Director, Information Security

ArtCenter College of Design is searching for an experienced Director, Information Security to join our team.

The salary range for this position: $110,000.00 - 130,000.00 per year
Final salary and rates are based on education, experience, skills relevant to the role, and internal equity.

About ArtCenter
Founded in 1930 and located in Pasadena, California, ArtCenter College of Design is a global leader in art and design education and has had an international reputation for its rigorous, transdisciplinary curriculum, faculty of professionals, strong ties to industry, and commitment to socially responsible design. ArtCenter is a private nonprofit fully accredited by the WASC Senior College and University Commission (WSCUC).

Every position at ArtCenter plays an important part in carrying out the values, goals, strategic vision, and mission of the College. This includes diversity, equity, inclusion, access, belonging (DEIAB) and culture.

Reporting to the Vice President of Information Technology, the Director of Information Security is responsible for directing information security strategies, planning, and policies, and developing and maintaining data security programs for the College.  The Director of Information Security helps ensure protection of institutional data and assets, leads cybersecurity risk management practices, and assesses vulnerability status to continuously monitor and enhance the College’s information security protocols.  The incumbent must have a strong understanding of data protection practices, related regulations, and security infrastructure, and will help ensure adherence to appropriate controls and regulatory compliance, as well as regularly conduct user training programs and awareness campaigns to promote a culture of information security and privacy aware environment.

This is a full-time position. Normal business hours are Monday through Friday, 8:30 a.m. to 4:30 p.m. The position may require flexibility to work a staggered, remote or alternate schedule to meet the demands of the work, which could include weekends or evenings. The position is eligible for flexible scheduling and can be performed remotely, hybrid or may be required as a condition of employment.

Essential functions

Information Security Strategies and Compliance – 75%

• Develop and maintain a comprehensive information security and privacy standards and system security frameworks, and implement policies and processes to enhance controls and reduce risk across the College
• Working with VP of IT, develop responses to and establish protocol for requests for information that include, but are not limited to, institutional audits, insurance renewals, and official agencies
• Assess and evaluate compliance against information security policies and standards, proactively identifying non-conforming areas, assessing risk, enforcing set policies, and providing risk response strategies as appropriate to balance compliance and innovation. Recommend and implement compliance measures that mitigate risks and maximize access to education
• Working closely with IT colleagues, help analyze and investigate known and emerging threats to determine risks, address risk response strategies, and recommend proactive cyber risk management programs that contribute to a secure and resilient infrastructure
• Create and maintain business continuity plans, and other applicable recovery plans. Help organize contingency plans and coordinate scheduling of periodic tests; collaborate and coordinate the business continuity plans across College departments and maintain up-to-date plans
• Help assess role-based access, including physical/facilities control systems and access levels through periodic reviews, in addition to technical and administrative control measures
• Help assess equipment protection of College properties to ensure compliance to data protection and system security policies
• Support IT colleagues in the evaluation of solutions, development of procedures, and testing of data protection measures

Reporting and Outreach – 20%

• Advise IT management in future state problems, challenges, and industry trends and regulations in cyber security controls and data protection, and work collaboratively to enhance capabilities and processes
• Monitor regulatory and legislative landscape, and recommend change requirements to maintain compliance; wtay current on industry trends around cyber risk and data protection practices; assist IT management with compliance regulations that include, but are not limited to, FERPA, PCI, GLBA, GDPR, and PIPL
• Prepare reporting and/or dashboards as appropriate on security compliance, cyber risks, and incident management; document research and analysis encompassing historical trend, current state, and predictive analysis
• Create and deliver data security training programs to maximize protection for the College and to increase user awareness and knowledge about information security
• Regularly conduct information security awareness campaigns and training for faculty, staff, and students that include best practices on data privacy and security principles

