Director IV, Information Technology Security

Overview

The role directs a large technology-based office responsible for IT Security; plans, organizes, supervises, and evaluates all activities, program functions, personnel, and fiscal resources of the assigned office. Leads the development and management of a comprehensive IT Security program that balances enterprise protection, educational access, and the division's operational needs. Identifies, evaluates, and reports on information security risks in a manner that meets compliance and regulatory requirements.

Translates complex risk requirements and constraints into control requirements and technical specifications. Provides strategic leadership, performance measurement, and governance for information security, ensuring alignment with FCPS and the IT Strategic Plan.

Required

• Any combination of education and experience equivalent to a master’s degree in computer science, information technology, cybersecurity, or a field appropriate to the assignment.
• Six (6) years of experience in information technology and IT Security, including technical leadership and architecture roles. Four (4) years of which include experience in managing enterprise-level security programs and operations in large, complex environments including direct experience working deeply in several of the following areas:
• • Network security architecture and controls
  • Security operations and incident response
  • Data protection and loss prevention
  • Cloud and endpoint security
  • Identity and access management
  • Security automation and orchestration (SOAR)
  • Application security and secure development
  • Experience aligning these programs with NIST, CIS, and related industry standards
• Must hold one of the following:
• • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Cloud Security Professional (CCSP)
  • GIAC Security Leadership Certificate (GSLC)
• Knowledge of identity and access management, network segmentation, endpoint and data protection, and incident response methodologies.
• Knowledge of network security architecture including segmentation, zero trust, next-gen firewalls, and network access control.
• Knowledge of SOC technologies such as SIEM, SOAR, threat intelligence, and incident response.
• Knowledge in cloud security, IAM/PAM, endpoint security (EDR/XDR), application security, and vulnerability management.
• Knowledge of information security principles, practices, and technologies.
• Knowledge of NIST Cybersecurity Framework, NIST 800-53, Center for Internet Security (CIS) Critical Security Controls, and MITRE ATT&CK framework.
• Knowledge of laws, regulations, and compliance requirements related to cybersecurity in educational environments.
• Ability to present technical information in a manner that is accessible to non-technical audiences.
• Ability to analyze complex problems, assess risk, and make pragmatic decisions that balance operational priorities and information security needs while considering business impact and constraints.
• Ability to lead and motivate technical teams in a high-demand and fast-evolving environment.

• Experience in public sector or educational environments.
• Experience leading large-scale IT Security operations and managing multidisciplinary teams.
• Certified Cloud Security Professional (CCSP)
• Offensive Security Certified Professional (OSCP)
• Cisco Certified Network Professional (CCNP) Security
• GIAC certifications, or equivalent advanced credentials

• Leads in the development, implementation, management, maintenance, and evaluation of a comprehensive cybersecurity program, including security standards, policies and procedures, awareness and training plans, and the overall information security framework.
• Provides technical leadership & security operations supporting network security architecture, segmentation & infrastructure protection, Security Operations Center (SOC) management & risk assessment, Data Loss Prevention (DLP) & data protection, endpoint & application security, incident response & security event management.
• Projects the need for, manages, and is accountable for human, physical, and financial resources to maximize the efficiency and effectiveness of the office.
• Designs, implements, and optimizes network segmentation strategies and zero-trust architecture across a distributed environment.
• Leads incident response for the investigation and remediation of security breaches and cyberattacks; directs forensic review, containment actions, recovery processes, and post-incident improvement measures.
• Oversees threat detection, alert triage, escalation, and tuning of security operations technologies.
• Manages the process of gathering, analyzing, and assessing the current and future threat landscape, providing leadership with a realistic overview of risks and threats.
• Leads IT security risk management and assessment activities; initiates and oversees scheduling, performance, and reporting of internal and external audits and assessments identifying security…