Vice President, Information Security
- Job Ref:
- ICC - Adelphi, MD
- IT and Project Management
- Full time
Vice President of Information Security
Office of the Chief Digital Officer
Exempt, Regular, Full time
University of Maryland Global Campus (UMGC) is seeking a Vice President of Information Security (VP) within the Office of the Chief Digital Officer. This function manages information security risks and works closely with UMGC's technology partner, AccelerEd, to manage risk analysis, remediation or acceptance. The VP will manage security risk remediation projects, including the introduction of new technologies, the implementation of new procedures, and ongoing monitoring. This includes the management of ongoing security awareness training and incident response. The VP reports to and works closely with the Chief Digital Officer (CDO) who sets the strategy, the Office of Legal Affairs, and others on privacy issues and possible responses to security breaches.
This role serves as the organizational information security officer and is the expert on administrative and technical controls for information security and as such serves as an aid to the CDO and other department heads at the UMGC. The VP will provide the organization with technology and process recommendations to ensure best practices are followed.
Women and minorities are encouraged to apply.
Additional responsibilities include:
- Information Security and Risk Programs
- Develops and maintains Information Security program through establishment of information security governance, policies, technology framework, best practices in IT, and staff education and certification
- Defining and facilitating the processes for information security risk mitigation
- Develops, implements, and maintains information privacy and security policies, procedures, and guidelines through ongoing review and authorship
- Establishes an information security risk management strategy, process, and program Measures and monitors cost, schedule, and performance of the Information Security program
- Defines, implements, and enforces information security policies
- Governance and Compliance
- Governs and oversees the Information Security program and plan
- Creates security and risk dashboard for management-level reporting
- Oversees and continually improves information security awareness training program
- Manages the relationship with AccelerEd, and threat intelligence providers, to ensure and continually improve the quality and value of the security events, logs, and alerts from these external partners
- Maintains current knowledge of federal and state information privacy and security laws and industry standards.
- Ensure that controls are adequate to meet legal, regulatory, policy, standards, and security requirements (GDPR, CCPA, PCI, SOX, 10 etc.)
- Assists the CDO in development of information security presentations for executive leadership and board
- Information asset security
- With AccelerEd, documents and maintains a security architecture
- Coordinates execution of security audits, assessments, health checks and security enhancements
- Defines, oversees, assessess, and maintain controls necessary to protect information and vital assets (including media) in accordance with security requirements (includes privacy requirements, PII, encryption, PKI, backups, DLP, and data retention/destruction)
- Engages with procurement, and program and product managers to address compliance with information privacy and security policies and procedures, federal and state laws, and industry standards throughout the development and acquisition lifecycles
- Lead identity and access management policies, standards, and training for UMGC (e.g., password management, single sign on, two-factor authentication, PIN management, digital signatures, smart cards, biometrics, and Active Directory)
- Defines, assesses, and maintains controls necessary to protect software and applications in accordance with security requirements (operating systems, applications, database management systems, web-based PCI applications, COTS, and maintenance)
- Emergency operations and incident command centers
- With AccelerEd, coordinates periodic information privacy and security risk assessments, including penetration tests, and creates remediation plans to address relevant security findings.
- Takes active leadership role in coordinating security incident response including identification, containment, remediation, forensics and, in collaboration with Data Protection Officer, breach notification
- Evaluates, recommends, and implements systems for detection and prevention of information privacy and security breaches
- With AccelerEd, triages, analyzes, responds to, and recovers from suspicious events and security incidents
- Ensuring that disaster recovery and business continuity plans are adopted, communicated and tested on a regular cadence
What success looks like:
- Is responsible for the policies, standards and training necessary to ensure the achievement of the security and privacy goals of UMGC
- Is accountable for the security and availablilty of UMGC infrastructure
- Establishes risk management culture within UMGC by exemplifying the values of UMGC and leading by example
- Agilely processes and responds accordingly to real-time changes in UMGC's dynamic and rapidly evolving environment
- Builds strong relationships across UMGC and with external partners through collaboration, openness, and transparency
- Leads stress-free security audits, with issues and recommendations addressed in a timely manner without impacting the operations of UMGC
- Other job-related duties as assigned
Required education & experience: An earned Bachelor's degree in computer science or a related field from a regionally accredited institution of higher learning; at least 10 years of successful experience on an information security team in a complex organization including at least five (5) years in an information security leadership role; as well as a proven track record of leading successful risk mitigation interventions and initiatives.
Preferred education & experience: An earned Master's degree in a relevant field from a regionally accredited institution of higher learning; an active/current CISSP, CRISC, CISM, CCSP, CEH, or CISA; an understanding and of all federal, state, and local laws, relevant polices, and regulatory actions that pertain to information technology, security, and risk; relevant work experience with GDPR, HIPAA, NIST, ISO security architecture, GLBA, PCI, and SOX; expertise with DNS, VPN, coding, ethical hacking, firewall intrusion/detection, protection protocols, cybersecurity frameworks, security architecture, and disaster recovery; a clear and evident understanding of relationships between technology, privacy, and security of data and intellectual property, capacity planning, vendor relationships, disaster recovery, and security architecture; experience in or an understanding of governance, risk, and security specific to higher education; and the ability to work successfully with diverse teams in a multicultural environment.
All submissions should include a cover letter and résumé. UMGC offers competitive compensation and comprehensive benefits for qualifying positions, such as tuition remission, generous leave and healthcare. For detailed benefits information, please visit: https://careers.umuc.edu/benefits.html.