Executive Director, Information Security

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Chicago Public Schools (CPS) is a district on the rise, serving over 320,000 students in 500+ schools and employing over 44,000 people, most of them teachers. CPS has set ambitious goals to ensure that every student, in every school and every neighborhood, has access to a world-class learning experience that prepares each for success in college, career, and civic life. In order to fulfill this mission, we make three commitments to our students, their families, and all Chicagoans: academic progress, financial stability, and integrity. Six core values are embedded within these commitments – student-centered, whole child, equity, academic excellence, community partnership, and continuous learning.

The Department of Information and Technology Services (ITS) works to build the capacity of schools to use information and technology, maintain network infrastructure, security standards, and support other departments to meet district goals. ITS provides innovative technology solutions that improve the quality of education for students, reduce the administrative burden on educators, facilitate parent interaction, increase community engagement, and support CPS’ mission of transparency by focusing on the ease and equity of access to information.

Job Summary:

Reporting to the Chief Information Officer, the Executive Director, Information Security is responsible to establish and execute information security program directives, policy development, and policy enforcement as well as overseeing district’s network security systems. The Executive Director, Information Security will develop mechanisms to best identify, evaluate, and mitigate district-wide information security risks in a manner that upholds compliance and regulatory requirements, and aligns with the risk posture of CPS. This role leads the information security and operations teams. This is a full-time exempt position that will be paid for time worked on a salary basis.

This Job will be held accountable for the following responsibilities:

·Establish and execute strategic, comprehensive enterprise information security program directives and plans, including any and all district-wide information security training efforts to ensure that the confidentiality, integrity, and availability of information is owned, controlled or processed in a manner compliant with the CPS Board Policy and relevant regulatory authorities

·Develop and maintain information security policies, standards, guidelines and oversee the dissemination of security policies and practices; identify knowledge gaps to increase district awareness of relevant information security practices

·Lead and develop the information security and operations teams

·Provide leadership and guidance on information security topics, advising and collaborating on security processes, business continuity, and disaster recovery plans

·Provide oversight to the architecture and engineering of new security systems; including the evaluation of technical designs

·Ensure that system and application security design is in accordance with CPS Board Policy; consult with IT teams to ensure that security is factored into the evaluation, selection, installation, and configuration of hardware, applications and software

·Lead investigations of any actual or potential information security violations and manage escalation of security events; assist with related legal matters associated with such events as needed and make recommendations to correct or prevent future incidents

·Monitor external threat environment for emerging threats and advise relevant stakeholders on appropriate courses of action

·Provide regular reporting on current state of information security program to the CIO and other senior managers as appropriate

·Establish metrics and reporting framework to measure the efficiency, effectiveness, and maturity level of the program

·Liaise with relevant CPS business units (such as Internal Audit, Law, Finance, Safety & Security, Risk Management, HR teams), and external agencies as needed to ensure that CPS maintains a strong security posture

·Work with system administrators and application developers to audit, monitor and validate their environment’s security, including conducting gap analysis and other comprehensive internal assessments of existing systems to improve the security infrastructure and mitigate risks

·Other duties as assigned

In order to be successful and achieve the above responsibilities, this position must possess the following qualifications:

Education Required:

·Bachelor’s degree from an accredited college or university in Computer Science, Information Systems, or other related field

·Professional security management certification, such as Certified Information Systems Security Professional (CISSP), or similar credentials, preferred

·Master’s degree, preferred

Experience Required:

·Minimum of seven (7) years experience in the information technology field, including a minimum of five (5) years in an information security role

·Minimum of three (3) years experience in large (>50,000 users) heterogeneous enterprise-level IT organization

·Minimum of five (5) years of supervisory experience

·Experience with contract and vendor negotiations

·Experience designing and managing new and existing security systems

Knowledge, Skills, and Abilities:

·Proven track record and ability to develop information security programs, policies and procedures, including successful implementations in large enterprise environments

·High degree of initiative, dependability; experience managing multiple, simultaneous, and high-profile information security initiatives and responses

·High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgement and maturity

·Strong knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, NIST, CSA and deep knowledge and understanding of relevant legal and regulatory requirements/standards, including but not limited to: Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Children's Online Privacy Protection Act (COPPA), Payment Card Industry Data Security Standard (PCI DSS), Illinois School Student Records Act (ISSRA)

·Ability to advise infrastructure and applications staff in securing their respective environments

·Exhibit strong written and verbal communication skills, interpersonal and collaborative skills

·Strong ability to convey security information to non-technical end-users in a way that inspires adoption and adherence to all IT and Board security policies and programs

Conditions of Employment

As a condition of employment with the Chicago Public Schools (CPS), employees are required to:

• Establish/Maintain Chicago Residency - Employees are required to live within the geographic boundaries of the City of Chicago within six months of their CPS hire date and maintain residency throughout their employment with the district. The Chicago residency requirement does not apply to temporary/part-time positions, however, all CPS employees must be residents of Illinois.

Benefits: Health & Wellness: Your Care, Your Choice

• Medical Plan Options
• Pharmacy
• Dental
• Vision
• Behavioral Health & EAP
• Employee Wellness Program

Financial Security: Planning for Today and Tomorrow

• Basic Life Insurance
• Life and Disability Insurance
• Pension Plans
• Supplemental Retirement Plans (403(b) and 457(b))
• Flexible Spending Accounts (FSAs)
• Spot Pet Insurance

Work-Life Balance: Supporting Your Personal and Professional Life

• Paid Leave
• Sick Leave
• Vacation Days
• Parental Leaves
• Short-Term Disability
• Religious Holidays
• Leaves