Director, Information Security
Milton Hershey School (MHS) plays a special role in the lives of our students-far different from that of any other pre-K through 12th-grade school in the world. When chocolatier Milton S. Hershey and his wife, Catherine, founded the school in 1909, they did so with the intention of giving children with less more-more hands-on learning, more access to daily needs, and more opportunities to enrich their lives. More than a century later, the school has graduated almost 12,000 students. MHS is one of the world's best private schools, where students from qualifying families looking for greater opportunity can explore their individual interests to the fullest-with all costs covered. From our career-focused education to character and leadership development, we nurture students from lower-income backgrounds to prepare them to enter the world equipped to thrive as self-sufficient adults. MHS is seeking a full-time on-site Director, Information Security. This position reports to the Associate Sr. Director IT, and is responsible for the design, implementation, management, and oversight of the organization's information security practices as defined within the MHS Cyber-Security Framework. The Information Security team oversees several key security programs which include:
Security Awareness - (ex:
Annual and supplemental student and employee Training, Phishing Competitions, and ongoing programs, etc.) Security Incident Response and Investigations (ex:
Breaches, Disclosures, Staff and Student technology investigations, Litigation Hold eDiscovery, etc.) Vulnerability Management and Remediation (ex:
Vuln. Scanning, analysis, and closure, annual Penetration Test engagements and remediation) Security Risk Management (ex:
Disaster Recovery, Business Continuity Planning, Enterprise Risk Management, Assessments, etc.) Technical and Administrative Security Controls (Device and System Baseline hardening, Ongoing MDM controls, Internal and Organizational Security Policies, etc.) Governance and Compliance (ex:
Data Destruction, Application, Hardware, and Account Lifecycles, etc.) The starting compensation range for this position is $128k - $171k plus a competitive benefits package. This is an on-site position in Hershey, PA. Responsibilities Collaborate with senior IT management to create and implement an overall strategic vision for Information Security. Serve as the lead for information security incident response planning, management, and tracking which also includes all technology related investigations. Maintain and enhance the MHS enterprise information security stance through policy, architecture, technical controls, training, and awareness. Collaboration on and recommendations of appropriate security solutions to protect the organization. Collaborate with other areas within the IT department as well as with leaders throughout the MHS community to share the organization's security vision and to solicit their involvement in achieving higher levels of enterprise security. Serves as the school's HIPAA Security Officer and work with the HIPAA Privacy Officers and HIPAA Committee to ensure ongoing management of information security policies, procedures, and technical systems for all healthcare information systems to maintain the confidentiality, integrity, and availability of all organizational Protected Health Information (PHI). Supervise the Information Security team and 3rd party contractors. Ensure all work, both operational and project work, is prioritized and completed in an organized, professional, and timely manner. Ensure the team communicates and collaborates effectively within other areas of the IT department, and across the school. Ensure proactive monitoring of existing systems to identify and resolve security issues and concerns in an efficient and professional manner. Ensure preventative maintenance is being performed on existing systems to remediate security concerns. Ensure approved technology solutions are designed and implemented in a professional, secure, and timely manner. Assist with the design and implementation of application, system, and infrastructure technology to ensure security controls are in place with the rollout of new, or upgrades to existing, technology. Maintain all required service and support contracts. Create and maintain accurate information security systems and policies documentation. MHS is a 24x7x365 campus which requires after-hours support for critical systems and security incidents. This position ensures appropriate levels of support are provided by the team to respond in a timely manner. Assists with annual operating and capital budget planning for systems, services, and projects within the Information Security team.
Qualifications:
Bachelor's degree in information technology related field or commensurate years of experience. Current CISSP or GISP Certification. 8
years' experience overseeing and securing technology systems and services. Experience overseeing an IT Security Team. Project management experience. Demonstrated exceptional customer service skills. Experience with preparing and managing budgets. Experience in IT related procurement, vendor relationships, and contract management. Experience managing projects, identifying milestones and resources, and setting due dates to ensure projects are completed on schedule and within budget. Ability to evaluate new technologies and assist with setting strategic direction to meet the changing needs of the school. Excellent organizational skills. Excellent analytical skills and the ability to solve complex business and technical problems. Excellent verbal and written communication skills, including an ability to present technical information in layman's terms. Demonstrated initiative, good judgement, and ability to achieve meaningful results. Experience managing projects using RFIRFP processes. All MHS employees are expected to demonstrate a high level of integrity, positive spirit, mutual respect, and commitment to our mission. Candidates must be willing to actively engage with students beyond the scope of their job responsibilities. PDN-9b29ba81-5427-4afd-9562-9a15b51d1dc1 Recommended Skills Administration Analytical Architecture Assessments Business Continuity Planning Business Relationship Management Apply to this job. Think you're the perfect candidate? Apply on company site $('.external-apply-email-saved').on('click', function (event) window.ExternalApply = window.open('/interstitial?jobdid=j3t7kk6m5bp0d10fc9g', 'ExternalApply-j3t7kk6m5bp0d10fc9g'); ); $(document).ready( function() $(#ads-desktop-placeholder).html(
n
n
n Estimated Salary: $20 to $28 per hour based on qualifications.
