This role is hybrid, with
3 days onsite in Boston, MA expected
Locals only
Title: Director of Information Security
Location: 216 Mass Avenue, Boston, MA 02115 –they are by the Christian Science Plaza and Library. Parking is not available and comes at a monthly cost direct to contractor.
Note
Note:
- Teams all use Agile and Service Now to track operational projects and tickets.
- Need someone with a strong technical background to understand the impact of work.
- Person needs to be a strong communicator.
Summary
- The Director of Information Security plays a critical role for the Office of Information Security (OIS) by building and managing the team responsible protecting the University’s digital assets and managing the information security program to ensure information assets and technologies are adequately protected.
- The Director of Information Security is responsible for overseeing Identity and Access Management (IAM), Security Operations, Risk and Compliance, Consulting and Awareness, and Privacy programs. They work closely with program and project managers, Quality Assurance, Enterprise Applications, and Customer experience team members to ensure security compliance with project needs.
- The Director of Information Security is an innovative, collaborative, and creative problem-solver who understands the value of a security program as an enabler for organizational success. This role requires a person who can communicate security and risk management concepts clearly to a diverse set of constituents including senior executives.
- The ideal candidate will be experienced in implementing practical security programs that are forward thinking and able to incorporate emerging digital technologies. They will act as a champion and change agent in leading the organizational changes needed to secure our environments, build resilience, and add value to the user experience. They must be adaptable and comfortable in an environment that thrives on innovation, flexibility and creativity and ensure that the university is developing the digital assets and capabilities that will be needed to survive and thrive in the midterm and long term.
Qualifications
- BS degree required in Computer Science, Information Systems, Business, Management, or related field.
- Ten or more years of work experience, preferably in information security or IT management and ideally a combination of the two.
- Five or more years of progressive leadership experience in leading cross-functional teams and enterprise-wide programs, operating and influencing, effectively across the organization and within complex contexts.
- Strong interpersonal skills. Ability to work across business lines at senior levels to influence and effect change to achieve common goals.
- Demonstrated leadership. A proven track record of successfully leading complex, multidisciplinary talent teams in new endeavors and delivering solutions.
- Strategic technology planning experience. Experience in strategic technology planning and execution, as well as policy development and maintenance.
- Analytical skills. Outstanding analytical and problem-solving abilities.
- Ability to effectively guide and sustain people, process, and technology change in a dynamic and complex operating environment.
- Seriousness or presence ("gravitas") to develop a risk management program, as well as to sell and embed it in all levels of the business.
- Fearlessness in suggesting or backing big ideas. Tenacity in focusing the information security process.
- Excellent oral and written communication skills. These skills will be used to explain security concepts and technologies to business leaders, and business concepts to technologists; and to sell ideas and processes internally at all levels.
- A strong understanding of the business impact of security tools, technologies, and policies.
- Experience with Identity and Access Management programs and prior experience leading IAM teams.
Supervision
Provide the number of employees reporting directly to this job and the types of employees.
Total employees: 11
Program Managers, Architects, Analysts, and Engineers
Key Responsibilities And Accountabilities
60% of time
- Assumes responsibility for planning, design, and implementation of the information security program, risk and compliance, and identity and access management.
- Balances equally the challenges that weigh on the business and the user, recognizing and communicating how each impacts risk, usability, and user experience
- Initiates communication with members of other departments and other members of development to ensure effective implementation.
- Meets with project leadership, and other stakeholders to present and build support and agreement around their technical points-of-view.
- Assists in the strategy through estimation exercises, staffing requests, and/or presentations.
- Strong debugging and problem-solving skills
- Ability to work in a highly collaborative, team-based environment.
- Effectively prioritize workload to meet deadlines and work objectives. Uses resources effectively and efficiently. Is reliable in work habits. Able to organize and self-direct execution of tasks/duties.
20% of time:
- Coordinate, measure, and report on the technical aspects of security program.
- Lead security projects and provide expert guidance on security matters for other IT projects.
- Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
20% of time:
- Manages and provides ongoing coaching and mentoring to OIS staff.
- Acts as the organizational change agent for improving OIS’s maturity and practices, in support of ITS and University goals and strategy.
- Sets and accomplishes challenging goals.
- Develops plans that meet the architecture/technology needs of the organization, incorporating business priorities, strategies, goals, emerging technologies, industry trends and economic viability.