More jobs:
Director of Security Assurance
Job in
Hanover, Grafton County, New Hampshire, 03755, USA
Listed on 2026-05-23
Listing for:
Dartmouth College
Full Time
position Listed on 2026-05-23
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, Data Security
Job Description & How to Apply Below
Overview
The Director of Security Assurance leads Dartmouth's cybersecurity governance, risk, and compliance functions within the Office of Information Security. The role establishes and maintains the institutional security policy framework, enterprise risk management program, third party risk oversight, awareness initiatives, and audit support processes, translating complex regulatory and research security requirements into actionable institutional standards. Operating in a decentralized academic environment with shared governance, the Director advises the CISO and senior leadership on institutional cyber risk posture, ensures compliance with applicable federal and state requirements, and partners across academic and administrative units to embed security and risk management practices that support Dartmouth's teaching, research, and clinical missions.
Responsibilities- Cybersecurity Policy and Standards (20% of time)
- Develops, implements, and maintains Dartmouth's cybersecurity policy framework, aligned with NIST CSF 2.0 and CIS Controls v8, covering institutional systems, research computing, and cloud services in partnership with the CISO.
- Drafts and maintains enforceable standards, procedures, and guidelines that reflect Dartmouth's shared governance environment and distributed operational model.
- Manages the full policy lifecycle, including drafting, stakeholder consultation, governance review and approval, publication, version control, exception management, and periodic review.
- Translates regulatory and contractual obligations, including FERPA, GLBA Safeguards Rule, HIPAA, NIST SP 800-171 and CMMC, ITAR and EAR, PCI DSS, and NH RSA 359-C:20, into clear, actionable institutional requirements.
- Risk Management (20% of time)
- Designs, implements, and continuously improves the formal cybersecurity risk management program, including risk identification, assessment methodology, scoring, treatment planning, risk acceptance, and exception workflows.
- Leads and facilitates risk assessments across institutional systems, research computing environments, cloud platforms, and third-party integrations.
- Maintains an enterprise cybersecurity risk register and presents risk posture and trends to the CISO and senior leadership, translating technical findings into institutional, financial, and mission impact for non-technical audiences, including the Board of Trustees.
- Third Party Risk Management (15% of time)
- Develops and oversees a comprehensive third-party risk management program, including intake workflows, vendor tiering, security assessment criteria, and ongoing monitoring.
- Evaluates vendors, SaaS providers, cloud services, and research collaborators for alignment with institutional security standards and regulatory requirements.
- Partners with Procurement, the Office of General Counsel, and Research Administration to integrate security review into contracting, vendor onboarding, and research partnership processes.
- Monitors and reports on aggregate third party risk exposure and prioritizes mitigation based on risk severity and concentration.
- Cybersecurity Education and Awareness (15% of time)
- Designs and leads a comprehensive cybersecurity awareness and training program tailored to faculty, staff, students, and researchers, recognizing distinct risk profiles and operational realities.
- Develops role based training curricula for high risk populations, including system administrators and personnel handling regulated or controlled unclassified information.
- Oversees phishing simulations, tabletop exercises, and targeted awareness initiatives aligned with current threat trends and institutional risk priorities.
- Establishes and tracks metrics to evaluate behavioral change, training effectiveness, and risk reduction.
- Cybersecurity Metrics and Reporting (15% of time)
- Defines and maintains key performance and risk indicators that inform decision making at the CISO, CIO, executive leadership, and Board levels.
- Develops dashboards and recurring reports that communicate program maturity, compliance posture, risk exposure, and operational effectiveness in clear, accessible language.
- Benchmarks institutional cybersecurity capabilities against higher education peers using available EDUCAUSE, REN-ISAC, and Ivy Plus cohort data.
- Compliance and Audit Support (15% of time)
- Serves as the primary information security liaison for internal and external audits, compliance reviews, and regulatory inquiries.
- Oversees control mapping, evidence collection, gap assessments, and remediation tracking across applicable regulatory frameworks.
- Partners with Research Administration to support compliance requirements for federally funded and export controlled research, including NIST SP 800-171, CMMC, and ITAR and EAR.
- Maintains audit ready documentation and ensures corrective actions are tracked through completion.
- Demonstrates professionalism and collegiality through actions, interactions, and communications with others appropriate to an environment that is welcoming to all.
- Performs…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×