Director, Information Security

Position Summary The Director, Information Security, provides strategic, institutional leadership for National University’s information security and cyber risk management program. Reporting to the Associate Vice President (AVP), Information Security, this role is accountable for designing, governing, and advancing a comprehensive, risk‑based security program that protects the confidentiality, integrity, and availability of university information assets. The Director serves as the senior operational and strategic leader for all information security domains, including Security Engineering, Security Operations, Governance, Risk & Compliance (GRC), Identity & Access Management, and Third‑Party Risk Management. They partner closely with executive leadership, IT, academic leadership, legal, privacy, and compliance stakeholders to ensure security is embedded into institutional strategy, operations, and culture. Compensation Range Annual Salary: $87,923.00 - $118,690.00 Essential Functions Strategic Leadership & Program Ownership Provides strategic leadership for the university’s enterprise information security program in alignment with institutional goals and risk appetite. Partners with the AVP, Information Security, to define long‑term security strategy, multi‑year roadmaps, and program maturity objectives. Serves as a senior advisor to IT and university leadership on cybersecurity risk, threat trends, and control effectiveness. Establishes and maintains security governance frameworks, policies, standards, and metrics aligned with recognized frameworks (e.g., NIST CSF, NIST 800‑53, ISO 27001). Leads institutional cybersecurity risk assessments and maturity evaluations, ensuring results inform investment and prioritization decisions. Provides executive‑level reporting and briefings on security posture, risk trends, incidents, and compliance status. Security Operations, Engineering & Architecture Directs the design, implementation, and operation of security controls across on‑premises, cloud, and SaaS environments. Oversees security monitoring, detection, and response capabilities, including SIEM, endpoint protection, identity security, and network defense. Serves as executive lead for cybersecurity incident response, ensuring effective coordination, decision‑making, communications, and post‑incident improvement. Guides vulnerability management, penetration testing, and remediation strategies across the enterprise. Partners with Infrastructure, Applications, and Cloud teams to embed security into architecture, system design, and change management processes. Governance, Risk & Compliance (GRC) Owns the university’s information security risk management program, including risk identification, assessment, treatment, and tracking. Ensures compliance with applicable regulatory and contractual requirements, including FERPA, GLBA, PCI‑DSS, HIPAA (as applicable), state privacy laws, and institutional policies. Leads internal and external security audits and assessments, coordinating remediation and executive reporting. Oversees the Third‑Party Risk Management (TPRM) program, ensuring vendors and partners meet institutional security expectations. Collaborates closely with Privacy, Legal, Compliance, and Data Governance stakeholders. Identity, Access & Data Protection Provides strategic oversight of identity and access management (IAM), role‑based access control (RBAC), and privileged access management. Ensures effective access lifecycle governance in partnership with HR, IT, and business units. Guides data protection strategies, including classification, access controls, and loss prevention capabilities. Awareness, Culture & Collaboration Champions a culture of shared responsibility for information security across the institution. Oversees security awareness and training initiatives in collaboration with institutional stakeholders. Represents Information Security on university committees, councils, and working groups related to technology, data, privacy, and risk. Maintains awareness of emerging threats, technologies, and regulatory developments to proactively advise leadership. Performs other duties as assigned. Supervisory Responsibilities Provides direct leadership and oversight for Information Security teams, including Security Engineering, Operations, GRC, and Identity functions. Responsible for organizational design, staffing strategy, hiring, performance management, coaching, and professional development. Establishes clear objectives, accountability, and succession planning aligned with institutional priorities. Manages budgets, vendor relationships, and resource allocation for the information security program. Requirements Education & Experience Bachelor’s degree in Information Security, Computer Science, or a related field required; Master’s degree preferred. Minimum of ten (10) years of progressive experience in information security or technology risk management. Minimum of five (5) years of leadership experience managing teams and enterprise‑level security programs. Professional certifications such as CISSP, CISM, GIAC, or equivalent required. Experience in higher education or large enterprise environments preferred. Demonstrated experience across multiple security domains: operations, governance, risk management, and access control. Competencies/Technical/Functional Skills Deep knowledge of cybersecurity domains, including security operations, cloud security, identity management, and risk governance. Strong understanding of regulatory and compliance frameworks applicable to higher education. Proven ability to communicate complex security risks to executive and non‑technical audiences. Strategic thinker with the ability to translate risk into actionable priorities. Strong leadership, collaboration, and influence skills across diverse stakeholder groups. Experience managing security tools, vendors, and managed service providers. High level of integrity and ability to manage sensitive and confidential information. Location Remote, USA Travel Up to 10% travel Benefits The candidate will receive a salary within the stated range based on qualifications. Base pay is one component of National University’s total rewards package, which includes comprehensive well‑being benefits. For full details about the benefits, please visit benefits.nu.edu. Equal Employment Opportunity National University is a proud equal‑opportunity employer. We do not discriminate against any employee or applicant per applicable federal, state, and local laws. All qualified applicants will receive equal consideration for employment, education, and admission at National University. About National University National University employs more than 4,500 faculty and staff and serves over 45,000 students. We are committed to maintaining a high‑quality workforce representative of the populations we serve. With programs available online and on campus across many locations, National University is a leader in creating innovative solutions to education for a diverse student body. #J-18808-Ljbffr