Overview
Work Location
To perform this job successfully, an individual must be able to work on-site at the Hillsdale College campus in Michigan
At Hillsdale College, our digital landscape is rapidly expanding, and so are the challenges that accompany safeguarding the College’s information assets. We are seeking an experienced visionary Senior Director of Information Security to lead the College’s strategic charge against modern cybersecurity threats.
As the architect of our next generation of digital defense, you will be at the heart of strategizing and implementing innovative solutions to safeguard the integrity, confidentiality, and availability of the College's information systems. You will be integral to protecting the infrastructure and data that power our on-premises and cloud data centers, collaborating closely with the brilliant minds crafting our state-of-the-art online learning platform -- a beacon of knowledge for millions of lifelong learners worldwide, offered entirely free of charge.
Your expertise will play a critical role in furthering the College's mission of making education accessible to all who wish to learn. With a solid background of at least 10 years in information security leadership, your experience in designing and executing comprehensive security programs in complex environments will be essential to the development and implementation of procedures to shield Hillsdale College's information systems from threats. Your ability to concisely present information security principles to diverse audiences and employ empathy, patience, and tenacity to rally support across the College for new initiatives will be key to our collective success.
Responsibilities
Essential Job Functions
- Risk Assessment and Management
- Identify, evaluate, and prioritize cybersecurity risks for College-managed information systems, as well as those provided and managed by outside vendors, following NIST CSF and relevant ISO27001 framework components.
- Ensure a rigorous vendor due diligence and management process to properly manage risks associated with third-party vendors and partners providing technology, data analysis, financial service, and other critical services to the College.
- Policy Development and Implementation
- Design and implement reasonable information security policies and procedures to mitigate risks and protect the College’s ability to fulfill its mission to teach all who wish to learn, which today relies on digital technologies to reach the millions of people who learn from and support the College.
- Awareness and Education
- Develop a comprehensive strategy to ensure best-in-class cybersecurity awareness and knowledge training across the College.
- Together with our ITS instructional team, develop a curriculum to transform complex information security concepts into understandable and actionable knowledge for a non-technical audience.
- Collaborative Leadership
- Work closely with executive leadership and external service providers to ensure that our cybersecurity strategy is cohesive, reasonable, and effective, ensuring that all processes align with the strategic objectives of the College.
- Reporting & Measurement
- Develop and manage reliable metrics and KPIs to effectively monitor the cybersecurity posture of the College and demonstrate the effectiveness of our processes.
- Develop an effective communication plan to ensure that information relevant to decision making is conveyed to the right people at the right time to continuously improve the College’s security posture.
- Continuing Education
- Complete at least 60 hours per calendar year of continuing education that is directly related to your responsibilities and duties in this role.
Qualifications
Expert-level
- Strategic Cybersecurity Leadership
- Proven experience developing and executing comprehensive security programs in complex enterprise environments.
- Demonstrated ability to select, negotiate, and organize managed service providers to assist the College’s IT staff.
- Risk Management Frameworks
- IT security and risk management frameworks (NIST, ISO27001, FAIR), analysis, and reporting suitable for college/campus environments.
- GDPR, HIPAA HITECH, PCI, and similar regulatory requirements.
- Incident Response Management
- Skilled in developing comprehensive incident response and management strategy and plans.
- Coordinating and training teams to respond to cybersecurity incidents effectively.
- Technology and Systems
- Experience designing security controls for both on-prem and cloud data centers, as well as Microsoft Active Directory, Microsoft Azure, and VMWare environments.
- Advanced knowledge in managing security architectures, both on-premises and cloud-based environments, including proficiency with next-gen firewalls and SIEM platforms.
- Experience with modern secure software design and programming principles to ensure appropriate security practices are incorporated into the software development lifecycle.
- Knowledge of common vulnerabilities (such as OWASP Top Ten) and applicable mitigation tactics.
- Vulnerability and penetration testing methodologies and the ability to work with internal and external testers to assess system vulnerabilities using both automated tools (e.g., Qualys, Metasploit, Nessus, etc.) and manual “red team” testing.
- Communication Skills
- Excellent communication abilities with proficiency in articulating complex security topics to diverse audiences.
Proficient-level
- Vendor Management
- Must have a solid understanding of vendor management principles and practices.
- Project Management
- Effective in leading cybersecurity projects, including planning, execution, and stakeholder management.
- Team Development
- Experienced in mentoring and developing information security professionals.
- Microsoft Purview, Box Governance, Google Vault and similar tools used in eDiscovery and litigation management
- Cybersecurity tools and technologies (e.g., Splunk, LogRhythm, etc.) for monitoring, detection, analysis, and response.
- Endpoint security tools, such as Microsoft Defender
- Design and implementation of ZTA and ZTNA models within a hybrid enterprise environment
- Comprehensive knowledge of Windows, Linux, and Mac OS security.
- Python, PowerShell, Azure Cloud Shell, and SQL experience for automation and data analysis
Education and Experience
- A minimum of 7 to 10 years of experience in a senior-level information security or IT leadership role, with extensive management experience.
- Preferably a Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master’s degree or an MBA with a technology focus is a plus.
- Experience in higher education is a plus.
Certifications and Training
- Desireable:
- CISSP, CISM, CRISC, CEH
- ITIL 4 training and certifications
- Information Security Management practitioner training
Other Requirements
The Information Technology Services department interacts with College staff and students. A clean and neat appearance and a pleasant relationship that is supportive of the College mission is essential. This relationship needs to be supportive and professional while maintaining confidentiality as needed.
Be a good representative of Hillsdale College to promote the liberal arts, the College’s original Articles of Association and operating principles stated in the Staff Code of Commitment. The Mission Statement should be considered in all aspects of the position. The teaching of Christian faith shall remain a conspicuous aim of the College.