Director, IT Governance and Security (7) POST NUMBER: 396070
Governance, Risk Management, Privacy and Security
- Engage and manage independent auditors of security and compliance programs.
- Work with the business units to facilitate risk assessment and risk management processes.
- Develop technical depth, accountability and high performance related to information security and risk management.
- Ensure the consistent application of policies and standards across all technology projects, systems, and services through various cross functional teams.
- Partner with business stakeholders across the company to raise awareness of security and risk management concerns.
- Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
- Provide expert leadership in the development, implementation, and maintenance of an information security, risk management and governance program and associated infrastructure.
- Provide guidance and advocacy regarding prioritization of IT investments that impact information security.
- Manage the development, implementation, and maintenance of information security policy, standards, and guidelines.
- Monitor internal and external information security trends and keep company management informed about information security-related issues and activities affecting the organization.
- Responsible for security incident remediation and coordinates the efforts of outside resources to gather evidence and forensic data pertinent to on-going investigations.
- Understand potential threats, vulnerabilities, and control techniques and communicate this information to departmental system administrators.
- Investigate security breaches in collaboration with Human Resources and Legal departments.
- Develop and maintain a security awareness and training program
- Demonstrates knowledge of, and carefully follows all applicable federal and state compliance requirements and regulations including those prescribed by government agencies, accrediting agencies, and internal policies and procedures.
- Effectively communicates compliance requirements to students and other staff as appropriate and quickly escalates any compliance concerns to the Compliance department.
- Analyzes and develops information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems.
- Analyzes trends, news, and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments and engages and coordinates third-party risk and compliance assessments.
- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program that evolves with the business needs.
- Assess various requirements and frameworks (e.g. NIST) and ensure organizational conformance.
- Partner with company legal team members for e-discovery requirements.
- Maintain a stable of competent, cost-effective partners to augment internal teams.
Experience & Education:
- Bachelor’s degree in a technical discipline and 7 years directly related IT governance and security experience, including that hybrid-cloud enterprise environment, or equivalent experience and certifications (e.g. CISSP, ISSAP, ISSMP).
- Proficient in MS Office (Word, Excel, PowerPoint, Visio) and other business tools such as Microsoft Teams
- Comfortable bi-modally improving legacy solutions while timely building and migrating to the future through a portfolio of parallel initiatives.
- Exhibits an information-based, decision-making mindset, strong analytical and technical capabilities to assess and drive process improvements and solve complex problems.
- Ability to clearly articulate a vision, enroll others in the strategy, and lead teams via influence through ambiguity and complexity to a new way of working and to support program, process, and organizational improvements across the organization.
- Ability to manage fully remote teams, on and offshore.
- Strategic, critical thinking and business acumen.
Preferred Requirements:
- Experience with enterprise SaaS solution security.
- Experience with regulatory compliance issues, as well as best practices in application and network security.
- Knowledge of NIST frameworks, assessment and audit criteria
- Experience with Microsoft 365 and Azure platforms, governance and security practices.
Vaco values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.
EEO Notice
Vaco is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race (including but not limited to traits historically associated with race such as hair texture and hair style), color, sex (includes pregnancy or related conditions), religion or creed, national origin, citizenship, age, disability, status as a veteran, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state or local law.
Vaco LLC and its parents, affiliates, and subsidiaries are committed to the full inclusion of all qualified individuals. As part of this commitment, Vaco LLC and its parents, affiliates, and subsidiaries will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR@vaco.com .
Vaco also wants all applicants to know their rights that workplace discrimination is illegal.
By submitting to this position, you agree that you will be giving Vaco the exclusive right to present your as a candidate for the foregoing employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco about the position and you will limit disclosure of information about the position only to the extent necessary to perform any obligations in furtherance of your application. In exchange, Vaco agrees to exercise reasonable efforts to represent you through all solicitation, job screening and resume dispersal.
Privacy Notice
Vaco LLC and its parents, affiliates, and subsidiaries (“we,” “our,” or “Vaco”) respects your privacy and are committed to providing transparent notice of our policies.
- California residents may access Vaco’s HR Notice at Collection for California Applicants and Employees here.
- Virginia residents may access our state specific policies here.
- Residents of all other states may access our policies here.
- Canadian residents may access our policies in English here and in French here.
- Residents of countries governed by GDPR may access our policies here.
Pay Transparency Notice
Determining compensation for this role (and others) at Vaco depends upon a wide array of factors including but not limited to:
- the individual’s skill sets, experience and training;
- licensure and certification requirements;
- office location and other geographic considerations;
- other business and organizational needs.
With that said, as required by local law, Vaco believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.