Information Security Risk & Compliance Manager | Montgomery College Job at Montgomery College, Rockville, MD

TDdieGtTbTRGKzJRcytHK2sweVNZeWpkUlE9PQ==
  • Montgomery College
  • Rockville, MD

Job Description

Job Description

Montgomery College, Rockville, has an immediate need for a full-time Information Security Risk and Compliance Manager in the Office of Information Technology. The work schedule is Monday-Friday, 8:30 am-5:00 pm. This is a non-bargaining, exempt, grade 37 position. Montgomery College promotes and creates a working and learning environment rooted in the basic tenets of fairness, diversity, and inclusiveness. This position is eligible for telework two (2) days a week. This eligibility is subject to change based on the needs of the unit.

The Information Security Risk and Compliance Manager's role primarily includes the oversight, coordination, and management of the College's compliance with the Information Technology (IT) organization's security program and regulatory and industry compliance, e.g. PCI DSS, GLBA, FERPA, etc. This role also includes oversight and management for the design, development, and delivery of cybersecurity education and training as a component of the College's compliance obligations.

Duties include but are not limited to:

  • Provides leadership, oversight, and guidance for compliance with the IT Security program, related College policies, as well as federal, state, and local regulations, and industry standards.
    • Schedules and manages risk assessments based on relevant frameworks and/or regulatory requirements.
    • Coordinates mitigation plans based on assessment findings with the Information Systems Security Manager and the wider Cybersecurity and Risk Management team, as well as other OIT teams and College units.
    • Monitors and reports on compliance with IT Security standards, as well as the enforcement of standards within the IT department.
    • Facilitates the development of new IT Standards working with small and large stakeholder groups.
    • Reviews and proposes changes to existing policies and procedures to ensure operating efficiency and regulatory compliance on the defined review schedule.
    • Manages outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
    • Assists resource owners and IT staff in understanding and responding to security audit findings.
  • Leads and manages the College's IT third-party risk management program.
    • Collaborates, as appropriate, with information security, procurement, compliance and/or other risk functions to maintain the third-party risk management program.
    • Coordinates the identification and ranking of vendor risks.
    • Coordinates the classification and tiering of vendors by risks and risk impacts.
    • Builds communication and escalation plans around vendor risk management activities within the College.
    • Understands and applies relevant regulatory and legal compliance requirements.
    • Manages vendor risks as defined in vendor contracts and in accordance with existing risk management programs and policies.
    • Develops and monitors vendor remediation actions, mitigation and contingency plans when risks or events are identified.
    • Ensures third- (and increasingly, fourth) party vendor regulatory compliance.
    • Coordinates the gathering of vendor risk assessment data and prepares risk assessment reports to be published and communicated to stakeholders.
    • Influences vendors and business partners to ensure compliance with risk management policies.
    • Partners with sourcing and vendor relationship/contract management functions where they are not part of this group to manage vendor behavior.
    • Works with regulatory officers and auditors as necessary
    • Communicates identified risk requirements and violations to internal stakeholders (and end users within the business) and responsible vendors while supporting the response to, and the addressing of, these issues.
  • Leads the College's Cybersecurity Education and Awareness Program
    • Provides security communication, awareness, and training for audiences, which may range from senior leaders to staff, faculty, and students.
    • Identifies and evaluates top human risks to the College and the behaviors that must change to mitigate those risks.
    • Develops, reviews, implements, and maintains a security awareness program to mitigate human risks present in the organization's extant operating environment.
    • Creates and manages a metrics framework that effectively measures employee compliance with information security policies and the overall effectiveness of the security awareness program.
    • Establishes, and then maintains, an understanding of employee awareness around the organization.
    • Works with relevant business units to improve security awareness and meet regulatory and compliance standards.
  • Provides leadership and manage the activities of the team by encouraging collaboration and teamwork.
    • Manages a staff of information security risk and compliance professionals, hires and train new staff, conducts performance reviews, and provides coaching, including technical and personal development programs for team members.
    • Provides clear direction and expectations of performance for staff and managers and holds them accountable for achieving team and unit goals as well as established personal and professional development goals.

