Director, Information Security
Compensation Range:Annual Salary: $87,923.00 - $118,690.00Position SummaryThe Director, Information Security, provides strategic, institutional leadership for National Universityâs information security and cyber risk management program. Reporting to the Associate Vice President (AVP), Information Security, this role is accountable for designing, governing, and advancing a comprehensive, riskâbased security program that protects the confidentiality, integrity, and availability of university information assets.The Director serves as the senior operational and strategic leader for all information security domains, including Security Engineering, Security Operations, Governance, Risk & Compliance (GRC), Identity & Access Management, and ThirdâParty Risk Management. They will partner closely with executive leadership, IT, academic leadership, legal, privacy, and compliance stakeholders to ensure security is embedded into institutional strategy, operations, and culture. The Director translates enterprise risk priorities into sustainable security capabilities, maturity roadmaps, and measurable outcomes while advising leadership on emerging threats, regulatory changes, and strategic investments.Essential Functions:Strategic Leadership & Program OwnershipProvides strategic leadership for the universityâs enterprise information security program in alignment with institutional goals and risk appetite.Partners with the AVP, Information Security, to define longâterm security strategy, multiâyear roadmaps, and program maturity objectives.Serves as a senior advisor to IT and university leadership on cybersecurity risk, threat trends, and control effectiveness.Establishes and maintains security governance frameworks, policies, standards, and metrics aligned with recognized frameworks (e.g., NIST CSF, NIST 800â53, ISO 27001).Leads institutional cybersecurity risk assessments and maturity evaluations, ensuring results inform investment and prioritization decisions.Provides executiveâlevel reporting and briefings on security posture, risk trends, incidents, and compliance status.Security Operations, Engineering & ArchitectureDirects the design, implementation, and operation of security controls across onâpremises, cloud, and SaaS environments.Oversees security monitoring, detection, and response capabilities, including SIEM, endpoint protection, identity security, and network defense.Serves as executive lead for cybersecurity incident response, ensuring effective coordination, decisionâmaking, communications, and postâincident improvement.Guides vulnerability management, penetration testing, and remediation strategies across the enterprise.Partners with Infrastructure, Applications, and Cloud teams to embed security into architecture, system design, and change management processes.Governance, Risk & Compliance (GRC)Owns the universityâs information security risk management program, including risk identification, assessment, treatment, and tracking.Ensures compliance with applicable regulatory and contractual requirements, including FERPA, GLBA, PCIâDSS, HIPAA (as applicable), state privacy laws, and institutional policies.Leads internal and external security audits and assessments, coordinating remediation and executive reporting.Oversees the ThirdâParty Risk Management (TPRM) program, ensuring vendors and partners meet institutional security expectations.Collaborates closely with Privacy, Legal, Compliance, and Data Governance stakeholders.Identity, Access & Data ProtectionProvides strategic oversight of identity and access management (IAM), roleâbased access control (RBAC), and privileged access management.Ensures effective access lifecycle governance in partnership with HR, IT, and business units.Guides data protection strategies, including classification, access controls, and loss prevention capabilities.Awareness, Culture & CollaborationChampions a culture of shared responsibility for information security across the institution.Oversees security awareness and training initiatives in collaboration with institutional stakeholders.Represents Information Security on university committees, councils, and working groups related to technology, data, privacy, and risk.Maintains awareness of emerging threats, technologies, and regulatory developments to proactively advise leadership.Performs other duties as assigned.Supervisory Responsibilities: Provides direct leadership and oversight for Information Security teams, including Security Engineering, Operations, GRC, and Identity functions.Responsible for organizational design, staffing strategy, hiring, performance management, coaching, and professional development.Establishes clear objectives, accountability, and succession planning aligned with institutional priorities.Manages budgets, vendor relationships, and resource allocation for the information security program.Requirements:Education & Experience:Bachelorâs degree in Information Security, Computer Science, or a related field required; Masterâs degree preferred.Minimum of Ten (10) years of progressive experience in information security or technology risk management.Minimum of Five (5) years of leadership experience managing teams and enterpriseâlevel security programs.Professional certifications such as CISSP, CISM, GIAC, or equivalent required.Experience in higher education or large enterprise environments preferred.Demonstrated experience across multiple security domains: operations, governance, risk management, and access control. Competencies/Technical/Functional Skills: Deep knowledge of cybersecurity domains, including security operations, cloud security, identity management, and risk governance.Strong understanding of regulatory and compliance frameworks applicable to higher education.Proven ability to communicate complex security risks to executive and nonâtechnical audiences.Strategic thinker with the ability to translate risk into actionable priorities.Strong leadership, collaboration, and influence skills across diverse stakeholder groups.Experience managing security tools, vendors, and managed service providers.High level of integrity and ability to manage sensitive and confidential information.Location: Remote, USATravel: up to 10% travel#LI-RemoteCandidate receiving offers will be offered a salary/pay rate commensurate with experience that vary based on a candidateâs qualifications, skills, and competencies. Absent exceptional circumstances, candidates will be offered a salary within this range for this position. The minimum salary will be offered based on the minimum exemption threshold based on state of residency. Base pay is one component of National Universityâs total rewards package, as we are dedicated to supporting the needs of the âwhole youâ with our holistic approach to employee benefits by offering comprehensive well-being benefits for you and your family. For full details about our benefit plan offerings, please visit benefits.nu.edu. For Part-time benefits, please click here.National University is committed to maintaining a high-quality workforce representative of the populations we serve. National University employs more than 4,500 faculty and staff and serves over 45,000 students. We are united in our mission to meet the global education demands of the 21st Century and are dedicated to creating a supportive academic and work environment that allows students, faculty and staff to develop their interests and talents while experiencing a sense of community. With programs available both online and at our many campus locations, National University is a leader in creating innovative solutions to education and meeting the needs of our student population, including adult learners and working professionals.National University (NU) is proud to be an equal opportunity employer and does not discriminate against any employee or applicant per applicable federal, state and local laws. At NU, a mix of highly talented, innovative and creative people come together to make the impact of a lifetime for each of our student learners. All qualified applicants will receive equal consideration for employment, education, and admission at National University.
Apply Now
Apply Now