Security Awareness - (ex:
Annual and supplemental student and employee Training, Phishing Competitions, and ongoing programs, etc.) Security Incident Response and Investigations (ex:
Breaches, Disclosures, Staff and Student technology investigations, Litigation Hold eDiscovery, etc.) Vulnerability Management and Remediation (ex:
Vuln. Scanning, analysis, and closure, annual Penetration Test engagements and remediation) Security Risk Management (ex:
Disaster Recovery, Business Continuity Planning, Enterprise Risk Management, Assessments, etc.) Technical and Administrative Security Controls (Device and System Baseline hardening, Ongoing MDM controls, Internal and Organizational Security Policies, etc.) Governance and Compliance (ex:
Data Destruction, Application, Hardware, and Account Lifecycles, etc.) The starting compensation range for this position is $128k - $171k plus a competitive benefits package. This is an on-site position in Hershey, PA. Responsibilities Collaborate with senior IT management to create and implement an overall strategic vision for Information Security. Serve as the lead for information security incident response planning, management, and tracking which also includes all technology related investigations. Maintain and enhance the MHS enterprise information security stance through policy, architecture, technical controls, training, and awareness. Collaboration on and recommendations of appropriate security solutions to protect the organization. Collaborate with other areas within the IT department as well as with leaders throughout the MHS community to share the organization's security vision and to solicit their involvement in achieving higher levels of enterprise security. Serves as the school's HIPAA Security Officer and work with the HIPAA Privacy Officers and HIPAA Committee to ensure ongoing management of information security policies, procedures, and technical systems for all healthcare information systems to maintain the confidentiality, integrity, and availability of all organizational Protected Health Information (PHI). Supervise the Information Security team and 3rd party contractors. Ensure all work, both operational and project work, is prioritized and completed in an organized, professional, and timely manner. Ensure the team communicates and collaborates effectively within other areas of the IT department, and across the school. Ensure proactive monitoring of existing systems to identify and resolve security issues and concerns in an efficient and professional manner. Ensure preventative maintenance is being performed on existing systems to remediate security concerns. Ensure approved technology solutions are designed and implemented in a professional, secure, and timely manner. Assist with the design and implementation of application, system, and infrastructure technology to ensure security controls are in place with the rollout of new, or upgrades to existing, technology. Maintain all required service and support contracts. Create and maintain accurate information security systems and policies documentation. MHS is a 24x7x365 campus which requires after-hours support for critical systems and security incidents. This position ensures appropriate levels of support are provided by the team to respond in a timely manner. Assists with annual operating and capital budget planning for systems, services, and projects within the Information Security team.
Qualifications:
Bachelor's degree in information technology related field or commensurate years of experience. Current CISSP or GISP Certification. 8
years' experience overseeing and securing technology systems and services. Experience overseeing an IT Security Team. Project management experience. Demonstrated exceptional customer service skills. Experience with preparing and managing budgets. Experience in IT related procurement, vendor relationships, and contract management. Experience managing projects, identifying milestones and resources, and setting due dates to ensure projects are completed on schedule and within budget. Ability to evaluate new technologies and assist with setting strategic direction to meet the changing needs of the school. Excellent organizational skills. Excellent analytical skills and the ability to solve complex business and technical problems. Excellent verbal and written communication skills, including an ability to present technical information in layman's terms. Demonstrated initiative, good judgement, and ability to achieve meaningful results. Experience managing projects using RFIRFP processes. All MHS employees are expected to demonstrate a high level of integrity, positive spirit, mutual respect, and commitment to our mission. Candidates must be willing to actively engage with students beyond the scope of their job responsibilities. PDN-9b29ba81-5427-4afd-9562-9a15b51d1dc1 Recommended Skills Administration Analytical Architecture Assessments Business Continuity Planning Business Relationship Management Apply to this job. Think you're the perfect candidate? Apply on company site $('.external-apply-email-saved').on('click', function (event) window.ExternalApply = window.open('/interstitial?jobdid=j3t7kk6m5bp0d10fc9g', 'ExternalApply-j3t7kk6m5bp0d10fc9g'); ); $(document).ready( function() $(#ads-desktop-placeholder).html(
n
n
n Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
