Job Description Summary:
The Division of Information Technology (it.gwu.edu) is the chief provider of technology infrastructure, services and applications at GW. The Division partners with stakeholders across GW to equip students, staff and faculty with the technology know-how and tools necessary to achieve academic excellence. Reporting to the Assistant Vice President of Information Security & Compliance Services, the Director of Information Security Services works within the Division's Information Security & Compliance Services department.
The Director of Information Security Services serves as a central liaison and contact regarding the security of data networks and central computing facilities which includes coordinating activities with University users and external IT managers. Along these lines, this individual fosters strong partnerships to ensure reasonable security controls are properly designed and implemented to adhere to regulatory and internal requirements, attends project and planning meetings to provide input and recommendations on secure deployment of new services, as well as interacts with the University user community to understand research needs and ensure secure access to data. The incumbent oversees intrusion detection functions and leads forensic investigations and incident response activities. The Director also evaluates future security requirements, developing and recommending budget changes accordingly, and manages consultants, vendor contracts, and purchases. This role requires the incumbent to maintain a professional expertise by attending outside seminars/courses as well as through the review of published literature. The Director manages a team of IT Security professionals to assist in achieving the aforementioned goals and objectives.
The position is based at GW's Foggy Bottom campus in Washington, DC but may require occasional travel to GW's Virginia Science & Technology campus in Ashburn, VA. The incumbent may perform other related duties as assigned. The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position.
Serves as a central liaison and contact regarding the security of data networks and central computing facilities which includes coordinating activities with University users and external IT managers. Attends project and planning meetings to provide input and recommendations on secure deployment of new services.,
Fosters strong relationships with Division of Information Technology and partners to ensure reasonable security controls are properly designed and implemented to adhere to regulatory and internal requirements.,
Oversees intrusion detection functions and leads forensic investigations and incident response activities.,
Evaluates future security requirements and develops and recommends budget changes accordingly. Interacts with the University user community to understand research needs and ensure secure access to data.,
Manages consultants, vendor contracts and purchases. Maintains a professional expertise by attending outside seminars/courses through the review of published literature,
Performs other related duties as assigned. The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position.
The incumbent generally performs job duties in a normal business office environment. This involves working while sitting at a desk for extended periods of time. The job also includes significant event planning and execution, which requires a significant level of physical activity, including standing, walking, and occasionally lifting office supply items that may weigh up to 20 pounds. Additionally, the incumbent may be required to attend meetings in other offices, or deliver and/or retrieve information from other offices around campus.The ability to operate basic office equipment such as personal computers, duplicating machines, fax machines and standard office telephones may also be required.
- Experience partnering with Human Resources, Legal, Risk Management, and other business functions on processes and issues that relate to protection of critical information assets.
- Experience with assisting in the development and management of information security programs and related standards.
- Experience with the development and management of information risk assessment processes, including vulnerability testing and monitoring.
- Experience with intrusion detection and incident response procedures and solutions.
- Experience with formulating communication of information security, compliance, and risk standards and methodology to staff working on varied analytical, engineering, or systems integration projects.
- Experience working with outside consultants, auditors, and regulators on independent security reviews as required.
- Experience promoting information security awareness throughout the institution via training activities in coordination with other training units.
- Experience with best practices pertaining to data classification, data access controls, data stewardship, and privileged access management and monitoring.
- Experience working in a higher education environment.
Bachelor’s degree in an appropriate area of specialization plus 10 years of relevant professional experience. Degree requirements may be substituted with an equivalent combination of education, training and experience.
Special Instructions to Applicants::
In order to gain a better understanding of your experience, the professional experience section of your resume must include months in addition to years. For example, instead of "2014 – 2015," it should include "April 2014 – January 2015" or similar information.