Director, Information Security (Partially Remote)

Job Summary:

The Director of Information Security holds a critical position in preserving the institution's security posture and driving security initiatives forward. This role entails overseeing the day-to-day operations of three essential teams: Security Operation Center, Operational Security, and Governance, Risk, and Compliance. This position will serve as a member of senior management within the Office of Information Security.  Working closely with the CISO, institutional leadership and governing bodies to develop and maintain cybersecurity policies and standards, determine acceptable levels of risk for the institution and oversee incident response activities.

Essential Job Functions:

• Assist with the development and maintenance of an enterprise-wide information security program as required by Texas Government Code §2054.133; 
• Collaborate with the CISO and key stakeholders to develop and maintain cybersecurity policies and procedures that address the requirements set by Texas Administrative Code §202.76;
• Work with the business and technical resources to ensure that appropriate controls are utilized to minimize cybersecurity risks.
• Ensure personnel with significant responsibilities for cybersecurity are properly trained, equipped, and managed.
• Provide guidance and assistance to senior officials, information owners, information custodians, and end users concerning their risk management and security obligations.
• Ensure that annual information security risk assessments are performed and documented by information-owners.
• Coordinate the review of data security requirements, specifications, and if applicable, third-party risk assessment of any new computer applications or services that receive, maintain, and/or share confidential data.
• Verify that cybersecurity requirements are identified, and risk mitigation plans are developed and contractually agreed and obligated prior to the purchase of information technology hardware, software, and systems development services for any new high-impact computer applications or computer applications that receive, maintain, and/or processes confidential information.
• Serve as the information technology security liaison with internal and external entities, including UT System, UTMB Police, Legal, Compliance, Audit, other components and universities, state, and federal agencies such as DIR, CISA and FBI.
• Ensure cyber incident detection and response capabilities are in place, continuously monitored and effective.
• Adheres to internal controls and reporting structure.
• Performs related duties determined by leadership as required.

Knowledge/Skills/Abilities:

• Knowledge of information security and privacy risks and effective mitigation strategies as well as an understanding of applicable federal and state statutes, standards, and accreditation requirements.
• Strong leadership skills as demonstrated through successfully directing and steering others to achieve organizational goals.
• Strong interpersonal skills and ability to work with diverse groups and individuals across the enterprise to achieve defined goals.
• Ability to think strategically about implementing long term security initiatives.
• Ability to recognize and implement security initiatives that immediately address risk.
• Ability to create and implement information security policies and procedures, vulnerability assessments, risk assessments, and compliance monitoring plans.
• Ability to analyze complex information and distill findings into concrete conclusions and recommendations.
• Strong written and verbal communication skills, including effective public speaking and presentation skills.