Job title: Executive Director, Cyber Security and IT Risk Management
Company: Cleveland Metropolitan School District
Job description: Position Type: Administration and ProfessionalsDate Posted: 2023-11-01Location:East Professional CenterINTRODUCTION: CONTEXT AND MISSIONThe Cleveland Metropolitan School District (CMSD) serves approximately 37,000 students in 100+ schools. Over the past several years, the Greater Cleveland community has united behind the collective goal of ensuring every child in Cleveland attends a high-quality school and every neighborhood has a multitude of great schools from which families can choose. The Cleveland Plan defines CMSD’s approach to the reinvention of public education and holds our community accountable for the success of Cleveland’s schoolchildren. The Cleveland Plan is supported by Ohio House Bill 525, which provides much-needed flexibility and autonomy for the district and its schools. Our schools have autonomy over human and financial resources in exchange for accountability forperformance. The principal has primary responsibility and accountability for establishing his or her school as a high-quality, high-expectations academic center with a focus on personalized instruction, professional support for teachers, and school-wide practices that lead to measurable results.The Cleveland Metropolitan School District has developed standards of excellence that the district applies to all parts of the organization inclusive of schools, principals, school leadership teams, networks, and central office. Alignment between Standards of Excellence (SoE) and the district’s Theory of Action helps ensure that principals are able to focus on scholar achievement and that central office supports are timely and effective.Our Vision for Learning in a Post-Pandemic World:In our pursuit of a more fair, just, and good system of education, we want each of our learners, both each of our scholars and each of their educators, to be individually and collectively presented with academically / intellectually complex tasks that are worthy of their productive struggle and allow them authentic opportunities to demonstrate their work and their learning of academic content and transferable skills in a joyful and adventurous environment.THE OPPORTUNITY:Location: Administration
Reports To: Chief Information Officer
FLSA Status: Exempt
Salary Band: 16
Compensation: $ 91,800. – $ 128,520.The Executive Director, Cyber Security and IT Risk Management is responsible for the security of the District’s information technology resources, digital assets, user identity, and data privacy. This role will identify current threats, mitigate vulnerabilities, and anticipate future cybersecurity challenges. Utilize new technologies to increase the security of the District’s existing and emerging IT infrastructures, systems, and information. Manages the reporting, investigation, and resolution of information security incidents. Works with and consults with executive/senior leaders such as the Legal Department on potential information breaches. Perform audit and security compliance checks, including network penetration testing, vulnerability scans, and other configuration analysis. Provides strategic leadership in the development and execution of a comprehensive strategy/ roadmap for cyber security and IT risk management programs and architecture. Establish relationships with Homeland Security, the FBI, and other security agencies to establish cyber security and security response best practice processes and procedures. Responsible for establishing a formal cyber security awareness program and conducting phishing campaigns.ESSENTIAL DUTIES & RESPONSIBILITIES
- Establish IT security standards for network infrastructure, applications, servers, data, desktops/laptops/tablets and mobile devices.
- Perform periodic (semiannual or annual) penetration testing and vulnerability scans.
- Establish a formal IT forensics program to ensure proper security investigative activities are performed based on best practices.
- Responsible for development, management and compliance of an enterprise-wide cyber security awareness program to drive desired security behaviors across the District.
- Partner with Homeland Security, the FBI and other appropriate agencies to develop and implement cyber security and IT risk management programs.
- Develop policies, procedures, communications and training for cyber security and IT risk management programs.
- Perform audit and security compliance checks, including technical configuration analysis, testing of controls for SOC1, SOC2 and other compliance activities.
- Develop and maintain Acceptable Use and Internet Safety policies for staff and students.
- Maintain up-to-date knowledge and understanding of technology trends, security threats, infrastructure vulnerabilities, and business dependencies that could impact the District’s risk profile.
- Develop threat models and security risk assessments, and recommend mitigations and countermeasures to address risks, vulnerabilities and threats.
