Director, Cyber Risk Management

Georgetown University comprises two unique campuses in the nation's capital. With the Hilltop Campus located in the heart of the historic Georgetown neighborhood, and the Capitol Campus just minutes from the U.S. Capitol and U.S. Supreme Court, Georgetown University offers rigorous academic programs, a global perspective, and unparalleled opportunities to engage with Washington, D.C. Our community is a close-knit group of remarkable individuals driven by intellectual inquiry, a commitment to social justice, and a shared dedication to making a difference in the world.

The Director, Cybersecurity Risk Management is responsible for the development, enforcement, and general management of the university's cybersecurity risk management, vulnerability management, policies, and audit activities. This senior-level position represents the Office of the Chief Information Security Officer (CISO) on cybersecurity risk and vulnerability management across Georgetown University.

• Develop, enforce, and manage university cybersecurity risk management, vulnerability management, policies, and audit activities.
• Own and enforce policy development for the information security program.
• Run the vulnerability management program, ensuring system owners keep all systems up-to-date with current patches and mitigate vulnerabilities.
• Lead the cybersecurity awareness and training program, including education, outreach, and phishing training campaigns.
• Serve as the point-of-contact for security posture concerns related to departments and organizations outside UIS.
• Act as the alternate representative of the university’s security presence to external parties, auditors, and agencies.
• Ensure compliance with current and emerging regulatory requirements related to cyber security.
• Communicate effectively with university senior executives, administrators, faculty, alumni, staff, students, technical staff, and IT managers.
• Supervise Security Analysts to assist with designated responsibilities.

• 7+ years of information security and/or IT compliance and assurance experience, with at least 2 years in a supervisory or lead role.
• Higher education industry experience preferred.
• Relevant technical certifications or equivalent combination of education (minimum Bachelor’s degree) and experience.
• Solid technical understanding of multi-platform/hosted environments and their operational/security considerations.
• Firm understanding of IT compliance regulations & obligations, including HIPAA, PCI, FERPA, GLBA, and others.
• Track record of risk assessment, problem identification, analytical problem solving, and issue resolution.
• Strong foundation in understanding and assessing processes and controls.
• Excellent written and verbal communication skills with the ability to present to groups.
• Ability to work outside of usual business hours, including potential on-call responsibilities.
• Will be required to sign a confidentiality agreement and abide by University policies.

• Secure communications, applications, and business systems.
• Perform risk IT assessments.
• Oversee drafting of policies and procedures for secure daily operations.
• Implement physical and technical security measures.
• Design and deliver security education methodology and campaigns.
• Select, test, deploy, and maintain security hardware.
• Plan, test, and manage disaster recovery and security breaches.
• Understand governance and compliance and enforce policies.
• Lead incident management and investigation.
• Represent the university when dealing with law enforcement agencies.
• Understand the threat landscape and manage risk across a dispersed portfolio.
• Familiarity with Cyber Security frameworks, including NIST and ISO.
• Apply security architecture and engineering principles.

This position has been designated as Telework.

Georgetown University offers a comprehensive and competitive benefit package that includes medical, dental, vision, disability and life insurance, retirement savings, tuition assistance, work-life balance benefits, employee discounts, and an array of voluntary insurance options.

GU is an Equal Opportunity Employer. All qualified applicants are encouraged to apply and will receive consideration for employment without regard to age, citizenship, color, disability, family responsibilities, gender identity and expression, genetic information, marital status, national origin, race, religion, personal appearance, political affiliation, sex, sexual orientation, veteran status, or any other characteristic protected by law.