×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Director of Security Assurance

Remote / Online - Candidates ideally in
Hanover, Grafton County, New Hampshire, 03755, USA
Listing for: Inside Higher Ed
Remote/Work from Home position
Listed on 2026-06-02
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 125000 - 150000 USD Yearly USD 125000.00 150000.00 YEAR
Job Description & How to Apply Below

Position Title

Director of Security Assurance

Location

Hanover, NH (Hybrid remote work eligible)

Position Purpose

The Director of Security Assurance leads Dartmouth’s cybersecurity governance, risk, and compliance functions within the Office of Information Security. The role establishes and maintains the institutional security policy framework, enterprise risk management program, third‑party risk oversight, awareness initiatives, and audit support processes, translating complex regulatory and research security requirements into actionable institutional standards. In a decentralized academic environment with shared governance, the Director advises the CISO and senior leadership on institutional cyber risk posture, ensures compliance with applicable federal and state requirements, and partners across academic and administrative units to embed security and risk management practices that support Dartmouth’s teaching, research, and clinical missions.

Responsibilities
  • Develop, implement, and maintain Dartmouth’s cybersecurity policy framework aligned with NIST CSF 2.0 and CIS Controls v8 for institutional systems, research computing, and cloud services.
  • Draft and maintain enforceable standards, procedures, and guidelines that reflect Dartmouth’s shared governance environment and distributed operational model.
  • Manage the full policy lifecycle, including drafting, stakeholder consultation, governance review and approval, publication, version control, exception management, and periodic review.
  • Translate regulatory and contractual obligations (FERPA, GLBA Safeguards, HIPAA, NIST SP 800‑171, CMMC, ITAR/EAR, PCI DSS, NH RSA 359‑C:20) into clear, actionable institutional requirements.
  • Design, implement, and continuously improve a formal cybersecurity risk management program covering risk identification, assessment methodology, scoring, treatment planning, risk acceptance, and exception workflows.
  • Lead and facilitate risk assessments across institutional systems, research computing environments, cloud platforms, and third‑party integrations.
  • Maintain an enterprise cybersecurity risk register and present risk posture and trends to the CISO, senior leadership, and the Board of Trustees in non‑technical language.
  • Develop and oversee a comprehensive third‑party risk management program, including intake workflows, vendor tiering, security assessment criteria, and ongoing monitoring.
  • Evaluate vendors, SaaS providers, cloud services, and research collaborators for alignment with institutional security standards and regulatory requirements.
  • Partner with Procurement, the Office of General Counsel, and Research Administration to integrate security review into contracting, vendor onboarding, and research partnership processes.
  • Monitor and report on aggregate third‑party risk exposure, prioritizing mitigation based on risk severity and concentration.
  • Design and lead a comprehensive cybersecurity awareness and training program tailored to faculty, staff, students, and researchers, including role‑based curricula for high‑risk populations.
  • Oversee phishing simulations, tabletop exercises, and targeted awareness initiatives aligned with current threat trends and institutional risk priorities.
  • Establish and track metrics to evaluate behavioral change, training effectiveness, and risk reduction.
  • Define and maintain key performance and risk indicators that inform decision‑making at the CISO, CIO, executive leadership, and Board levels.
  • Develop dashboards and recurring reports that communicate program maturity, compliance posture, risk exposure, and operational effectiveness in accessible language.
  • Benchmark institutional cybersecurity capabilities against higher education peers using available EDUCAUSE, REN‑ISAC, and Ivy Plus cohort data.
  • Serve as the primary information security liaison for internal and external audits, compliance reviews, and regulatory inquiries.
  • Oversee control mapping, evidence collection, gap assessments, and remediation tracking across applicable regulatory frameworks.
  • Partner with Research Administration to support compliance requirements for federally funded and export‑controlled research (NIST SP 800‑171, CMMC,…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search