Director, Information Security Program

We are located approximately 20 miles north of Boston and parking is free. We are also accessible by commuter rail on the Newburyport/Rockport line. Come and explore Endicott’s seaside locale where employees are an important part of the bustling campus community!

Please apply today if this opportunity looks like the right fit for you.

.

Job Summary

Reporting to the Chief Information Officer (CIO), the Director, Information Security Program, is a key member of the Campus Technology leadership team. This senior-level role is entrusted with the strategic oversight and continual advancement of the Information Security Program at Endicott College. The Director is responsible for steering the program’s vision, ensuring alignment with institutional priorities, and fortifying the campus’s security posture. This position demands exemplary leadership capabilities, profound expertise in information security, sophisticated project management proficiency, and superior communication skills to address risks, enhance processes, and drive the overarching strategic goals of the institution. 

We are located approximately 20 miles north of Boston and parking is free. We are also accessible by commuter rail on the Newburyport/Rockport line. Come and explore Endicott’s seaside locale where employees are an important part of the bustling campus community!

Please apply today if this opportunity looks like the right fit for you.

Key Responsibilities

40% of Time:  Manage the Information Security Program

• Support the CIO in shaping and refining the Information Security Program.

• Oversee and schedule the implementation of the various components of the Information Security Program.

• Manage the program’s budget to ensure efficient allocation of resources.

• In partnership with the CIO, establish and lead an Information Security Committee to drive strategic initiatives and foster cross-functional collaboration.

• Work with internal teams to conduct comprehensive risk assessments and business impact analyses, identifying vulnerabilities and risk exposures. Maintain an up-to-date risk register and provide recommendations for managing risks through mitigation strategies, such as acceptance, avoidance, transference, and mitigation. 

• Serve as the primary point of contact for Information Security vendors, and stay informed on the latest development in information security, regulatory changes, and higher education requirements at state, national, and global levels.

• Lead communication efforts across campus to raise awareness of relevant security issues, policies, and industries standards.

• Provide ongoing guidance, planning, and monitoring to ensure compliance with regulations such as FERPA, GLBA, HIPAA, PCI, and others that impact the institution’s systems and operations. 

25% of Time: Successfully manage Information Security projects

• Partner with the CIO, prioritize and align information security projects with institutional goals.

• Develop and manage project budgets to ensure proper financial oversight.

• Develop detailed project plans outlining major milestones, resource allocations, and deliverables.

• Oversee project risks and collaborate with the CIO to define and implement effective risk mitigation strategies.

• Track project progress, ensure timely delivery, and provide regular status updates to key stakeholders.

25% of Time: Outreach, Awareness and Training 

• Lead the development and execution of the information security training program for college employees and students, ensuring that security awareness and role-based training for faculty, staff, and students.

• Establish and manage an information security newsletter and webpage content, working closely with the Communications and Marketing department. 

• Work with various campus groups to build a culture of information security and foster shared responsibility among the campus community.

• Lead student-focused security initiatives, addressing the unique challenges of identity protection, mobile security, social media safety, and online reputation management.

• Provide leadership, mentorship, and guidance to colleagues and staff, fostering a collaborative environment and promoting knowledge-sharing.

10% Incident Response Planning & Response

• Review the Incident Response Plan (IRP), on a quarterly basis, ensuring that key stakeholders are engaged in the process. 

• Stay informed on security incidents and act as primary control point during significant information security incidents, including convening a Security Incident Response Team (SIRT) as needed to address incidents.

• Other duties as assigned.

Core Competencies

Reliability

able to get the job done, available and engaged with the job and the Endicott community

Leadership

able to establish a vision and set direction for the Workday roadmap and governance

Organization

organizes time and resources well so that work is done efficiently and on time

Communication Skills  

has clear, effective and efficient ways of communicating, both orally and in writing

Adaptability

shows a willingness to adopt new ideas and to do things differently

Follow Through 

takes ownership of projects and sees them through fruition

Customer Service

the employee anticipates the needs and responds to queries in a timely, competent, and approachable manner

Initiative/Personal Leadership

identifies opportunities for improvement and actively contributes to solutions

Team Player 

shows a willingness to collaborate and share information, knowledge and experience with team members

Knowledge/Skills/Abilities

• Bachelor’s degree in computer science, business or a related field required (graduate degree preferred.).

• Minimum of five years of Information Technology experience, with at least three years of focused Information Security experience. 

• Deep knowledge and experience in applying industry-standard IT security frameworks (NIST, ISO, etc.).

• Knowledge of key regulatory frameworks including GLBA, FERPA, HIPAA, PCI, GDPR and MA 201 CMR 17.00.

• Strong influence and leadership skills, with the ability to drive initiatives and collaborate with teams and stakeholders, even without direct authority. 

• Proven experience leading cross functional committees and working with and presenting to diverse groups across the organization.

• Experience writing policy documentation and implementation for IT and security operations.

• Strong background in project management, particularly with long-term projects (e.g., 6+ mos.).

• Proven experience in overseeing cybersecurity training programs.

Preferred Qualifications:

• Supervisory experience is strongly preferred, with a demonstrated ability to lead, mentor, and develop teams.

• Experience with Learning Management Systems (LMS).

• Strong background in writing newsletters and creating website content.

• Experience working in higher education settings.

• One or more relevant professional certifications (e.g., CISSP, CISM, etc.).

Effective Date of Current Version:  March, 2025