- Lead and direct support of all IT security audits (e.g., federal, state and internal).
- Track and mediate security audit findings and security vulnerabilities detected from scans.
- Develop and maintain a disaster recovery plan and procedures. Conduct periodic disaster recovery drills/exercises with key stakeholders and Service Providers.
- Have responsibility for security monitoring and alerting, identity and access management, internet content management and privileged account management.
- Responsible for the investigation and reporting of cybercrimes, including identity theft, ransomware attacks, etc.
- Responsible for ensuring appropriate governance over Managed Service Providers managing and maintaining information security technologies.
- Partner with key stakeholders such as Facilities and Safety and Security to develop, document and test plans for emergency response and to ensure appropriate staff awareness.
QUALIFICATIONSKnowledge, Skills and Abilities
- Knowledge of federal, state, and local cyber and information security regulation and legislation specifically HIPAA, FERPA, as well as industry frameworks, such as NIST, ISO 27001/27002 and COBIT).
- Knowledge of identity and access concepts and technologies to secure computing environments and end-user access, such as SSO and SAML.
- Knowledge in Security Operations Center (SOC) service delivery and management
- Demonstrated understanding of comprehensive security programs, including technologies and tools, architectures, network and application design, including an understanding of the business impact of related technology risks.
- High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
- Understand current and emerging cyber security risks, and innovative risk management methods
- Ability to interpret and apply security policy, standards, and controls definitions across a large complex business environment, with third-parties, and multiple cloud service providers.
Experience
- 8+ years of IT leadership experience.
- 5+ years’ experience implementing layered security practices for network, host, applications, data and access to IaaS, PaaS and SaaS services in a hybrid deployment environment.
- Experience implementing and operating security technologies and processes in a hybrid cloud environment, such as Amazon AWS or Microsoft AZURE and customer on-premise.
- Experience in implementation and management of hardware and software firewalls, user content management devices, IDS/IPS and DDOS platforms.
Education
- Bachelor’s Degree in Computer Science, Information Systems or related field.
- Possess one or more advanced professional security certifications related to chosen discipline (CISSP, CCSP, CISM, CISA or SANS) preferred but not required.
WORK ENVIRONMENTThe characteristics listed below are representative of the work environment typically encountered by an individual while performing the essential duties of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.
- While performing the duties of this job, the employee is exposed to a normal office environment
- Some travel may be required for training/meetings
NOTE: The above stated duties are intended to outline those functions typically performed by individuals assigned to this classification. This description of duties is not intended to be all-inclusive or to limit the discretionary authority of management to assign other tasks of similar nature or level of responsibility.EducationTo ApplyPlease submit your resume and application using Workday, our online human capital management system. Please note that an offer of employment will be subject to the successful completion of an FBI/BCI background check and drug screen.EEO StatementWe believe that equity and inclusion at CMSD is an essential call to action, a catalyst to ensure value and appreciation among all our employees, so we may be fair and welcoming now and in the future. CMSD provides equal opportunities for employment, retention and advancement of all personnel by administering all terms and conditions of employment regardless of race, color, ethnicity, ancestry, national origin, sex, disability or genetic information, age, citizenship status, military status, sexual orientation or expression, socio-economic status, title, other dimensions of identity, or any other characteristic protected by law.The District’s Policy Prohibiting Discrimination, Discriminatory Harassment, and Sexual Harassment and the District’s Title IX grievance procedures, including information on how to report or file a complaint of discrimination, how to report or file a formal complaint of sexual harassment, and how the District will respond, may be accessed on the District’s Civil Rights Notices webpage, available at ClevelandMetroSchools.org/domain/105. The District’s Title IX Coordinator / Director of Equal Employment Opportunity may be reached at:1111 Superior Avenue East, Suite 1800Cleveland, Ohio 44114(216)-838-0070
Expected salary: $91800 – 128520 per year
Location: USA
Job date: Thu, 25 Apr 2024 06:15:27 GMT
Apply for the job now!