For more than 135 years, the Art Institute of Chicago and School of the Art Institute of Chicago have shared a commitment to the preservation, education and exploration of the artistic ideal. The Museum and the School are proud of our longstanding relationship, and form a single corporation called the Art Institute of Chicago. While the Museum and School have a shared mission of promoting the arts and art education, their operations are largely separate and each has its own chief executive who reports directly to the corporation's Board of Trustees.
The Director of Information Security develops and manages an information security program that protects and ensures the confidentiality, integrity and availability of institutional data. The Director works with business and technology leaders across the institution to develop information security, risk management, compliance and business continuity plans, policies, standards, guidelines, procedures and technical controls.
DUTIES AND RESPONSIBILITIES:
- Works with the CIO, technical staff and business stakeholders to develop a security program that address identified risks and business security requirements.
- Manages the process of gathering, analyzing and assessing the current and future threat landscape.
- Drives the development and implementation of effective and reasonable policies and practices to ensure operating efficiency and regulatory compliance.
- Manages and coordinates the operational components of threat and vulnerability management and incident management -- including detection, response and reporting.
- Assists and guides disaster recovery and business continuity planning in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.
- Works with the CIO to develop budget projections for short and long-term objectives and initiatives.
- Develops and delivers information and cyber security communication, awareness and training for all levels of the organization.
- Identifies and works with information asset owners and stakeholders to establish and maintain a data classification framework and associated controls.
- Consults with technology and business staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, software and cloud-based solutions.
- Assists with vendor assessment, contract terms and service level agreements for technology purchases.
- Provides technical and managerial expertise for the research, evaluation, selection and implementation of information security solutions and best practices.
- Maintains a knowledgebase and keeps current on security advisories and alerts, security trends and practices, and relevant laws and regulations.
- Develops a strong working relationship with the Information Services staff and all levels of the organization to design and implement controls and configurations aligned with security policies, legal, regulatory and audit requirements.
- Proposes changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
- Monitors and reports on compliance with security policies.
Bachelor's degree in Computer Science or related field required. Information security certifications such as CISSP or CCNA strongly desired.
Three to five years of relevant experience with information security concepts and practices; ideally in a higher education or not-for-profit setting.
Ability to research and recommend solutions to address vulnerabilities and mitigate risks.
Ability to lead and direct effective meetings and projects, build trust and mutual respect among colleagues, and manage multiple projects and initiatives.
Excellent written and verbal communication skills are critical; especially related to policy development and the presentation of technical information.
Experience with information security tools, methodologies and current practices.
Experience with PCI DSS compliance, HIPAA requirements, FERPA and other regulatory and compliance requirements a plus.
The Art Institute of Chicago is an equal opportunity, equal access employer fully committed to achieving a diverse and inclusive workplace.
Candidates only! It is NOT OK for recruiters or others to solicit this company.