The Director of Cybersecurity Risk Management is responsible for the development, enforcement, and general management of the university’s cybersecurity risk management, vulnerability management, policies, and audit activities. They support the Georgetown University information security program through ownership of policy development and enforcement. They run the vulnerability management program, to include ensuring that system owners and system managers keep all systems up to date with current p... more details
Located in a historic neighborhood in the nation's capital, Georgetown offers rigorous academic programs, a global perspective, exciting ways to take advantage of Washington, D.C., and a commitment to social justice. Our community is a tight knit group of remarkable individuals interested in intellectual inquiry and making a difference in the world.
Requirements
Director of Cybersecurity Risk Management - University Information Services - Georgetown University
Job Overview
The Director of Cybersecurity Risk Management is responsible for the development, enforcement, and general management of the university’s cybersecurity risk management, vulnerability management, policies, and audit activities. They support the Georgetown University information security program through ownership of policy development and enforcement.
They run the vulnerability management program, to include ensuring that system owners and system managers keep all systems up to date with current patches and reducing, eliminating, or mitigating vulnerabilities; and lead the cybersecurity awareness and training program to include education, outreach, and performing phishing training campaigns.
In a Senior-level position within the UISO, the Director represents the Office of the Chief Information Security Officer (CISO) on cybersecurity risk and vulnerability management across GU; serves point-of-contact for the security posture concerns related to departments and organizations outside UIS, the alternate representative of the organization’s security presence to external parties, and the alternate contact point for external auditors and agencies; and ensures compliance with current and emerging regulatory requirements related to cyber security.
Work Interactions
Reporting to the Deputy Chief Information Security Officer, the Director of Cyber Risk Management has interactions with - and may impact - University senior executives, administrators, faculty, alumni, staff, and students, as well as technical staff and IT managers throughout the entire University.
They necessarily communicate effectively and professionally through verbal and written interactions with multiple groups and are self-directed based upon input from the CISO and other appropriate University leadership.
As well, they supervise Security Analysts as assigned to assist with the execution of designated responsibilities.
And in a position of trust, the Director has access to University data or information that may be highly sensitive or confidential in nature.
Requirements and Qualifications
- Related technical certification or equivalent combination of education (minimum of Bachelor’s degree) and experience required (with solid technical understanding of multi-platform / hosted environments and their operational/security considerations)
- 7 years or more of information security and/or IT compliance and assurance experience – with at least 2 years in a supervisory / lead role - preference for higher education industry experience
- Firm understanding and experience addressing key IT compliance regulations & obligations - including HIPAA, PCI, FERPA, GLBA, and others as identified
- Track record of risk assessment, problem identification, analytical problem solving, and issue resolution
- Ability to learn quickly with strong foundation in understanding and assessing processes and controls
- Excellent written/verbal communication skills with the ability to regularly present to groups
- Availability and willingness to work outside of usual business hours of Georgetown University - including potential on-call responsibilities or to provide assistance for security incidents
Technical Responsibilities/Qualifications
- Understanding of governance and compliance and the ability to enforce policies
- Understanding of threat landscape and ability to manage risk across a dispersed portfolio
- Familiarity with Cyber Security frameworks, including NIST and ISO Security Architecture/Engineering
- Experience with the following: a) Securing communications, applications and business systems b) Performing risk IT assessments c) Oversight of drafting of policies and procedures for secure daily operations d) Physical and technical security implementation e) Security education methodology and campaign f) Selection, testing deployment and maintenance of security hardware g) Planning, testing and managing disaster recovery and security breaches h) Incident Management and Investigation experience, and i) Representative when dealing with law enforcement agencies while pursuing the sources of network attacks and information theft by employees
The Director of Cyber Risk Management is expected to sign a confidentiality agreement and expected to abide by and enforce University policies.
The expected pay range for this position is $103,723 to $169,950 per year.
Georgetown University provides pay ranges representing its good faith estimate of what the university reasonably expects to pay for a position. The pay offered to a selected candidate will be determined based on factors such as, but not limited to, the scope and responsibilities of the position, the qualifications of the selected candidate, departmental budget availability, internal equity and external market pay for comparable jobs.
Current Georgetown Employees:
If you currently work at Georgetown University, please exit this website and login to GMS (gms.georgetown.edu) using your Net ID and password. Then select the Career worklet on your GMS Home dashboard to view Jobs at Georgetown.
Submission Guidelines:
Please note that in order to be considered an applicant for any position at Georgetown University you must submit a resume for each position of interest for which you believe you are qualified. Documents are not kept on file for future positions.
Need Assistance:
If you are a qualified individual with a disability and need a reasonable accommodation for any part of the application and hiring process, please click here for more information, or contact the Office of Institutional Diversity, Equity, and Affirmative Action (IDEAA) at 202-687-4798 or ideaa@georgetown.edu.
Need some assistance with the application process? Please call 202-687-2500. For more information about the suite of benefits, professional development and community involvement opportunities that make up Georgetown's commitment to its employees, please visit the Georgetown Works website.
EEO Statement:
Georgetown University is an Equal Opportunity/Affirmative Action Employer fully dedicated to achieving a diverse faculty and staff. All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, color, religion, national origin, age, sex (including pregnancy, gender identity and expression, and sexual orientation), disability status, protected veteran status, or any other characteristic protected by law.
Benefits:
Georgetown University offers a comprehensive and competitive benefit package that includes medical, dental, vision, disability and life insurance, retirement savings, tuition assistance, work-life balance benefits, employee discounts and an array of voluntary insurance options. You can learn more about benefits and eligibility on the Department of Human Resources website.
