Director of Security and Compliance
Thus, we are seeking an individual to lead Civitas Learning in the complexity of data security and privacy both in the U.S. and abroad. The optimal candidate will have familiarity of the demands of FERPA privacy law. As Director of Security and Compliance, you will be responsible for building and managing security programs to create a business as usual approach to security, privacy and compliance.
If you have performed the role of CISO or Director of Compliance; got your start or spent some time in IT, DevOps, and/or Security Engineering when you realized you had a passion for protecting privacy and the sanctity of data – we would love to chat with you!
- Implement and manage a strategic, comprehensive information security & privacy program.
- Act as project manager for SOC2 compliance engagement.
- Deliver quarterly information security and privacy awareness training programs for all employees, contractors, and approved system users.
- Collaborate with both internal and external stakeholders to ensure compliance with privacy regulations and rules.
- Develop, maintain, and publish information security policies, standards, and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
- Ensure that security policies and programs are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
- Facilitate appropriate resource allocation and increase the maturity of the security program.
- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the colleges’ reputations.
- Oversee and monitor the vulnerability management program.
- Bachelors degree in business administration or technology related field.
- 5 years of experience in risk management, compliance, information security, and project management. Plus at least 2 years of leadership experience in these fields.
- Experience in effectively communicating security and risk-related concepts to technical and nontechnical audiences.
- Demonstrated experience in critical thinking and problem solving in high pressure situations.
- Knowledge and understanding of relevant legal and regulatory privacy requirements.
- Exhibit excellent written and analytical skills.
- Successful track record in managing multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment, while meeting objectives.
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.
- Knowledge of common information security management frameworks and past participation in both initial certification and renewal of one or more of SOC 2/SSAE 16.
- Experience with and comfortable with complex contract and vendor negotiations.
- Full understanding of FERPA and knowledgeable about GDPR.
- Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
- Formal legal background in education or applicable spaces with similar data protection and compliance challenges: health care, financial data, cardholder data, etc.
- Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.