Required Qualifications:

  • Bachelor's degree and post-baccalaureate coursework or training in public policy, cybersecurity, information science, or a related field.
  • The equivalent combination of education, training, certification and/or experience that provides the required knowledge and expertise to perform the essential functions of the job may be considered.
  • Four years of progressively responsible experience in the management of risk and compliance issues, or similar experience managing applications, projects, or systems that require identification, evaluation, and remediation of risk.
  • Two years of supervisory experience.
  • Experience dealing with complex risk-related issues managing vendor relationships, information security or regulatory compliance programs, and audits.
  • Recognized training or certification in cybersecurity (CISSP), compliance, and/or information assurance (CISA or CRMA); other relevant certifications may be considered.
  • Eligible applicants must currently be authorized to work in the United States and not require employer visa sponsorship

Preferred Qualifications:

  • Experience working in higher education.

Salary range: $110,133 - $192,761 annually. Initial salary placement for new hires falls between the minimum and midpoint of the range ($110,133 - $151,447), based on relevant candidate experience and internal equity.

Application Process:

  • Click Here to apply online
  • Applications submitted by 10/25/2024 , will receive full consideration. The position will remain open until filled.
  • A cover letter is recommended and preferred.

As a condition of employment, the following are required at the time of hire:

  • Successful completion of a background check and degree verification (if applicable).

  • For international degrees, you must provide US degree equivalency verified by a nationally recognized credential evaluation service.

  • Participation in a Maryland State Retirement System plan (Pension or Optional Retirement Plan, depending on the position). If you are already retired from the Maryland State Retirement System, you may not enroll in a Maryland State Retirement System plan at Montgomery College and may have earn ings restrictions, per state law.

Our benefits package includes: generous paid vacation, sick, paid holidays, medical, dental, vision, group legal benefits, professional development, retirement plan, educational assistance, tuition waiver for employee and dependents, wellness programming including onsite gyms, pools and classes.

If a reasonable accommodation is needed to participate in the job application or interview process, please contact Human Resources and Strategic Talent Management at 240-567-5353 or HRSTM@montgomerycollege.edu . We require at least two weeks advance notice to enable us to provide the requested accommodation.

Montgomery College is an equal opportunity employer committed to promoting and fostering diversity among its student body, faculty, and staff.

Montgomery College is a tobacco-free and smoke-free workplace.

Closing Date

Open Until Filled

Job Tags

Holiday work, Full time, Contract work, Local area, Immediate start, Remote job, 2 days per week, Monday to Friday,

Similar Jobs

Disney Direct to Consumer

Sr Data Analyst Job at Disney Direct to Consumer

 ...Sr Data Analyst at Disney Direct to Consumer summary: The Sr. Data Analyst at Hulu is responsible for transforming data into actionable insights that drive business strategy and performance. This role involves designing innovative analytic approaches, conducting deep... 

Optimum Staffing

Local Class A CDL PM Driver - $30/HR Home Daily No NYC Deliveries Job at Optimum Staffing

 ...unloading via forklift. Operate manual and automatic transmissions - No CDL restrictions Adhering to DOT regulations and maintaining a clean...  ...and ensuring timely and accurate deliveries. Requirements Valid Class A CDL with no restrictions. Hazmat endorsement. 3-5 years of... 

Hartford HealthCare Medical Group

Surgical Oncologist MD/DO Job at Hartford HealthCare Medical Group

DescriptionJob Schedule: Full TimeStandard Hours: 40Job Shift: Shift 1Fellowship Trained Surgical Oncologist Hartford HealthCare Cancer InstituteHartford HealthCare is the most comprehensive integrated health care system in CT and the charter member of the Memorial... 

Mission Hospital McDowell

CT Multi-Modality Tech McDowell Job at Mission Hospital McDowell

Description Introduction Do you have the career opportunities as a CT Multi-Modality Tech you want with your current employer? We have an exciting opportunity for you to join Mission Hospital McDowell which is part of the nation's leading provider of healthcare...

MDG SOLUTIONS, INC

WordPress Developer Job at MDG SOLUTIONS, INC

Job DescriptionWe are seeking a highly skilled and motivated WordPress Developer. Reporting to the Director of Digital Operations, you will be a key player in shaping MDG's technological future. If you thrive in a fast-paced, collaborative environment, are driven by innovation...