information Security Officer (CISO) to implement and manage technical, policy, and compliance-based initiatives that safeguard University systems, data, and operations.

The role is central to security operations, including risk management, incident response, audit coordination, and vendor reviews. The Assistant Director also leads efforts to strengthen the University’s information security awareness and training programs, fosters a culture of shared responsibility, and ensures alignment with institutional goals and regulatory obligations.

Essential Duties & Responsibilities:

• Provides leadership and oversight for the day-to-day operations and technical aspects of the Information Security department, with a primary focus on identity and access management, GRC (governance, risk, and compliance), and network security/operations.

• Collaborates closely with those responsible for IAM functions in the Applications & Infrastructure division to strategically enhance the security awareness program, ensuring a robust understanding of information security and safe computing practices across the University community.

• Manages technical support and contributes expertise in overseeing vendor relationships pertaining to information security, including leading the formal review of university contracts with significant technology components.

• Utilizes and refines the vendor questionnaire process to thoroughly assess each vendor’s overall capabilities, including infrastructure, controls, security practices, regulatory compliance, and ability to safeguard University information assets, providing expert security opinions on vendor suitability.

• Participates in the investigation and assessment of security incidents, coordinating efforts with technology managers in IT and partnering effectively with the Office of General Counsel.

• Serves as a point of contact and escalation for security threats, potential breaches, and privacy issues, including sensitive matters involving law enforcement.

• Engages proactively with internal and external auditors and agencies on security and compliance matters, particularly during incident response scenarios.

• Partners with the IT Audit Analyst to develop and implement comprehensive strategies for addressing audits, assessments, and broader compliance efforts.

• Actively participates in the establishment of annual and long-term security and compliance goals for the department.

• Drives the creation and implementation of detailed security strategies, metrics, and reporting processes to monitor effectiveness and demonstrate progress.

• Develops, maintains, champions, and enforces robust data management and information security policies, standards, guidelines, and procedures, encompassing those for end users, system and application administrators, service providers, and legal/regulatory compliance.

• Initiates and develops communication and education initiatives aimed at elevating awareness of information security risks, along with mitigation strategies and protective measures implemented across the university.

• Engages actively with IT advisory councils, administrative, and academic units through committees, ensuring the cohesive development and consistent application of policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management.

• Collaborates extensively with stakeholders to conduct thorough risk assessments and business impact analyses, identifying vulnerabilities and assessing risk exposure.

• When risks are identified, provide expert recommendations on effective risk management strategies, including acceptance, avoidance, transference, and mitigation techniques to minimize potential impact on the university.

• Stays abreast of emerging governmental regulatory initiatives, security alerts, and relevant issues that could impact the university environment, proactively assessing their implications.

• Provides expert guidance, planning, and monitoring for adherence to various industry requirements (e.g., FERPA, HIPAA, PCI), influencing the implementation of relevant systems.

• Oversees the preparation and submission of required reports to external agencies, ensuring accuracy and timeliness

• Supervision includes: IT Audit Analyst (1); Network security analyst (1); Graduate Assistant/Student worker as funding permits

• This role provides direct management, technical guidance, mentorship, and project oversight to junior staff, analysts, and interns.

• May lead and manage specific security projects or work streams.

 

Minimum Qualifications: (Education/Training and Experience Required)

Required

• Bachelor’s degree, preferably in Computer Science, Information Security, or a related field, OR an equivalent combination of education, training, and experience.

• Minimum of 4 years of progressive professional experience in information technology, with at least 2 years in a dedicated information security role (e.g., Identity and Access Management, Risk Management, Security Operations, Incident Response).

• At least 1 year of demonstrated direct experience managing people (direct reports ) in a professional capacity. 

• Excellent written, oral communication, and presentation skills, with the ability to articulate complex security concepts clearly and concisely.

• Proven ability to effectively communicate technical and security information to diverse audiences, from technical teams to executive leadership.

• Demonstrated experience working with compliance and regulatory matters such as FERPA, PCI, HIPAA, and HEOA.

• Strong understanding and practical knowledge of NIST, GLBA, and GDPR frameworks.

• Superior troubleshooting and advanced problem-solving skills, with a track record of resolving complex security issues.

• Extensive experience in drafting and maintaining comprehensive security policies, standards, and related documentation.

• Proven ability to work autonomously while also fostering a highly collaborative environment.

• Demonstrated ability to effectively manage multiple, concurrent work streams and consistently meet internal deadlines in a dynamic environment.

Preferred

• Advanced experience with Microsoft security technologies (Azure Security Center, Microsoft 365 Security, Azure AD IAM, CASB, SSO, MFA solutions).

• Industry-recognized security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).

• Experience with contract and vendor vetting processes, negotiations, and detailed document reviews from a security perspective.

• Demonstrated experience collaborating with General/External Counsel and various Law Enforcement agencies on security-related investigations and compliance.

 

Physical Requirements and/or Unusual Work Hours:

• Will require prolonged periods of work at a computer workstation.

• Will require occasional evening and weekend hours to address critical issues or project demands.

• Must be available to respond to emergencies on a 7x24 basis and actively participate in the IT On Call rotation process.

Saint Joseph’s University is a private, Catholic, Jesuit institution and we expect members of our community to be knowledgeable about – and to make a positive contribution to – our mission. Saint Joseph’s University is an equal opportunity employer that seeks to recruit, develop and retain a talented and diverse workforce. The University is committed to the diversity of its faculty and staff so that our students, our disciplines and our community as a whole can benefit from the multiple perspectives it offers. The University seeks qualified candidates who share our commitment to equity, diversity and inclusion. EOE

Saint Joseph’s University prohibits discrimination on the basis of sex in its programs and activities, including admission and employment, in accordance with Title IX of the Education Amendments of 1972. The Title IX Coordinator is responsible for overseeing compliance with Title IX and other civil rights laws and regulations. To contact the Title IX Coordinator, e-mail titleix@sju.edu, visit Campion Student Center suite 243, or call 610-660-1145. To learn more about the University’s Title IX policies, the process for filing a report or formal complaint of sex discrimination, sexual harassment, or other form of sexual misconduct, and the University’s response to reports and/or formal complaints, please visit www.sju.edu/titleix. Inquiries may also be directed to the Federal agency responsible for enforcing Title IX, the U.S. Department of Education Office for Civil Rights.

Pay Transparency & Benefits Overview

Please click to read more about the university's approach to pay and benefits transparency. Adjunct instructor compensation can be found in the article. Otherwise, an estimated pay range is listed below. This position's estimated pay range is:

$102,400.00 - $127,500.00