Fast Facts
The university is seeking a Director for its Cybersecurity Governance, Risk, and Compliance (GRC) program to lead compliance initiatives and risk management strategies while ensuring alignment with regulatory requirements.
Responsibilities: Oversee cybersecurity governance, manage risk assessments, develop policies, and promote security awareness across the university.
Skills: Expertise in cybersecurity governance, risk management, and compliance, strong communication skills, and proficiency in managing compliance initiatives.
Qualifications: Bachelor's degree in a related field and at least five years in cybersecurity governance, with significant leadership experience and relevant certifications.
Location: Fayetteville, Arkansas, USA
Compensation: Not provided by employer. Typical compensation ranges for this position are between $120,000 - $180,000.
Department:Information Technology Services
Summary of Job Duties:The Director, Cybersecurity Governance, Risk, and Compliance (GRC) is a leadership position responsible for overseeing the university's cybersecurity governance, risk management, and compliance programs and associated staff. Reporting to the Chief Information Security Officer (CISO), the GRC Director ensures that the university's information security practices align with regulatory requirements, industry standards, and best practices. This role involves developing and implementing policies, conducting risk assessments, managing compliance initiatives, and fostering a culture of security awareness across the university.
Other duties as assigned.
Regular, reliable, and non-disruptive attendance is an essential job duty, as is the ability to create and maintain collegial, harmonious working relationships with others.
Minimum Qualifications:
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
- At least five years of experience in cybersecurity governance, risk management, and compliance, with a minimum of three years in a leadership and management role
- Professional certifications such as CISSP, CISM, CRISC, CGRC, or CISA
- Strong knowledge of information security frameworks, standards, and best practices, as evidenced by application materials
- Experience with risk assessment methodologies and compliance management
- Excellent communication and interpersonal skills, as evidenced by application materials
Preferred Qualifications:
- Master's degree in a related field
- Experience working in a higher education environment
- Additional certifications such as CGEIT, CIPT, or CIPM
- Experience with cloud security and privacy
- Knowledge of data protection regulations such as GDPR, HIPAA, and FERPA
- Proven track record of successfully managing compliance initiatives and risk management programs.
Knowledge, Skills, and Abilities:
- In-depth understanding of cybersecurity governance, risk management, and compliance principles
- Strong understanding of privacy laws and regulations
- Strong analytical and problem-solving skills
- Ability to lead and motivate a team of security professionals
- Excellent project management skills, with the ability to manage multiple projects simultaneously
- Ability to communicate complex security concepts to non-technical stakeholders
- Proven ability to act with a high level of integrity and ethical conduct