Director of Information Security and Data Privacy

Updated: about 1 year ago
Location: Waltham, MASSACHUSETTS
Job Type: FullTime
Deadline: The position may have been removed or expired!

Job Description Summary

The Director of Information Security and Data Privacy will lead Bentley’s efforts to ensure that it protects the information it collects, maintains, and distributes, electronically or otherwise. The Director of Information Security and Data Privacy will be the University's direct representative of information security and privacy to the Board of Trustees. The Director of Information Security and Data Privacy will lead the development and execution of the University's information security and privacy strategies. They will work with senior management across the institution to ensure that budget, planning, infrastructure and implementation of information security and privacy-based initiatives are managed efficiently. The Director of Information Security and Data Privacy has the responsibility to ensure that appropriate policies, standards, procedures, and protections are in place for IT infrastructure (including servers, databases, personal computers, 3rd party hosted services, and mobile devices), and Software as a Service (SaaS) and Cloud hosted applications. The Director of Information Security and Data Privacy will build and lead the teams responsible for the daily operations in support of appropriate policies, standards, procedures and protections for IT infrastructure, and Software as a Service (SaaS) and Cloud hosted applications. This role requires an individual with a sufficient technical background, a solid understanding of data security, data privacy, risk management, and a demonstrated knowledge of compliance-related laws and regulations. The Director of Information Security and Data Privacy should be well versed in evolving information security and privacy programs to attain a high level of maturity. This position carries the responsibility to ensure the timely identification, remediation and tracking of technical, procedural and policy-based items that may impact the security, use and stewardship of the University’s data and information systems. Writing policies and documentation, communicating complex topics with faculty, staff, and students, and training on new policies and procedures are key responsibilities.
This role also requires a strong background in business process skills to effectively analyze business functions and make specific recommendations as they relate to the collection, protection and dissemination of data and IT operations. The Director of Information Security and Data Privacy will provide leadership and guidance with regards to security and privacy for all projects involving University information. The Director of Information Security and Data Privacy will review any software/system agreements to ensure contracts meet or exceed security and privacy requirements based on the data that resides in the system. The Director of Information Security and Data Privacy will lead the development, implementation, and maintenance of information security standard through collaboration of various departments across campus. In addition, the Director of Information Security and Data Privacy will be responsible for developing programs to educate and inform the community about information security, cyber threats, and data privacy topics.
Finally, the Director of Information Security and Data Privacy will lead implement of various control frameworks (e.g. NIST Cyber Security Framework, NIST 800-171), ensure adherence with MA 201 CMR 17, and lead security across all IT departments ensuring auditable and documented end-to-end processes for the operation and handling of Bentley’s data and systems.

Essential Duties

  • The Director of Information Security and Data Privacy will be responsible for determining, implementing, and supporting cyber security standards for the University
  • Developing and implementing a strategic, comprehensive enterprise information security and risk management process to ensure the integrity, confidentiality of all University information focused on Security Governance, Risk and Controls framework
  • Be chief liaison and advising on information security/privacy issues and articulating high level risks and mitigation plans to the Board of Trustees and executive leadership
  • Provide technical leadership and guidance across the organization in the area of information security solutions
  • Structure the Cyber Security Team to ensure functional and efficient segmentation of roles and responsibilities and to manage hiring, training, staff development and performance management
  • Oversee incident response planning and execution as well as the investigation of information security breaches and assist with disciplinary and legal matters associated with such breaches as necessary
  • Lead in the evaluation of overall risk for IT systems and the data they contain and process, accounting for the people, processes, and technologies that provide security controls
  • Partner with other University teams to create and support a security culture through education and awareness programs designed to reduce the risks to the enterprise while also engaging key business leaders to ensure business unit involvement
  • Work with cross functional team including General Counsel to achieve University objectives relating to information and data security and privacy
  • Maintain up-to-date knowledge of emerging technologies and services that will help Bentley maintain its technical edge and evolution to SaaS
  • Lead cyber security operations in collaboration with the University's Managed Security Service Provider (MSSP) to ensure prompt identification and response to threats and attacks to University assets.  Additionally, ensure services delivered meet Bentley’s needs and continue to refine and configure the environment to detect and identify threats and solutions to mitigate.
  • Monitor and review all requests for new IT applications (custom and 3rd party applications) to ensure compliance with Bentley’s data security standards. Review new vendors and conduct annual reviews of our most critical Data Level one applications to measure current security practices against our security standards.  This will include in the case of SaaS, reviewing vendors SOC 1,2 reports and highlight any areas of concern.
  • Advise and consult with various campus departments to assist them in monitoring policies, developing practices, and creating awareness and training programs surrounding federal and state data privacy laws. The Director of Information Security and Data Privacy will be responsible ITs role in understanding the impact of Data Breach laws, FERPA (Federal Educational Rights and Privacy Act), GLBA (Gramm-Leach-Bliley Act) and the HERA (Higher Education Reauthorization Act), and HIPPA (Health Insurance Portability Accountability Act). The Director of Information Security and Data Privacy will also partner with General Counsel to help ensure Bentley’s position and compliance with GDPR. 
  • Serve as a liaison for security and operations portions of internal and external audits

Minimum Qualifications

  • 7+ years of experience leading information/cyber security programs.
  • Bachelor's Degree. Bachelor's degree in in computer science/information technology, networking, engineering, or business process/management field preferred.
  • Proven experience working with IT operations, information security, or IT/regulatory risk management. CISSP (Certified Information System Security Professional) a plus. Experience working in information technology, security, or risk management.
  • Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff
  • Demonstrated understanding of business operations, information technology (applications, systems and networks) and associated data security as it relates to designing, monitoring, maintaining and implementing data security policies, standards, guidelines. The Director of Information Security and Data Privacy must understand the higher education environment and the nuances needed when supporting students and faculty teaching and research. Excellent communication skills with demonstrated ability to implement and maintain enterprise-wide data security standards.
  • Strong project management skills, and the proven ability to build trust and work well with all levels of management and technical staff.
  • Should have experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation
  • Ability to keep up to date with the latest security technologies and maintain a strong knowledge base of industry and technology trends. Excellent written and presentation skills in order to provide detailed reports to all constituencies including the Board of Trustees.
  • Strong analytical skills in order to identify security vulnerabilities and propose appropriate defensive and compensating controls.

Work Environment

  • Typical office setting with extensive sitting and computer work
  • Ability to travel around campus for meetings
  • Flexible work arrangement. Please see the university’s Flexible Work Arrangements policy to learn more about Bentley’s workplace flexibility- https://www.bentley.edu/offices/human-resources/workplace-flexibility

Bentley University requires references checks and may conduct other pre-employment screening.

DIVERSITY STATEMENT

Bentley University strives to create a campus community that welcomes the exchange of ideas, and fosters a culture that values differences and views them as a strength in our community.

Bentley University is an Equal Opportunity Employer, building strength through diversity. The University is committed to building a community of talented students, faculty and staff who reflect the diversity of global business. We strongly encourage applications from persons from underrepresented groups, individuals with disabilities, covered veterans and those with diverse experiences and backgrounds.



Similar Positions