The American College

　　The American College of Financial Services provides applied knowledge and financial education through teaching, research, and innovation in program delivery and design. As a nonprofit, accredited educational institution, our courses are researched and written by a faculty of the nation's top thought leaders in personal finance. To learn more, visit theamericancollege.edu.

　　The Role

　　As the Chief Information Security Officer, you will be responsible for the planning, implementation, management, and administration of a collegewide Information Security Program. You will provide strategic and operational leadership for day-to-day coordination in securing and protecting the College’s information assets and supporting infrastructure from external and internal threats. You will be expected to utilize a proactive and collaborative approach to cybersecurity awareness, outreach, and both formal and informal education opportunities for the College community.

　　Essential Duties

　　Develop Information Security Program Work with College leadership to develop a strategic approach to information security, including policies and procedures that balance academic values with institutional attention to cybersecurity threats and regulatory requirements.

　　Collaborate with the IT department’s VP and the SVP in the development and management of IT security standards and IT-related College policies; and provide oversight for College-wide adherence to IT security standards and IT- related College policies, including the analysis and reporting of statistics associated with an IT Security Program.

　　Hold primary responsibility for aligning the institution with information security architectures, as well as applicable laws, regulations, and compliance frameworks (e.g., NIST 800-171, ISO 27001, PCI-DSS, GDPR, etc.)

　　Recommend strategies and practices to ensure information security and lead the design, development, and implementation of the College’s security and data governance policies and procedures in consultation with College leadership, IT leadership, technical personnel, and any appropriate advisory bodies.

　　Track industry and higher education developments and best practices to maintain a thorough understanding of current and future directions, systems, applications, and data security techniques for instructional, research, and administrative needs.

　　Develop reports, correspondence, and documentation in order to fulfill administrative reporting requirements.

　　Review hardware, software, and services being considered for purchase or implementation by IT or other departments using security questionnaires, e.g., HECVAT, audit reports, e.g., SOC 2, certifications, e.g. ISO-27001, or similar assessment artifacts to assess security issues (strengths/risks) and to assure proper information security features are incorporated to support College business needs.

　　Provide Strategic and Operational Information Security Leadership Provide operational leadership for day-to-day coordination in securing and protecting the College’s information assets and supporting infrastructure from external and internal threats.

　　Develop and maintain the College’s Incident Response Plan.

　　Lead IT Risk Assessment processes and maintains the efficacy of IT continuity planning.

　　Provide guidance and counsel on information security to the IT leadership team and all College stakeholders.

　　Serve as the expert advisor to IT's leadership team and the extended College community in the development, implementation, and maintenance of an information security infrastructure.

　　Work with the IT department’s VP and SVP to establish and maintain effective information security communications and coordination, within the OIT unit as well as with all stakeholders.

　　Hold monthly security review meetings and track action items; escalate issues to IT leadership as appropriate.

　　Own external security service providers' relationships and manage their deliverables.

　　Develop Cybersecurity Awareness and Outreach Recommend enhancements in information security policies to the College leadership; coordinate collegewide initiatives for data governance and security.

　　Pursue security initiatives to address the unique needs of faculty and staff relative to identity theft, mobile and social media, online presence, etc.

　　Create and develop security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure.

　　Review current infrastructure, recommend changes, and partner with the College stakeholders on new technologies related to information security.

　　Develop and lead education and training programs for all College constituents on policies and procedures, guidelines, federal and state laws and regulations, and best practices around information security.

　　Qualifications

　　The successful CISO must have a strategic grasp of information security at both institutional and operational levels and the capacity to articulate a vision for information security that engages all constituents while satisfying internal and external requirements.

　　A Bachelor’s degree in information management, computer science, or related field and seven years of progressively responsible management and/or leadership experience in a field of assignment that includes three years of experience within an IT security office or similar setting. A Master’s degree in Cybersecurity or a related field is preferred.

　　Regulatory compliance experience of three or more years and in-depth knowledge of the applicable laws and regulations pertaining to cybersecurity and privacy.

　　A recognized certification in cyber security and privacy such as the Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), or other recognized IT security or privacy industry credential is required.

　　Broad knowledge of computer security issues, requirements, solutions, and trends, especially in the higher education environment.

　　Strong interpersonal and communication skills, plus the ability to achieve goals through influence, collaboration, and cooperation.

　　Demonstrated ability to work effectively with an array of constituencies in a community that is both demographically and technologically diverse.

　　Expertise in cybersecurity and privacy industry, including the technology used to protect confidentiality, integrity, and availability of sensitive information and the systems used to store, retrieve, process, and transmit the information.

　　Ability to think critically and analyze information and situations, present findings and make recommendations; ability to turn data into information and present it in a meaningful manner.

　　Outstanding ability to analyze issues and solve sensitive and complex problems under pressure.

　　Excellent written and verbal communication and presentation skills, including the knowledge and ability to analyze and draft policies and procedures pertaining to cybersecurity and privacy.

　　The College provides an award-winning culture and offers a competitive total compensation package that includes:

　　Lucrative Time Off (25-40 Days PTO, Paid Family Medical Leave, 11 Paid Holidays)

　　Retirement Savings Plan with Supplemental Contribution and Match

　　Tuition Remission and Reimbursement

　　Medical, Dental, Vision, and Wellness Benefits

　　Company-paid Short Term and Long-Term Disability

　　Flexible, hybrid, and remote work schedules

　　Salary Grade Minimum : $ 101,800 The starting base salary is determined based on a variety of factors including but not limited to experience, education, internal equity, departmental budgets, qualifications, licenses, specialty, and training. In policy and practice, we encourage diversity and provide equal employment opportunities to all individuals based on job-related qualifications and ability to perform a job. We are committed to maintaining a welcoming and inclusive environment. The American College of Financial Services is an E-Verify Employer.