Non-essential functions – 5 %

• Lead or participate in committees as assigned
• Other duties as assigned

• Bachelor’s Degree in Information Security, Cybersecurity, Computer Science, Information Systems, or a related field
• Security Certification such as CISSP, CISM, CISA, and PCIP
• 7 years of information security experience in an enterprise setting
• Strong knowledge of data protection regulations such as FERPA, PCI, GLBA, GDPR, and PIPL
• Strong knowledge with security incident response practices
• Strong knowledge of data security of ERP systems, and security practices and advancement of related auxiliary systems
• Experience with compliance controls through control implementations and process design
• Knowledge of vulnerability scans and penetration tests, and intrusion detection methodologies
• Knowledge of firewalls, cryptography, identity and access management systems, directory services, SSO, and secure web and application development with strong understanding of security industry and best practices in network, application, database, and hardware platforms
• Knowledge of application security and database technologies used to store enterprise information, directory services, and information systems auditing
• Strong verbal and written communication skills in both business and technical subject areas with ability to effectively communicate complex information to diverse audiences
• Strong research and analytical skills with proven ability to anticipate, measure, and plan for emerging risks to meet anticipated needs
• Strong organizational and collaborative skills with ability to manage multiple projects, facilitate discussions, and recommend solutions
• Experience with complex project or program management
• Experience developing and conducting security campaigns and training programs
• Ability to work outside of normal business hours
• Ability to work independently as a self-starter
• A commitment to DEIAB and culture, and the ability to establish and maintain effective working relationships within ArtCenter’s diverse communities

Preferred Qualifications

• Experience in higher education
• Cyber incident response management experience
• Regulatory experience and/or background in compliance and controls

Diversity Statement
ArtCenter is fully committed to fostering a culture that values diversity, equity, inclusion, access and belonging not only in vision but in practice. Our path forward is predicated on our belief that multiple points of view, life experiences, ethnicities, cultures and belief systems are essential to academic and creative excellence. We strive to learn more about difference while respecting the rich diversity in our world, attending to important questions about racial injustice and decolonizing our curriculum. Our campus environment must be vigilant in supporting the full participation of students, faculty, and staff of every race, color, ethnicity, sex, gender, gender identity or expression, marital status, religion, sexual orientation, age, disability, veteran status, socioeconomic status and political viewpoint.

Equal Opportunity Employer
ArtCenter is committed to a policy of equal employment opportunity and does not discriminate against its employees or applicants on the basis of race, color, religious creed, sex, ancestry, national origin, citizenship, age, physical or mental disability, medical condition (including HIV and AIDS), genetic characteristic or information, pregnancy, marital status, military or veteran status, sexual orientation, gender, gender identity, transgender identity, gender expression, protective hairstyles, or any other characteristic protected by applicable state or federal law. Equal employment opportunity is extended to all persons in all aspects of the employer-employee relationship, including without limitation, recruitment, hiring, upgrading, training, promotion, compensation, benefits, leave of absence, transfer, discipline, layoff, recall and termination. This commitment applies to all persons involved in the operations of ArtCenter and prohibits unlawful discrimination by any employee of ArtCenter. Applicants who wish to request an accommodation for a disability may contact the Office of Employee Experience and Engagement at (626) 396-2270.

Land Acknowledgment:
ArtCenter College of Design occupies the region of the ancestral and traditional land of the Hahamog'na Tongva people, the stewards of the San Gabriel Valley area around present-day Pasadena.

ArtCenter Employees have a Mandatory Duty to Report 
All employees who know or have reason to know of allegations or acts that violate ArtCenter’s Title IX Policy prohibiting discrimination, harassment, retaliation, sexual harassment, sexual misconduct, sexual violence, dating violence, and stalking shall promptly inform the Director, Title IX Compliance and Programs or designee, or the Associate Dean of Students or designee. Faculty, who have a mandatory duty to report, are required to disclose all information including the names of the parties, even where the person has requested their name remain confidential.

Pursuant to the California Child Abuse and Neglect Reporting Act (CANRA), all employees who know of or have reason to suspect child abuse or neglect involving alleged victims under age 18 shall promptly inform local law enforcement or the county welfare department.

Vaccination Requirement
ArtCenter is committed to providing a safe and healthy work environment for all members of our community. Guided by the latest information from the CDC, the California Department of Public Health and the Pasadena Public Health Department, all staff, students and faculty must provide proof of vaccination. Annual vaccines and/or booster vaccines will be required based on CDC or FDA guidance. Those who cannot get vaccinated for medical or religious reasons will need to provide appropriate documentation. ArtCenter will then engage in an interactive process, on an individual basis, to determine if there is a reasonable accommodation that can be provided. Our complete policy can be found here.