Director of Information Security

The Director of Information Security will lead Georgia Gwinnett College’s (GGC) cyber and information security strategies; drive and own the College’s cyber and information security posture, using a riskbased approach; and adopt a comprehensive approach to information security. The position holder will lead the IT security activities within the College, managing the risk to the College’s IT facilities and information from internal and external threats. The position holder will advise the College at a strategic level on existing and emerging threats, and will own and develop the necessary IT security policies, processes and procedures. 

ESSENTIAL FUNCTIONS

• Develop, implement and monitor a strategic and comprehensive cyber and information security and IT risk management program that ensures the integrity, confidentiality, and availability of the GGC network.

• Provide guidance and counsel on information security to the CIO, senior staff of IT department, and college stakeholders and works with campus leadership to develop a strategic approach to information security that balances GGC’s academic values with institutional attention to the risks and requirements generated by the college’s increasingly information rich environment as well as external regulations.

• Recommends strategies and practices to ensure information security and leads the design, development, and implementation of the college’s security and governance policies and procedures in consultation with college leadership, technical personnel and IT senior staff.

• Develop and lead education and training programs for all college constituents on institutional policy, guidelines, federal and state laws and regulations, and best practices around information security.

• Advise college leaders on emerging information security risks and opportunities created by GGC’s ongoing development as a world-class institution of teaching, learning, and research with increasingly global relationships and activates.

• Review hardware, software, and services being considers for purchase or implementation by the IT department or other campus departments to assess security issues (strengths/risks) and assure proper information security requirements to be included in an RFP for software or services.

• Track industry and higher education developments and best practices to maintain a thorough understanding of current and future directions, systems, applications, and data security techniques for instructional, research and administrative needs.

• Assume responsibility of implementation of information security policies and for ensuring effective IT risk management and compliance across the college; recommend enhancements in information security policy to college leaders; coordinate campus-wide initiatives for governance and security.

• Manage and mitigate security incidents and events to protect the assets and information of GGC’s student body, faculty, and staff.

• Lead the annual IT Risk Assessment Process and maintain the efficacy of the IT Business Continuity Plan; participate in the work of the college-wide IT advisory and Information Security Governance committees.

• Maintain a close and effective working relationship with professionals in GGC’s Office of General Counsel, the Office of Audit and Compliance, and Public Safety, and act as coordinator between these groups and professionals on matters pertaining to campus IT security.

• Establish and implement a process for cyber and incident management to proactively identify threats, respond, contain and communicate a suspected or confirmed incident. Lead and coordinate institutional responses to security incidents, providing timely reports during the incident and responses to security incidents; provide timely reports during the incident and response, as well as propose cost effective solutions to prevent or mitigate future incidents.

• Leads with investigations of misuse of computing resources by employees and students. Serve as the college’s compliance officer with respect to GGC, state and federal information security policies and regulations. Work with the campus-designated FERPA, Records Access and HIPAA-privacy stewards on compliance issues as necessary. Prepare and submit required reports to external agencies.

• Assist Engineering, Development and Vendor teams to ensure proper security controls are implemented across technology initiatives, as well as assist in response to audits, penetration tests, and vulnerability assessments.

• Direct the development of effective information security awareness, training and education programs for all employees, students and approved system users.

• Evaluate risk and act expeditiously in making decisions and recommendations, while considering the technology environment as well as the varying needs and viewpoints of a college community.

• Work with the IT advisory and security governance committees to prioritize initiatives and spending to reduce security risk and improve the overall information security program.

• As a member of the CIO’s leadership team contribute to the overall development of the IT department’s strategic goals, performance metrics, communication practices, and culture.

• Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the GGC and its mission.

• Take part in Campus Disaster Recovery/Business Continuity planning in support of emergency preparedness.

• Other duties as assigned.

REQUIRED QUALIFICATIONS

• Graduate degree in Computer Science, Information Systems Management, Information Security, Business Administration, MBA, or a related field 

• At least 5 years of current experience directly related to the responsibilities of Information Systems or Information Security.

• Extensive management experience that includes directly managing employees and budget responsibilities

• Knowledge with Security Incident and Event Management practices and solutions.

• Solid background and experience in cyber security, secure network design, system security and application security.

• Knowledge of layer 2 and 3 routing protocols.

• Knowledge of firewall technology - Palo Alto, Cisco, PIX, ASA 

PREFERRED QUALIFICATIONS

• Minimum of one professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.

• Hands on experience with open source tools such as:

  • Nessus

  • Qualys

  • Metasploit

  • Snort 

• Knowledge of firewall technology - Checkpoint, PIX, etc.; Cisco Firewall Services Module

• Knowledge of auditing, information security and regulatory standards best practices and assessment methodologies 

Due to the volume of applications, applicants may not receive a reply from the College unless an applicant is selected for an interview. Review of applications will continue until positions are filled. Hiring is contingent upon eligibility to work in the United States and proof of eligibility will be contemporaneously required upon acceptance of an employment offer. Any resulting employment offers are contingent upon successful completion of a background investigation and credit check if applicable to the position, as determined by Georgia Gwinnett College in its sole discretion. Georgia Gwinnett College, a unit of the University System of Georgia, is an Affirmative Action/Equal Opportunity employer and does not discriminate on the basis of race, color, gender, national origin, age, sexual orientation, disability or religion. Georgia is an open records state.

Physical Requirements

Position may require local travel. Ability to lift and carry files and materials. Ability to move from one office to another office on campus. Adequate vision, hearing and manual dexterity to interact with people in person, on the phone and in writing. Applicant must be able to perform the essential functions of the job, with or without reasonable accommodations.