REMOTE Director of Information Security

Central Washington University is recruiting a Remote Director of Information Security to join the Information Services team at Central Washington University. This role is an important member of our team as they are the highest-level cybersecurity leader at the University and will bring both hands-on and strategic leadership to the Security Services department. The role is a remote position, which means you can help us Change Students’ Lives from anywhere in the US. We’re offering a salary, depending on experience, from $130,000 – $150,000 annuallyplus the awesome CWU benefits.

Who we are:

We are a team of individuals committed to Changing Students’ Lives. No matter what job, each of us plays a part in supporting and empowering our students to fulfill their dreams.

Working in higher education provides career growth and career choice. Think of a university campus like a mini city, operating across 380 acres. You’ll find diverse academics, libraries, athletics and sporting events, full service and quick serve dining, conferences and events from small to large, recreation centers, housing for ~10,000 students, health services, police and public safety.

Central Washington University has been named a Fulbright U.S. Scholar Program Top Producing Institution for the 2022-2023 academic year. In addition, for the seventh time in eight years, CWU is a recipient of the prestigious Higher Education Excellence in Diversity (HEED) Award from INSIGHT Into Diversity magazine. Come join us on our journey to encourage, inspire, and create spaces where all identities thrive on campus.

Tour our campus in Ellensburg here. www.youtube.com/watch?v=HjdhOegDa9A

The Information Security Services Department in the Division of Information Services and Security is responsible for establishing and maintaining an information security program based on best-practice and industry standards to ensure the confidentially, integrity, and availability of university information technology assets. The department consists of a Director of Information Security, two journey security analysts, and several student employees.

cwu.edu/security–services/

What we offer:

Our investment in you begins the day you join our team, a healthy and successful future for you is important to us. We offer medical, dental, life and disability insurance, retirement and optional savings plans, tuition assistance for you and your dependents, discounts across town, an employee assistance program for individualized counseling, and a wellness incentive program. Learn more: www.cwu.edu/hr/benefits-perks-discounts.

The Role:

This position reports to the Associate Vice President for Information Services and Security/CIO and oversees the Security Services department. Under the general direction of the CIO, this position leads the university’s efforts to further develop information security programs, including policy, practices, and standards; awareness and training; incident response and management; identity and access management; vulnerability management and IT risk management. All employees are expected to support CWU’s commitment to diversity and to bring and support inclusion into the university environment.

Leadership of the University’s information security program:
– Lead the university’s efforts to further develop information security programs, including policy, practices, and standards; awareness and training; incident response and management; identity and access management; vulnerability management and IT risk management
– Conduct information security operations activities such as monitoring and triage of security events, analysis of anomalies, threat hunting, security operation monitoring, and tuning of security systems and tools.
– Conduct internal risk assessment, including third party vendor assessments, and develop solutions to remediate or mitigate risks
– Conducts quarterly access audits and coordinate annual PCI DSS compliance audit
– Define and report on information security metrics
– Work closely with IS leadership team to develop and maintain formalized disaster recovery plan
– Partner with software development team to manage application security, give actionable recommendations to software development team

Managing the information security team:
– Direct and manage the information security team comprised of two full-time employees and two student employees
– Provide vision and direction to the information security team
– Ensure the delivery of a suite of high-quality information security services to the university
– Develop and implement appropriate professional training programs for the team
– Maintain the appropriate knowledge, skills and abilities for the position

Provide information security leadership:
– Participate in strategic planning and development of goals and objectives, with special attention to providing leadership for those related to information security
– Serve as primary IS contact for information technology security incidents affecting the institution
– Assess IT security trends and news, including researching emerging technologies and maintain awareness of current security risks

Serve as security liaison:
– Serve as liaison to federal, state, local and professional organizations
– Serve as primary contact for information security vendors and contractors

Supervision:
– Directs and manages the information security team comprised of two professional staff and three student employees
– Actively engages in recruitment and hiring new employees
– Clearly defines performance expectations, ensure accountability, and provides ongoing informal feedback, coaching, and mentoring. Conducts formal performance evaluations
– Ensures employees have necessary resources
– Oversees and directs the work of staff; serves as mentor, coach and leader, and resolves complaints or issues
– Promotes professional development opportunities
– Develops and fosters supportive working relationships, motivation and engagement
– Communicates information to staff on an ongoing basis to influence staff engagement and to be a part of a larger community
– Takes corrective action in a timely manner
– Recognizes and rewards employees for good performance
– Schedules employee work hours/shifts; monitor hours worked; approve payable time and absence requests
– Adjusts leadership style as needed to achieve results

