Human Resources Job Descriptions - Montgomery County Public Schools, Rockville, MD

] Office of Human Resources - Montgomery County Public Schools

OFFICE OF HUMAN RESOURCES AND DEVELOPMENT → CLASSIFICATION → DIRECTOR, INFORMATION SECURITY

Sorted by job title: A - C | D - H | I - Q | R - Z

Director, Information Security

MONTGOMERY COUNTY PUBLIC SCHOOLS CLASS DESCRIPTION
OFFICIAL TITLE: Director I	CODE: 0330	SQ/OQ: Not Applicable
WORKING TITLE: Director, Information Security	GRADE: P	MONTHS: 12
SUMMARY DESCRIPTION OF CLASSIFICATION: Under the general direction of the Director of the Department of Infrastructure and Operations, directs a dedicated, technology-focused team responsible for information security and data governance; plans, organizes, supervises, and evaluates all activities, functions, and personnel of the Office of Strategic Initiatives (OSI); identifies, evaluates, and reports on information security risks in a manner that meets all compliance and regulatory requirements; provides strategic and tactical vision around adversary and threat detection, incident response, and asset fortification; develops metrics for ongoing performance measurement and reporting; reviews and develops security policies and procedures that provide system and application protection. Aligns the priorities of the department with the vision of OSI Initiatives. Ensures the work carried out by staff supports the policies of the Board of Education and the expectations of the superintendent and executive staff.
MINIMUM QUALIFICATION STANDARDS
KNOWLEDGE, SKILLS, AND ABILITIES: Possesses knowledge of principles, practices, and procedures relating to industry security standards; and knowledge of NIST Cybersecurity framework and Center for Internet Security (CIS) critical security controls; understands system internals and network protocols. Possesses expertise in application technology security testing and evaluation and system technology security testing (vulnerability scanning and penetration testing). Understands and is well-versed on applicable local, state, and federal laws related to IT security framework, particularly those specific to information protection related to children and data (CIPA, FERPA, COPPA, etc). Ability to manage multiple complex projects and achieve results within required deadlines, functionality, performance, quality and budget. Demonstrates skills and ability to manage projects and staff. Must be a technically competent, hands-on self-starter with strong communication, leadership and organizational development skills, and lead with a continuous improvement mindset. Knowledge of and ability to administer the school system's employee professional growth systems and ability to develop, empower, and provide timely feedback to staff. The director must possess a strong work ethic and the commitment to nurturing productive relationships with staff, colleagues, customers, and partners. Knowledge of a variety of technology architectures, software development lifecycle, application security, project/process management and the operations of a large public school system are essential. Familiarity with the MCPS Professional Growth Systems (PGS) evaluation criteria and procedures or ability to quickly obtain and apply PGS.
EDUCATION, TRAINING, AND EXPERIENCE: Bachelor's degree in technology or related discipline from an accredited college or university, Master's degree preferred. Experience with multi-platform computing environments, enterprise network operations, web-based system architectures, as well as centralized and distributed client server functionality. Specific experience with Cisco systems and Microsoft server/workstation architectures and design. Significant experience in managing multiple complex systems projects and prior supervisory or leadership experience.
CERTIFICATE AND LICENSE REQUIREMENTS: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other relevant industry certifications, preferred.
PHYSICAL DEMANDS: (Special requirements such as lifting heavy objects and frequent climbing.) None
SPECIAL REQUIREMENTS: (Frequent overtime or night work required, etc.) (Frequent overtime or night work required, etc.) Occasional overtime and attendance at evening and weekend meetings may be required.
OVERTIME ELIGIBLE: No
EXAMPLES OF DUTIES AND RESPONSIBILITIES: EXAMPLES OF DUTIES AND RESPONSIBILITIES: In collaboration with peers, staff, and the chief technology officer, the director leads the development and integration of state-of-the-art information security methodologies to secure and maintain a reliable and robust computing environment. The director confers with the office's leadership and staff in developing a clearly defined and articulated vision for how the district's cybersecurity infrastructure is designed, developed, and managed. Leads, supervises, and develops OSI staff and provides timely feedback, support, administers and applies PGS; and supervises all activities and functions in OSI. Assesses and advises on risks associated with reports received from government and state agencies related to security threats and vulnerabilities, Prioritizes, schedules, and allocates technology support resources for the implementation assigned. Collaborates with Procurement and the Office of General Counsel to the review of information gathered for the consideration of new agreements involving data sharing. Participates in the initial and on-going review of agreements related to the use of online tools (both free and for purchase), particularly those associated with the transacting of sensitive student and/or employee data. Identifies, tracks, and communicates detailed metrics indicating overall security risk factors. Partners with stakeholders to address any known or potential risks associated with existing hardware, software, or other functions related to threats and vulnerabilities. Adapts to the ever-changing IT landscape and new security technologies and strategies. Aligns IT security priorities and plans with key business objectives to balance real-world risks with drivers such as speed, agility, flexibility, and performance. Manages numerous information sources and provide regular data analysis reports. Sets, communicates, and assesses program priorities and performance standards. Works with various IT teams throughout the Office of Strategic Initiatives to determine proper and safe use of office technologies. Facilitates meetings and/or present information to groups. Understands and articulates complex technical information and communicate effectively with a technical and non-technical audience. Works closely with program managers, coordinators, and directors as a technical expert. Ensures collaboration with other technology teams. Diagnoses and assists in the resolution of complex issues related to infrastructure, firewalls, web filters, servers, VoIP, wireless infrastructure, and local and wide area networks. Serves on cross-functional teams, as assigned. Attends meetings to discuss technical requirements.
Class Established: 12/2023 Date(s) Revised: Last Reviewed:

This description may be changed at any time.