Cleveland Metropolitan School District

The Executive Director, Cyber Security and IT Risk Management is responsible for the security of the District’s information technology resources, digital assets, user identity, and data privacy.. Provides strategic leadership in the development and execution of a comprehensive strategy/ roadmap for cyber security and IT risk management programs and architecture.. Partner with Homeland Security, the FBI and other appropriate agencies to develop and implement cyber security and IT risk management programs.. Develop policies, procedures, communications and training for cyber security and IT risk management programs.. Possess one or more advanced professional security certifications related to chosen discipline (CISSP, CCSP, CISM, CISA or SANS) preferred but not required.

executive director

THE OPPORTUNITY:   Location: Administration Reports To: Chief Information OfficerFLSA Status: Exempt Salary Band: 16Compensation: $ 91,800. - $ 128,520.The Executive Director, Cyber Security and IT Risk Management is responsible for the security of the District’s information technology resources, digital assets, user identity, and data privacy. This role will identify current threats, mitigate vulnerabilities, and anticipate future cybersecurity challenges. Utilize new technologies to increase the security of the District’s existing and emerging IT infrastructures, systems, and information. Manages the reporting, investigation, and resolution of information security incidents. Works with and consults with executive/senior leaders such as the Legal Department on potential information breaches. Perform audit and security compliance checks, including network penetration testing, vulnerability scans, and other configuration analysis. Provides strategic leadership in the development and execution of a comprehensive strategy/ roadmap for cyber security and IT risk management programs and architecture. Establish relationships with Homeland Security, the FBI, and other security agencies to establish cyber security and security response best practice processes and procedures. Responsible for establishing a formal cyber security awareness program and conducting phishing campaigns.ESSENTIAL DUTIES & RESPONSIBILITIESEstablish IT security standards for network infrastructure, applications, servers, data, desktops/laptops/tablets and mobile devices.Perform periodic (semiannual or annual) penetration testing and vulnerability scans.Establish a formal IT forensics program to ensure proper security investigative activities are performed based on best practices. Responsible for development, management and compliance of an enterprise-wide cyber security awareness program to drive desired security behaviors across the District.Partner with Homeland Security, the FBI and other appropriate agencies to develop and implement cyber security and IT risk management programs.Develop policies, procedures, communications and training for cyber security and IT risk management programs.Perform audit and security compliance checks, including technical configuration analysis, testing of controls for SOC1, SOC2 and other compliance activities.Develop and maintain Acceptable Use and Internet Safety policies for staff and students.Maintain up-to-date knowledge and understanding of technology trends, security threats, infrastructure vulnerabilities, and business dependencies that could impact the District’s risk profile.Develop threat models and security risk assessments, and recommend mitigations and countermeasures to address risks, vulnerabilities and threats.Lead and direct support of all IT security audits (e.g., federal, state and internal).Track and mediate security audit findings and security vulnerabilities detected from scans. Develop and maintain a disaster recovery plan and procedures. Conduct periodic disaster recovery drills/exercises with key stakeholders and Service Providers.Have responsibility for security monitoring and alerting, identity and access management, internet content management and privileged account management.Responsible for the investigation and reporting of cybercrimes, including identity theft, ransomware attacks, etc.Responsible for ensuring appropriate governance over Managed Service Providers managing and maintaining information security technologies.Partner with key stakeholders such as Facilities and Safety and Security to develop, document and test plans for emergency response and to ensure appropriate staff awareness.QUALIFICATIONSKnowledge, Skills and AbilitiesKnowledge of federal, state, and local cyber and information security regulation and legislation specifically HIPAA, FERPA, as well as industry frameworks, such as NIST, ISO 27001/27002 and COBIT).Knowledge of identity and access concepts and technologies to secure computing environments and end-user access, such as SSO and SAML.Knowledge in Security Operations Center (SOC) service delivery and managementDemonstrated understanding of comprehensive security programs, including technologies and tools, architectures, network and application design, including an understanding of the business impact of related technology risks.High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactionsUnderstand current and emerging cyber security risks, and innovative risk management methodsAbility to interpret and apply security policy, standards, and controls definitions across a large complex business environment, with third-parties, and multiple cloud service providers.Experience8+ years of IT leadership experience.5+ years’ experience implementing layered security practices for network, host, applications, data and access to IaaS, PaaS and SaaS services in a hybrid deployment environment.Experience implementing and operating security technologies and processes in a hybrid cloud environment, such as Amazon AWS or Microsoft AZURE and customer on-premise.Experience in implementation and management of hardware and software firewalls, user content management devices, IDS/IPS and DDOS platforms. EducationBachelor’s Degree in Computer Science, Information Systems or related field.Possess one or more advanced professional security certifications related to chosen discipline (CISSP, CCSP, CISM, CISA or SANS) preferred but not required.WORK ENVIRONMENTThe characteristics listed below are representative of the work environment typically encountered by an individual while performing the essential duties of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.While performing the duties of this job, the employee is exposed to a normal office environmentSome travel may be required for training/meetings

START NEW SEARCH