Director, Information Security

Compensation Range:

Position Summary

The Director, Information Security, provides strategic, institutional leadership for National University’s information security and cyber risk management program. Reporting to the Associate Vice President (AVP), Information Security, this role is accountable for designing, governing, and advancing a comprehensive, risk‑based security program that protects the confidentiality, integrity, and availability of university information assets.

The Director serves as the senior operational and strategic leader for all information security domains, including Security Engineering, Security Operations, Governance, Risk & Compliance (GRC), Identity & Access Management, and Third‑Party Risk Management. They will partner closely with executive leadership, IT, academic leadership, legal, privacy, and compliance stakeholders to ensure security is embedded into institutional strategy, operations, and culture.  The Director translates enterprise risk priorities into sustainable security capabilities, maturity roadmaps, and measurable outcomes while advising leadership on emerging threats, regulatory changes, and strategic investments.

Essential Functions:

Strategic Leadership & Program Ownership

• Provides strategic leadership for the university’s enterprise information security program in alignment with institutional goals and risk appetite.
• Partners with the AVP, Information Security, to define long‑term security strategy, multi‑year roadmaps, and program maturity objectives.
• Serves as a senior advisor to IT and university leadership on cybersecurity risk, threat trends, and control effectiveness.
• Establishes and maintains security governance frameworks, policies, standards, and metrics aligned with recognized frameworks (e.g., NIST CSF, NIST 800‑53, ISO 27001).
• Leads institutional cybersecurity risk assessments and maturity evaluations, ensuring results inform investment and prioritization decisions.
• Provides executive‑level reporting and briefings on security posture, risk trends, incidents, and compliance status.

Security Operations, Engineering & Architecture

• Directs the design, implementation, and operation of security controls across on‑premises, cloud, and SaaS environments.
• Oversees security monitoring, detection, and response capabilities, including SIEM, endpoint protection, identity security, and network defense.
• Serves as executive lead for cybersecurity incident response, ensuring effective coordination, decision‑making, communications, and post‑incident improvement.
• Guides vulnerability management, penetration testing, and remediation strategies across the enterprise.
• Partners with Infrastructure, Applications, and Cloud teams to embed security into architecture, system design, and change management processes.

Governance, Risk & Compliance (GRC)

• Owns the university’s information security risk management program, including risk identification, assessment, treatment, and tracking.
• Ensures compliance with applicable regulatory and contractual requirements, including FERPA, GLBA, PCI‑DSS, HIPAA (as applicable), state privacy laws, and institutional policies.
• Leads internal and external security audits and assessments, coordinating remediation and executive reporting.
• Oversees the Third‑Party Risk Management (TPRM) program, ensuring vendors and partners meet institutional security expectations.
• Collaborates closely with Privacy, Legal, Compliance, and Data Governance stakeholders.

Identity, Access & Data Protection

• Provides strategic oversight of identity and access management (IAM), role‑based access control (RBAC), and privileged access management.
• Ensures effective access lifecycle governance in partnership with HR, IT, and business units.
• Guides data protection strategies, including classification, access controls, and loss prevention capabilities.

Awareness, Culture & Collaboration

• Champions a culture of shared responsibility for information security across the institution.
• Oversees security awareness and training initiatives in collaboration with institutional stakeholders.
• Represents Information Security on university committees, councils, and working groups related to technology, data, privacy, and risk.
• Maintains awareness of emerging threats, technologies, and regulatory developments to proactively advise leadership.
• Performs other duties as assigned.

Supervisory Responsibilities:  

• Provides direct leadership and oversight for Information Security teams, including Security Engineering, Operations, GRC, and Identity functions.
• Responsible for organizational design, staffing strategy, hiring, performance management, coaching, and professional development.
• Establishes clear objectives, accountability, and succession planning aligned with institutional priorities.
• Manages budgets, vendor relationships, and resource allocation for the information security program.

Requirements:

Education & Experience:

• Bachelor’s degree in Information Security, Computer Science, or a related field required; Master’s degree preferred.
• Minimum of Ten (10) years of progressive experience in information security or technology risk management.
• Minimum of Five (5) years of leadership experience managing teams and enterprise‑level security programs.
• Professional certifications such as CISSP, CISM, GIAC, or equivalent required.
• Experience in higher education or large enterprise environments preferred.
• Demonstrated experience across multiple security domains: operations, governance, risk management, and access control. 

Competencies/Technical/Functional Skills:

• Deep knowledge of cybersecurity domains, including security operations, cloud security, identity management, and risk governance.
• Strong understanding of regulatory and compliance frameworks applicable to higher education.
• Proven ability to communicate complex security risks to executive and non‑technical audiences.
• Strategic thinker with the ability to translate risk into actionable priorities.
• Strong leadership, collaboration, and influence skills across diverse stakeholder groups.
• Experience managing security tools, vendors, and managed service providers.
• High level of integrity and ability to manage sensitive and confidential information.

Location: Remote, USA

Travel: up to 10% travel

#LI-Remote

Candidate receiving offers will be offered a salary/pay rate commensurate with experience that vary based on a candidate’s qualifications, skills, and competencies.  Absent exceptional circumstances, candidates will be offered a salary within this range for this position. The minimum salary will be offered based on the minimum exemption threshold based on state of residency. Base pay is one component of National University’s total rewards package, as we are dedicated to supporting the needs of the “whole you” with our holistic approach to employee benefits by offering comprehensive well-being benefits for you and your family.  For full details about our benefit plan offerings, please visit benefits.nu.edu. For Part-time benefits, please click here.

National University is committed to maintaining a high-quality workforce representative of the populations we serve. National University employs more than 4,500 faculty and staff and serves over 45,000 students. We are united in our mission to meet the global education demands of the 21st Century and are dedicated to creating a supportive academic and work environment that allows students, faculty and staff to develop their interests and talents while experiencing a sense of community. With programs available both online and at our many campus locations, National University is a leader in creating innovative solutions to education and meeting the needs of our student population, including adult learners and working professionals.

National University (NU) is proud to be an equal opportunity employer and does not discriminate against any employee or applicant per applicable federal, state and local laws. At NU, a mix of highly talented, innovative and creative people come together to make the impact of a lifetime for each of our student learners. All qualified applicants will receive equal consideration for employment, education, and admission at National University.