Director, Information Security (511617)

About the job


Type of Appointment: Full-time, Management Personnel Plan (MPP II)

Anticipated Salary Range: $100,000 – $120,000 annually (Commensurate with qualifications)

Recruitment Closing Date: Open Until Filled

REQUIRED- All Candidates Must Submit The Following

  • Application
  • Cover letter
  • Resume or CV
  • Three References

The Department

Information Security – Works in collaboration with the campus community to protect the integrity of campus information technology infrastructure to mitigate risks and losses associated with security threats, while supporting access to technology.

Duties And Responsibilities

Risk & Compliance

  • Perform risk and control assessments of campus 3rd party products/service and new projects
  • Engage in contract review and negotiations for compliance with legal and policy obligations
  • Provide subject matter expertise related to information security, standards and regulatory compliance
  • Provide recommendations for security controls and ensures remediation of any deficiencies to ensure compliance with CSU, campus policy and regulatory requirements
  • Provide subject matter expertise for initiatives related to information security and regulatory compliance
  • Coordinate and align security operation practices and compliance requirements through department and campus partnerships, training, and documentation.
  • Collaborate with campus IT and functional departments to assess, design, develop and implement security controls for campus systems, applications, devices, workstations, networks, for faculty staff and student environments.
  • Participate as a member of the IT change control process to assess changes for IT security impact.
  • Contribute to campus & CSU security & risk assessments, audits & reports.

Vulnerability Management & Incidence Response

  • Oversight for vulnerability analysis and management process, which includes managing vulnerability scanning/reporting process. Includes use of campus vulnerability, SIEM systems and log management systems. Work with CISO, security staff and IT staff to perform technical analysis of high impact vulnerabilities and coordinate/verify response with appropriate technical teams.
  • Participate w/IT Security & Compliance Leadership team to provide oversight for incident response.
  • Provide Leadership for alert monitoring security tools and services, investigate, respond, and escalate as appropriate.
  • Participate as a member of security incident response team. Follow incident response process, coordinating with appropriate campus security and technical teams, and law enforcement as needed.
  • Participate as needed in approved campus investigations as a representative of IT Security & Compliance providing expertise, integrity, industry, CSU and CPP accepted practices/principles and ethics. Coordinate the investigation with internal compliance departments, forensic
  • vendors, and IT system/security administrators.

Reporting & Communications

  • Build and maintains an effective evidence and metrics-based culture to measure program and process effectiveness.
  • Provide status reporting to all levels of management
  • Maintains a broad knowledge base on the latest information security issues related to job duties.
  • Raises security risks to other members of the IT&IP leadership through effective communication about impact, cause and remediation.
  • Contributes to the development and maintenance of a security awareness program for the campus community
  • Shares knowledge with other IT&IP team members and the campus community through cross-training, presentations, etc.
  • Promotes awareness of IT&IP security and compliance working with IT and campus management. Awareness and training program that focuses on the elements of the compliance program, and seeks to ensure that all appropriate employees and management are knowledgeable of, and comply with, pertinent federal and state, and CPP standards
  • Demonstrates ongoing and self-motivated pursuit to enhance knowledge and skills (both technical and non-technical) through formal and informal trainings, conferences/events, informal learning plans, professional memberships, etc.


  • Serve as a member of the IT&IP Leadership Team and contributes to regularly scheduled management meetings.
  • Works in collaboration with other IT&IP leaders on the division’s strategic planning initiatives, projects, and related assignments.
  • Supports and coordinates the campus risk and security assessments.
  • Represents IT&IP in various campus committees and venues, leveraging them as additional input sources for planning and feedback.
  • Works with faculty and students on cyber security initiatives and partnerships (grants, cyber fair, etc.)


  • Bachelor’s degree from an accredited college or university in a field of study reasonably related to the position.
  • 5+ years of demonstrated experience in an information technology, information security, or network management
  • 3+ years of experience with increasing responsibilities for leading or managing information technology professionals to accomplish department and/or organizational objectives.
  • Demonstrated leadership experience working in a position that requires a high-degree of technical operational and service skills with a proven commitment to promoting and maintaining a service-oriented culture.
  • 3+ years of experience with information technology risksecurity and/or privacy within a large-scale IT organization

