Director , Cybersecurity Operations

Position Overview

The Cybersecurity Operations Director is a critical leadership role within the IMT Division responsible for the day‑to‑day operation, maturation, and continuous improvement of the College’s cybersecurity program. The position blends hands‑on technical expertise with programmatic oversight to ensure the confidentiality, integrity, and availability of institutional information assets, technology services, and data entrusted to the College of Southern Maryland.

Reports to:

Deputy Chief Information Officer (DCIO).

• Design, implement, and manage a 24×7 security monitoring capability (internal or managed service).
• Administer and optimize SIEM, EDR, IDS/IPS, firewalls, and log‑aggregation platforms.
• Assist with development, maintenance, and enforcement of security operating procedures (SOPs), runbooks, and escalation workflows.

• Serve as the Incident Commander for cybersecurity events, coordinating containment, eradication, and recovery.
• Conduct post‑incident reviews and root‑cause analyses; recommend and track remediation activities.
• Maintain and routinely test the Cybersecurity Incident Response Plan and its integration with Business Continuity/Disaster Recovery plans.

• Collect, analyze, and operationalize threat intelligence relevant to higher education from MS‑ISAC, REN‑ISAC, CISA, and commercial feeds.
• Perform proactive threat hunting and coordinate purple‑team exercises to validate controls.
• Correlate intelligence with internal telemetry to identify and mitigate emerging threats.

• Manage enterprise vulnerability scanning, penetration tests, and remediation tracking.
• Oversee secure configuration baselines using CIS Benchmarks and ensure adherence through continuous monitoring.
• Evaluate patch management effectiveness and manage risk‑exception processes.

• Align security operations with NIST CSF, NIST 800‑171, GLBA, FERPA, PCI‑DSS, and state regulations.
• Contribute to annual risk assessments, audits, and security metrics; report on program maturity and gaps.
• Maintain evidence repositories and support external audit and accreditation activities.

• Assess emerging security technologies and recommend solutions to enhance the College’s security posture.
• Lead proofs‑of‑concept, integrations, and lifecycle management for new security tools.

• Coordinate campus‑wide security awareness campaigns and phishing simulations.
• Deliver targeted training to IT staff, faculty researchers, and executive leadership.

• Evaluate security controls of vendors, cloud services, and research partners.
• Enforce contractual security requirements and review SOC 2, ISO 27001, and penetration‑test reports.

• Develop and manage the annual security operations budget.
• Track software licenses, maintenance contracts, and renewal schedules for security tools.
• Prepare executive reports, board briefings, and compliance submissions.
• Maintain detailed incident logs, investigative evidence, and knowledge‑base articles.

• Performs other related duties as assigned.

• Five (5)+ years of progressive experience in security operations, incident response, or SOC management; three (3)+ years in a supervisory or lead role.
• Demonstrated experience deploying and managing SIEM, EDR, IDS/IPS, firewalls, and cloud‑security controls (e.g., Microsoft 365/Azure Security Center, AWS Security Hub).
• Hands‑on experience with log analysis, scripting (Power Shell, Python, Bash), packet capture, and forensic tooling.
• Experience interpreting and implementing NIST CSF/800‑171, FERPA, GLBA, and/or PCI‑DSS controls.
• Proven ability to develop policies, procedures, and security awareness programs.

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field preferred.
• Master’s…