Cleveland Metropolitan School District
Executive Director, Cyber Security and IT Risk Management
Cleveland Metropolitan School District, Cleveland, Ohio, us, 44101
Executive Director, Cyber Security and IT Risk ManagementPosition Type:
Administration and Professionals
Date Posted:
2023-11-01
Location:
East Professional Center
INTRODUCTION: CONTEXT AND MISSION
The Cleveland Metropolitan School District (CMSD) serves approximately 37,000 students in 100+ schools. Over the past several years, the Greater Cleveland community has united behind the collective goal of ensuring every child in Cleveland attends a high-quality school and every neighborhood has a multitude of great schools from which families can choose. The Cleveland Plan defines CMSD’s approach to the reinvention of public education and holds our community accountable for the success of Cleveland’s schoolchildren.
THE OPPORTUNITY:
Location: AdministrationReports To: Chief Information OfficerFLSA Status: ExemptSalary Band: 16Compensation: $91,800 - $128,520
The Executive Director, Cyber Security and IT Risk Management is responsible for the security of the District’s information technology resources, digital assets, user identity, and data privacy. This role will identify current threats, mitigate vulnerabilities, and anticipate future cybersecurity challenges. Utilize new technologies to increase the security of the District’s existing and emerging IT infrastructures, systems, and information. Manages the reporting, investigation, and resolution of information security incidents. Works with and consults with executive/senior leaders such as the Legal Department on potential information breaches.
ESSENTIAL DUTIES & RESPONSIBILITIES
Establish IT security standards for network infrastructure, applications, servers, data, desktops/laptops/tablets and mobile devices.
Perform periodic (semiannual or annual) penetration testing and vulnerability scans.
Establish a formal IT forensics program to ensure proper security investigative activities are performed based on best practices.
Responsible for development, management and compliance of an enterprise-wide cyber security awareness program to drive desired security behaviors across the District.
Partner with Homeland Security, the FBI and other appropriate agencies to develop and implement cyber security and IT risk management programs.
Develop policies, procedures, communications and training for cyber security and IT risk management programs.
Perform audit and security compliance checks, including technical configuration analysis, testing of controls for SOC1, SOC2 and other compliance activities.
Develop and maintain Acceptable Use and Internet Safety policies for staff and students.
Maintain up-to-date knowledge and understanding of technology trends, security threats, infrastructure vulnerabilities, and business dependencies that could impact the District’s risk profile.
Develop threat models and security risk assessments, and recommend mitigations and countermeasures to address risks, vulnerabilities and threats.
Lead and direct support of all IT security audits (e.g., federal, state and internal).
Track and mediate security audit findings and security vulnerabilities detected from scans.
Develop and maintain a disaster recovery plan and procedures. Conduct periodic disaster recovery drills/exercises with key stakeholders and Service Providers.
Have responsibility for security monitoring and alerting, identity and access management, internet content management and privileged account management.
Responsible for the investigation and reporting of cybercrimes, including identity theft, ransomware attacks, etc.
Responsible for ensuring appropriate governance over Managed Service Providers managing and maintaining information security technologies.
Partner with key stakeholders such as Facilities and Safety and Security to develop, document and test plans for emergency response and to ensure appropriate staff awareness.
QUALIFICATIONS
Knowledge, Skills and Abilities
Knowledge of federal, state, and local cyber and information security regulation and legislation specifically HIPAA, FERPA, as well as industry frameworks, such as NIST, ISO 27001/27002 and COBIT.
Knowledge of identity and access concepts and technologies to secure computing environments and end-user access, such as SSO and SAML.
Knowledge in Security Operations Center (SOC) service delivery and management
Demonstrated understanding of comprehensive security programs, including technologies and tools, architectures, network and application design, including an understanding of the business impact of related technology risks.
High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
Understand current and emerging cyber security risks, and innovative risk management methods
Ability to interpret and apply security policy, standards, and controls definitions across a large complex business environment, with third-parties, and multiple cloud service providers.
Experience
8+ years of IT leadership experience.
5+ years’ experience implementing layered security practices for network, host, applications, data and access to IaaS, PaaS and SaaS services in a hybrid deployment environment.
Experience implementing and operating security technologies and processes in a hybrid cloud environment, such as Amazon AWS or Microsoft AZURE and customer on-premise.
Experience in implementation and management of hardware and software firewalls, user content management devices, IDS/IPS and DDOS platforms.
Education
Bachelor’s Degree in Computer Science, Information Systems or related field.
Possess one or more advanced professional security certifications related to chosen discipline (CISSP, CCSP, CISM, CISA or SANS) preferred but not required.
WORK ENVIRONMENT
The characteristics listed below are representative of the work environment typically encountered by an individual while performing the essential duties of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.
While performing the duties of this job, the employee is exposed to a normal office environment
Some travel may be required for training/meetings
NOTE:
The above stated duties are intended to outline those functions typically performed by individuals assigned to this classification. This description of duties is not intended to be all-inclusive or to limit the discretionary authority of management to assign other tasks of similar nature or level of responsibility.
To Apply
Please submit your resume and application using Workday, our online human capital management system. Please note that an offer of employment will be subject to the successful completion of an FBI/BCI background check and drug screen.
EEO Statement
We believe that equity and inclusion at CMSD is an essential call to action, a catalyst to ensure value and appreciation among all our employees, so we may be fair and welcoming now and in the future. CMSD provides equal opportunities for employment, retention and advancement of all personnel by administering all terms and conditions of employment regardless of race, color, ethnicity, ancestry, national origin, sex, disability or genetic information, age, citizenship status, military status, sexual orientation or expression, socio-economic status, title, other dimensions of identity, or any other characteristic protected by law.