– Recognizes value of and promotes diverse workforce. Values and encourages diverse perspectives, creativity and teamwork
– Other duties as assigned

• BA/BS degree from an accredited higher education institution in computer science, management information systems, information security or other related field
• Eight or more years of experience in the Information Technology field with direct experience in the specific technical areas of systems administration, applications development, database administration, network operations and/or data center operations
• Six or more years of experience in the information security field
• Knowledge of information security standards; and federal, state, and local regulations including PCI, FERPA, HIPAA, GLBA, NIST 800, and ISO 27001/27002
• Proven team leadership and management skills
• Experience presenting complex security concepts to a variety of audiences or groups (e.g. end-user training, security conference presentations, executive-level briefings)
• Demonstrated ability and/or experience working with students and/or co-workers from a wide range of abilities, backgrounds, and experiences.
• OR any combination of education and experience which clearly demonstrates the ability to accomplish the essential functions of the job

Preferred Qualifications

• Master’s degree from an accredited college or university
• Experience working in a large enterprise IT environment and managing both locally hosted and remotely/cloud-hosted systems
• Experience with SaaS, IaaS, and/or PaaS; identity and access management solutions; IDS/IPS and firewalls; SAML, SSO, or authentication protocols
• GIAC/GSEC, CISM, CISSP, etc. certification
• Experience working in higher education
• Experience or interest in mentoring students from a variety of backgrounds.
• Demonstrated commitment to improving access to higher education for students through various activities.

Competencies

• Accountability/Dependability: Accepts responsibility for quality of own work; acknowledges and corrects mistakes. Shows up on time, meets standards, deadlines and work schedules.
• Judgement: Makes timely, informed decisions. Analyzes options and determines appropriate course of action.
• Teamwork: Promotes cooperation and mutual support to achieve goals. Encourages participation and mutual support.
• Adaptability/Flexibility: Responds positively to changing business needs and responsibilities. Adapts approach and methods to achieve results; recovers quickly from setbacks and finds alternatives.
• Commitment to Diversity: Recognizes the value of diversity and helps create environment that supports and embraces diversity.

Don’t meet every single requirement? At CWU we’re dedicated to building a diverse, inclusive, and authentic workplace, so if you’re excited about this role but your experience doesn’t align perfectly with every requirement, we encourage you to apply anyway. This may be the job for you!

Salary: $130,000 – $150,000 annually

Schedule/Appointment: Monday – Friday, 8:00am-5:00pm (1 hour lunch)

Working Conditions: Work is performed in an indoor office setting with frequent in-person interactions. It is essential to be able to remain at a desk/computer workstation for prolonged periods of time, perform extensive data entry and other computer-related tasks and create/maintain filing systems for departmental records. Some evening or weekend work and/or occasional travel will be required.

The candidate selected for this position may be eligible to work remotely subject to an approved remote work agreement, which is reviewed and approved annually. Remote work requires successful candidates to possess their own high-speed internet and phone to perform the work on a University provided computer. Candidate may, on occasion, be required to report to campus due to operational needs for meetings, trainings, or other activities.

Benefits: CWU offers a comprehensive benefits package including medical and dental insurance, retirement and optional savings plans, life and disability insurance, along with vacation and sick leave plans depending on employment classification. For additional information please visit: www.cwu.edu/hr/benefits-perks-discounts.

An employee of CWU may be eligible for the Public Service Loan Forgiveness Program if the employee has student loans. To learn more, visit: https://ofm.wa.gov/state-human-resources/public-service-loan-forgiveness-program.

To apply for this position, you must complete the on-line application and attach:

• A detailed cover letter clearly demonstrating how your education and experience: (a) meet the required (and, as applicable, preferred) qualifications, and (b) demonstrate the ability to perform the responsibilities as described by the posting;
• Resume including work history, education, training; and
• Contact information for three professional references.

Screening Begins: April 5, 2023 

**Priority will be given to applications received by the screening date. Incomplete applications will not be considered.

Name: Virginia Tomlinson
Title: AVP Information Services and Security
Email: [email protected]
Website: cwu.edu/security–services/

Please contact Human Resources at [email protected] or 509-963-1202 if you require technical assistance with the on-line application process.

Prior to employment, final candidate(s) will be required to sign a Sexual Misconduct disclosure in pursuant to RCW 28B.112.080 and submit to a background check. All information obtained through background investigations will be strictly confidential and revealed only to those required to have access.

Job ID: 5467