Director of Information Security

Chicago Public Schools (CPS) has set ambitious goals to ensure that every childin every school and every neighborhoodhas access to a world-class learning experience from birth, resulting in graduation from high school college-and career-ready.

Chicago Public Schools is seeking a Director of Information Security that will be responsible for establishing and executing information security program directives, policy development, and policy enforcement. This position will develop mechanisms to best identify, evaluate, and mitigate district-wide information security risks in a manner that upholds compliance and regulatory requirements, and aligns with the risk posture of Chicago Public Schools.

The ideal candidate is a self-starter, able to drive tasks to completion independently, and able to learn new skills on the job as project requirements expand.

The Director of Information Security will be held accountable for the following responsibilities:

• Establish and execute strategic, comprehensive enterprise information security program directives and plans, including any and all district-wide information security training efforts to ensure that the confidentiality, integrity, and availability of information is owned, controlled or processed in a manner compliant with the CPS Board Policy and relevant regulatory authorities.
• Develop and maintain information security policies, standards, guidelines and oversee the dissemination of security policies and practices; identify knowledge gaps to increase district awareness of relevant information security practices.
• Provide leadership and guidance on information security topics, advising and collaborating on security processes, business continuity, and disaster recovery plans.
• Ensure that system and application security design is in accordance with CPS Board Policy; consult with IT teams to ensure that security is factored into the evaluation, selection, installation, and configuration of hardware, applications and software.
• Lead investigations of any actual or potential information security violations and manage escalation of security events; assist with related legal matters associated with such events as needed and make recommendations to correct or prevent future incidents.
• Monitor external threat environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
• Provide regular reporting on current state of information security program to the CIO and otherssenior managers as appropriate.
• Establish metrics and reporting framework to measure the efficiency, effectiveness, and maturity level of the program.
• Liaise with relevant CPS business units (such as Internal Audit, Law, Finance, Safety & Security, Risk Management, HR teams), and external agencies as needed to ensure that CPS maintains a strong security posture.
• Work with system administrators and application developers to audit, monitor and validate their environment's security, including conducting gap analysis and other comprehensive internal assessments of existing systems to improve the security infrastructure and mitigate risks.
• Provide oversight to the architecture and engineering of new security systems; including the evaluation of technical designs.

In order to be successful and achieve the above responsibilities, the Director of Information Security must possess the following qualifications:

Type of Education Required :

• Bachelor's or Master's Degree in Computer Science, Information Systems, or other related field.
• CISSP Certification Preferred.

Type of Experience and Number of Years :

• Minimum of seven years experience in information technology field, with five to seven years of experience in an information security role.
• Three to five years experience in large (>50,000 users) heterogeneous enterprise level IT organization.

Knowledge, Skills, and Abilities :

• Proven track record and experience in developing information security programs, policies and procedures, including successful implementations in large enterprise environments.
• High degree of initiative, dependability; experience managing multiple, simultaneous, and high-profile information security initiatives and responses.
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgement and maturity.
• Strong knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, NIST, CSA and deep knowledge and understanding of relevant legal and regulatory requirements/standards, including but not limited to: Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Children's Online Privacy Protection Act (COPPA), Payment Card Industry Data Security Standard (PCI DSS), Illinois School Student Records Act (ISSRA).
• Experience in designing and managing new and existing security systems.
• Ability to advise infrastructure and applications staff in securing their respective environments.
• Exhibit strong written and verbal communication skills, interpersonal and collaborative skills.
• Strong ability to convey security information to non-technical end-users in a way that inspires adoption and adherence to all IT and Board security policies and programs.
• Experience with contract and vendor negotiations.
• Professional security management certification, such as Certified Information Systems Security Professional (CISSP), or similar credentials, is desired.

Residency requirement : CPS employees are required to be actual residents of the City of Chicago within six months of beginning employment, and to maintain Chicago residency throughout employment.

Non-discrimination/Equal Opportunity : Chicago Public Schools is an equal opportunity employer.