Director, Cybersecurity and Deputy CISO

George Washington University

Washington, DC

ID: 7206466
Posted: January 11, 2024
Application Deadline: Open Until Filled

Job Description

Job Description Summary:
GW Information Technology is a trusted partner, enabling the delivery of world class education, research, and clinical care by providing an efficient, scalable, and secure digital experience to GW faculty, students, and staff. We are committed to cultivating a team culture that values diversity, inclusion, respect, and collaboration, and invests in each of our team members to grow in their technology and career skills.

This senior level role has the responsibility for the development, implementation, and continuous improvement of the University’s cybersecurity program. They are responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. A key element of this role is working with executive management and campus leaders to determine acceptable levels of risk for GW IT and the University. Doing so requires this role to have a deep understanding of business functions and recognize the critical balance of securing our services while still ensuring the ability of the University to deliver to its mission.

This Director serves as a leader, mentor, and coach for a diverse team of talented and dedicated security professionals supporting application security, security engineering, SOC/IR, cybersecurity risk, and assurance services. This team is responsible for planning, directing, and coordinating the implementation of strategic initiatives to preserve the availability, integrity, and confidentiality of information resources. They are also responsible for the ongoing management of cybersecurity defenses and responding to threats and attacks.

This role works closely with senior IT leadership and across the University to ensure continuous engagement and awareness of ongoing and emergent threats and promotes the shared responsibilities involved in protecting the University’s most vital information resources. This includes ensuring clear and concise communications on the maturity of our cybersecurity program, reporting on the performance of units on meeting security standards critical to successful outcomes, and identifying strategic areas of investment to ensure continued success.

The position can be based out of the Foggy Bottom, DC or Ashburn, VA campus locations. Travel between campus locations will be required.

Specific Responsibilities Include:

Directs all activities pertaining to the University’s cybersecurity program.
Leads the development, maintenance, awareness, and enforcement of cybersecurity policies, standards, guidelines, procedures, and baselines to ensure effective protection of information, systems, and services.
Partners with compliance, privacy, data governance, risk management, research integrity, treasury, general counsel, and similar offices in evaluating and interpreting external regulations and legal statutes as they relate to the short and long-range compliance and risk mitigation needs.
Establishes relationships and regularly engages with local institutions, municipal partners, and law enforcement to ensure appropriate sharing of threat intelligence, strategic resource alignment, and effective cyber response capabilities.
Collaborates and partners with emergency management and GW police on cybersecurity incident tabletop exercises and ensuring the alignment of IT processes and procedures.
Oversees the SOC/IR functions to ensure effective threat prevention, detection, and response; Coordinates with operational technical groups and business units to identify and implement measures to prevent or detect security incidents and breaches.
Oversees the cybersecurity risk and assurance functions to ensure the IT risk management program is effective in evaluating and remediating risks associated to internal and third party provided services and that training and awareness programs are meeting the needs of the university community. This includes coordination and participation in IT audit planning, response, and remediation activities.
Partners with technology operations and engineering teams to develop, implement and monitor business continuity plans and directs technological design and/or enhancements to GW’s information security infrastructure.
Participates and sponsors appropriate resource participation in the source selection process for significant IT Investments in services, and products related to compliance and security.
Monitors, plans, and projects the budgets associated with the cybersecurity program and security project funds; evaluates future security requirements and recommends budget changes accordingly.

Performs other related duties as assigned. The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position.
Minimum Qualifications:
Qualified candidates will hold a Bachelor’s degree in an appropriate area of specialization plus 10 years of relevant professional experience, or, a Master’s degree or higher in a relevant area of study plus 8 years of relevant professional experience. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.

Additional Required Licenses/Certifications/Posting Specific Minimum Qualifications:
Preferred Qualifications:
5 years experience in a technology leadership position.
2 years in cybersecurity leadership.
10 years experience in IT leadership.
5 years leading a cybersecurity program.
Master’s Degree in an IT or cybersecurity related field.
Certification in the field of IT Governance, IT Risk Management, Information Assurance, Cybersecurity Leadership or related.
Experience working at a research university or academic medical center with deep knowledge of regulatory requirements in these environments.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk related concepts to technical and nontechnical audiences.
Poise and ability to act calmly and competently in high-pressure, high stress situations.
Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
Experience partnering with Human Resources, Legal, Risk Management, and other non-IT functions on processes and issues that relate to protection of critical information assets.
Proficiency in developing information security policies and procedures, as well as associated awareness and engagement campaigns promoting cybersecurity awareness.
Experience with developing security strategies for on-premises, cloud, and hybrid IT service delivery models.
Experience working with outside consultants, auditors, and regulators on independent security reviews as required.
Experience with security operations center and incident response strategies and management.
Experience with assurance services to include cybersecurity risk, third party assessments, and continuity of operations.
Experience with application security, specifically pertaining to understanding risks, vulnerabilities, mitigation techniques, and compensating controls.
Experience managing and interfacing with remote workers and teams.
Typical Hiring Range Commensurate with Experience.