Ability to quickly and accurately aggregate, analyze, and review large volumes of technical and non-technical information to support simultaneous assessments for audits, compliance, vulnerabilities, risk analysis, incidents, investigations, etc. Ability to analyze complex situations such as personnel, operational, technical or security issues and to develop and work with and through others to implement corrective actions and/or mitigation strategies for university-wide success. Ability to interpret and evaluate data and results to develop sound conclusions and make recommendations including new or revised guidelines, procedures, practices, and/or policy. Ability to understand problems from a broad, interactive perspective and discern applicable underlying principles to conceive of and develop strategic solutions; Familiarity with IT audit, compliance or security risk assessment, policy management, or compliance programs. Familiarity with regulatory requirements, standards, guidelines such as PCI DSS, CLETS/JDIC, HIPAA, GLBA, Red Flag Rule, GDPR, FERPA, OWASP, Section 508 of the Rehabilitation Act, WCAG, WAI-ARIA, etc. Familiarity with control frameworks such as MITRE ATT&CK, NIST, COBIT, ISO27001, ITIL. Ability to manage, maintain and motivate technical and non-technical staff members. Excellent oral and written communications skills required to communicate to technical and non-technical audiences including experience preparing and presenting information clearly and concisely to a wide range of internal, external and customer constituencies, including executives. Exceptional interpersonal skills coupled with the ability to develops and promotes high-performing teams, partnership, inclusivity, and transparency with others. High ethical standards and business acumen.

Preferred Experience

  • Master’s degree in Instructional Technology, Information Technology, Computer Science, Business Administration, or related discipline.
  • 5 years of Management experience in an Information Technology organization in an University environment.
  • Experience in a large, complex and diverse public sector information technology organization.
  • Demonstrated experience with the full implementation of large-scale projects.
  • Relevant IT professional certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or other Information Security / IT audit certification (e.g. CISA); Program Management Professional (PMP), ITIL Foundations, AWS/Azure certifications

Providing technical support to technical and non-technical users, including involvement in significant projects involving core enterprise-level infrastructure and/or services; Experience in supporting computing platforms running Windows-based and Linux-based operating systems; Experience in managing and/or securing systems and infrastructure in an IaaS cloud platform such as Amazon AWS; Knowledge of modern programming languages, including PowerShell, ASPX, VBScript, SQL, Shell Scripts, Perl, Knowledge of networking technologies, including TCP/IP, DNS, DHCP, routing and firewall configuration and operation. Ability to debug complex technical problems with modern computer operating systems, applications and networks.

COVID-19 Vaccination

CSU requires faculty, staff, and students who physically access campus facilities or programs to be fully vaccinated against COVID-19, which includes obtaining a COVID-19 booster dose, or declare a medical or religious exemption from doing so. Any candidates advanced in a currently open search process should be prepared to comply with this requirement. See policy at

Out of State Work

The California State University (CSU) system is a network of twenty-three public universities providing access to a quality education through the support of California taxpayers. Part of CSU’s mission is to prepare educated, responsible individuals to contribute to California’s schools, economy, culture, and future. As an agency of the State of California, the CSU’s business operations almost exclusively reside within California. The CSU Out-of-State Employment Policy prohibits hiring employees to perform CSU-related work outside California. See policy at

Background Check

Satisfactory completion of a background check (including a criminal records check) is required for employment. Cal Poly Pomona will make a conditional offer of employment, which may be rescinded if the background check reveals disqualifying information, and/or it is discovered that the candidate knowingly withheld or falsified information. Failure to satisfactorily complete the background check may affect the continued employment of a current Cal Poly Pomona employee who was conditionally offered the position. See policy at


Cal Poly Pomona hires only individuals lawfully authorized to work in the United States. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire. See Form I-9 Acceptable Documents at

Conflict of Interest

This position is a “designated position” in the California State University’s Conflict of Interest Code. The successful candidate accepting this position is required to file Conflict of Interest forms subject to the regulations of the Fair Political Practices Commission. See policy at

Outside Employment Disclosure

Prospective Executive and Management Plan Personnel employees must disclose all current outside employment at the time of hire as a precondition of hire and at the following times after hire: annually in July, within 30 days of accepting outside employment, and upon their manager’s request. See policy at

Child Abuse/Neglect Reporting Act (CANRA)

The person holding this position is considered a “mandated reporter” under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 as a condition of employment. See policy at


Cal Poly Pomona is a smoke and tobacco-free campus. See policy at

Clery Act

In compliance with state and federal crime awareness and campus security legislation, including The Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act, California Education Code section 67380, and the Higher Education Opportunity Act (HEOA), the Cal Poly Pomona Annual Security and Fire Safety Report is available at:

Reasonable Accommodation

We provide reasonable accommodations to applicants and employees with disabilities. Applicants with questions about access or requiring a reasonable accommodation for any part of the application or hiring process should contact the ADA Coordinator by email at More information is available at:


Cal Poly Pomona is an Equal Opportunity, Affirmative Action Employer. The university subscribes to the pay transparency nondiscrimination provision and all state and federal regulations that prohibit discrimination based on race, color, religion, national origin, sex, gender identity/gender expression, sexual orientation, marital status, pregnancy, age, disability, genetic information, medical condition, and covered veteran status. More information is available at: and at

More Information

Apply for this job

Leave your thoughts