#J-18808-Ljbffr
Administration and Professionals
Date Posted:
2023-11-01
Location:
East Professional Center
INTRODUCTION: CONTEXT AND MISSION
The Cleveland Metropolitan School District (CMSD) serves approximately 37,000 students in 100+ schools. Over the past several years, the Greater Cleveland community has united behind the collective goal of ensuring every child in Cleveland attends a high-quality school and every neighborhood has a multitude of great schools from which families can choose. The Cleveland Plan defines CMSD’s approach to the reinvention of public education and holds our community accountable for the success of Cleveland’s schoolchildren.
THE OPPORTUNITY:
Location: AdministrationReports To: Chief Information OfficerFLSA Status: ExemptSalary Band: 16Compensation: $91,800 - $128,520
The Executive Director, Cyber Security and IT Risk Management is responsible for the security of the District’s information technology resources, digital assets, user identity, and data privacy. This role will identify current threats, mitigate vulnerabilities, and anticipate future cybersecurity challenges. Utilize new technologies to increase the security of the District’s existing and emerging IT infrastructures, systems, and information. Manages the reporting, investigation, and resolution of information security incidents. Works with and consults with executive/senior leaders such as the Legal Department on potential information breaches.
ESSENTIAL DUTIES & RESPONSIBILITIES
Establish IT security standards for network infrastructure, applications, servers, data, desktops/laptops/tablets and mobile devices.
Perform periodic (semiannual or annual) penetration testing and vulnerability scans.
Establish a formal IT forensics program to ensure proper security investigative activities are performed based on best practices.
Responsible for development, management and compliance of an enterprise-wide cyber security awareness program to drive desired security behaviors across the District.
Partner with Homeland Security, the FBI and other appropriate agencies to develop and implement cyber security and IT risk management programs.
Develop policies, procedures, communications and training for cyber security and IT risk management programs.
Perform audit and security compliance checks, including technical configuration analysis, testing of controls for SOC1, SOC2 and other compliance activities.
Develop and maintain Acceptable Use and Internet Safety policies for staff and students.
Maintain up-to-date knowledge and understanding of technology trends, security threats, infrastructure vulnerabilities, and business dependencies that could impact the District’s risk profile.
Develop threat models and security risk assessments, and recommend mitigations and countermeasures to address risks, vulnerabilities and threats.
Lead and direct support of all IT security audits (e.g., federal, state and internal).
Track and mediate security audit findings and security vulnerabilities detected from scans.
Develop and maintain a disaster recovery plan and procedures. Conduct periodic disaster recovery drills/exercises with key stakeholders and Service Providers.
Have responsibility for security monitoring and alerting, identity and access management, internet content management and privileged account management.
Responsible for the investigation and reporting of cybercrimes, including identity theft, ransomware attacks, etc.
Responsible for ensuring appropriate governance over Managed Service Providers managing and maintaining information security technologies.
Partner with key stakeholders such as Facilities and Safety and Security to develop, document and test plans for emergency response and to ensure appropriate staff awareness.
QUALIFICATIONS
Knowledge, Skills and Abilities
Knowledge of federal, state, and local cyber and information security regulation and legislation specifically HIPAA, FERPA, as well as industry frameworks, such as NIST, ISO 27001/27002 and COBIT.
Knowledge of identity and access concepts and technologies to secure computing environments and end-user access, such as SSO and SAML.
Knowledge in Security Operations Center (SOC) service delivery and management
Demonstrated understanding of comprehensive security programs, including technologies and tools, architectures, network and application design, including an understanding of the business impact of related technology risks.
High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
Understand current and emerging cyber security risks, and innovative risk management methods
Ability to interpret and apply security policy, standards, and controls definitions across a large complex business environment, with third-parties, and multiple cloud service providers.
Experience
8+ years of IT leadership experience.
5+ years’ experience implementing layered security practices for network, host, applications, data and access to IaaS, PaaS and SaaS services in a hybrid deployment environment.
Experience implementing and operating security technologies and processes in a hybrid cloud environment, such as Amazon AWS or Microsoft AZURE and customer on-premise.
Experience in implementation and management of hardware and software firewalls, user content management devices, IDS/IPS and DDOS platforms.
Education
Bachelor’s Degree in Computer Science, Information Systems or related field.
Possess one or more advanced professional security certifications related to chosen discipline (CISSP, CCSP, CISM, CISA or SANS) preferred but not required.
WORK ENVIRONMENT
The characteristics listed below are representative of the work environment typically encountered by an individual while performing the essential duties of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.
While performing the duties of this job, the employee is exposed to a normal office environment
Some travel may be required for training/meetings
NOTE:
The above stated duties are intended to outline those functions typically performed by individuals assigned to this classification. This description of duties is not intended to be all-inclusive or to limit the discretionary authority of management to assign other tasks of similar nature or level of responsibility.
To Apply
Please submit your resume and application using Workday, our online human capital management system. Please note that an offer of employment will be subject to the successful completion of an FBI/BCI background check and drug screen.
EEO Statement
We believe that equity and inclusion at CMSD is an essential call to action, a catalyst to ensure value and appreciation among all our employees, so we may be fair and welcoming now and in the future. CMSD provides equal opportunities for employment, retention and advancement of all personnel by administering all terms and conditions of employment regardless of race, color, ethnicity, ancestry, national origin, sex, disability or genetic information, age, citizenship status, military status, sexual orientation or expression, socio-economic status, title, other dimensions of identity, or any other characteristic protected by law.
#J-18808-Ljbffr