Associate Director Information Security

Associate Director of Information Security

Department:
Chief Information Security Officer

Compensation: $ to Negotiable

• Provide leadership, coordination, and technical direction for the university’s information security systems, services, and programs.
• Execute and operationalize the Information Security strategic plan, translating strategy into measurable, day-to-day security initiatives and outcomes.
• Contribute to the development, refinement, and maturation of the university’s information security strategy, standards, and roadmaps.
• Serve as a subject‑matter expert on information security risks, controls, and best practices within a higher‑education environment.
• Direct and support security operations, including:
  • Incident response and cyberattack preparedness
  • Threat mitigation and vulnerability management
  • Risk assessments and compliance testing
  • Disaster recovery and cybersecurity training exercises
• Implement and maintain security standards, audit processes, and monitoring capabilities to identify, assess, and remediate security risks.
• Analyze existing security operations and recommend improvements to enhance protection, efficiency, and scalability of security services.
• Lead, supervise, and mentor a team of security professionals, including security engineers, analysts, managers, and interns.
• Provide operational oversight and strategic guidance for a Student‑Led Security Operations Center (SOC) in partnership with the SOC Manager.
• Support student workforce development by ensuring appropriate security processes, training pathways, and real‑world learning opportunities within the SOC.
• Delegate work, manage priorities, and resolve escalations to ensure effective and timely delivery of security services.
• Participate in the development, implementation, and maintenance of information security policies, standards, and procedures.
• Ensure alignment with applicable legal, regulatory, and contractual requirements, including FERPA, HIPAA, and related data protection obligations.
• Act as a trusted advisor to university leadership, faculty, staff, and students on information security matters and support secure administrative, academic, and research technology initiatives.
• Develop and maintain documentation, standards, and guidance related to security controls, procedures, and high‑risk data.
• Promote a culture of secure computing through education, awareness, and engagement activities.
• Serve on university committees, task forces, and working groups related to information security, risk management, and compliance.
• Serve as a Tier 2 respondent during campus emergencies and assist with technology disaster recovery and business continuity plans.
• Maintain communication with IT leadership and the campus community during security incidents.

• Education and Experience:
  • Master’s degree and 4+ years of relevant experience.
  • OR Bachelor’s degree and 6+ years of relevant experience.
• Core Skills and Knowledge:
  • Excellent verbal and written communication.
  • Strong commitment to high‑quality customer service.
  • Proficiency with internet technologies and information security issues, including risk assessments, compliance testing, security policy development, security awareness and education programs, risk analysis, network penetration testing, and application vulnerability assessments.
  • Knowledge of information security standards and frameworks (e.g., ISO 17799/27002).
  • Understanding of applicable rules and regulations governing information security and data confidentiality (including FERPA, HIPAA, and similar requirements).
  • Hands‑on experience with desktop, server, application, database, and network security in Linux and Microsoft Windows Server environments.
  • Familiarity with change management processes as they relate to information security.
• Preferred Qualities:
  • Experience managing, leading, or expanding a Security Operations Center.
  • Experience working within a higher education environment.
  • Experience managing and developing operational and capital budgets.

• Background check and, when applicable, a credit check are required.
• As a Responsible Employee under Title IX, the incumbent must promptly report allegations of sexual misconduct, sexual violence, and child sexual abuse by or against any individual to the University’s Title IX Administrator or any divisional Title IX Coordinator.

The University of North Florida is committed to providing an inclusive and welcoming environment for all. We do not discriminate on the basis of genetic information, race, color, religion, age, sex, disability, marital status, national origin, or veteran status. Retaliation against anyone who reports discrimination or harassment is prohibited.