474961true474961falseSubmission for the position Executive Director Information Security - Job Number 25000059false474961falsetrueExecutive Director Information Security2500005925000059Jan 31 2025 82910 PMJan 31 2025 82910 PMCentral-42 West Madison Street Information & Technology SvcsCentral-42 West Madison Street Information & Technology SvcsS12S12Union PositionUnion PositionExemptExempt Chicago Public Schools CPS is a district on the rise serving over 320000 students in 500 schools and employing over 44000 people most of them teachers. CPS has set ambitious goals to ensure that every student in every school and every neighborhood has access to a world-class learning experience that prepares each for success in college career and civic life. In order to fulfill this mission we make three commitments to our students their families and all Chicagoans academic progress financial stability and integrity. Six core values are embedded within these commitments - student-centered whole child equity academic excellence community partnership and continuous learning. The Department of Information and Technology Services ITS works to build the capacity of schools to use information and technology maintain network infrastructure security standards and support other departments to meet district goals. ITS provides innovative technology solutions that improve the quality of education for students reduce the administrative burden on educators facilitate parent interaction increase community engagement and support CPS mission of transparency by focusing on the ease and equity of access to information. Job Summary Reporting to the Chief Information Officer the Executive Director Information Security is responsible to establish and execute information security program directives policy development and policy enforcement as well as overseeing districts network security systems. The Executive Director Information Security will develop mechanisms to best identify evaluate and mitigate district-wide information security risks in a manner that upholds compliance and regulatory requirements and aligns with the risk posture of CPS. This role leads the information security and operations teams. This is a full-time exempt position that will be paid for time worked on a salary basis. This Job will be held accountable for the following responsibilities · Establish and execute strategic comprehensive enterprise information security program directives and plans including any and all district-wide information security training efforts to ensure that the confidentiality integrity and availability of information is owned controlled or processed in a manner compliant with the CPS Board Policy and relevant regulatory authorities · Develop and maintain information security policies standards guidelines and oversee the dissemination of security policies and practices identify knowledge gaps to increase district awareness of relevant information security practices · Lead and develop the information security and operations teams · Provide leadership and guidance on information security topics advising and collaborating on security processes business continuity and disaster recovery plans · Provide oversight to the architecture and engineering of new security systems including the evaluation of technical designs · Ensure that system and application security design is in accordance with CPS Board Policy consult with IT teams to ensure that security is factored into the evaluation selection installation and configuration of hardware applications and software · Lead investigations of any actual or potential information security violations and manage escalation of security events assist with related legal matters associated with such events as needed and make recommendations to correct or prevent future incidents · Monitor external threat environment for emerging threats and advise relevant stakeholders on appropriate courses of action · Provide regular reporting on current state of information security program to the CIO and other senior managers as appropriate · Establish metrics and reporting framework to measure the efficiency effectiveness and maturity level of the program · Liaise with relevant CPS business units such as Internal Audit Law Finance Safety & Security Risk Management HR teams and external agencies as needed to ensure that CPS maintains a strong security posture · Work with system administrators and application developers to audit monitor and validate their environments security including conducting gap analysis and other comprehensive internal assessments of existing systems to improve the security infrastructure and mitigate risks · Other duties as assigned In order to be successful and achieve the above responsibilities this position must possess the following qualifications Education Required · Bachelors degree from an accredited college or university in Computer Science Information Systems or other related field · Professional security management certification such as Certified Information Systems Security Professional CISSP or similar credentials preferred · Masters degree preferred Experience Required · Minimum of seven 7 years experience in the information technology field including a minimum of five 5 years in an information security role · Minimum of three 3 years experience in large >50000 users heterogeneous enterprise-level IT organization · Minimum of five 5 years of supervisory experience · Experience with contract and vendor negotiations · Experience designing and managing new and existing security systems Knowledge Skills and Abilities · Proven track record and ability to develop information security programs policies and procedures including successful implementations in large enterprise environments · High degree of initiative dependability experience managing multiple simultaneous and high-profile information security initiatives and responses · High level of personal integrity as well as the ability to professionally handle confidential matters and show an appropriate level of judgement and maturity · Strong knowledge of common information security management frameworks such as ISOIEC 27001 COBIT NIST CSA and deep knowledge and understanding of relevant legal and regulatory requirementsstandards including but not limited to Family Educational Rights and Privacy Act FERPA Health Insurance Portability and Accountability Act of 1996 HIPAA Childrens Online Privacy Protection Act COPPA Payment Card Industry Data Security Standard PCI DSS Illinois School Student Records Act ISSRA · Ability to advise infrastructure and applications staff in securing their respective environments · Exhibit strong written and verbal communication skills interpersonal and collaborative skills · Strong ability to convey security information to non-technical end-users in a way that inspires adoption and adherence to all IT and Board security policies and programs Conditions of Employment As a condition of employment with the Chicago Public Schools CPS employees are required to Chicago Public Schools CPS is a district on the rise serving over 320000 students in 500 schools and employing over 44000 people most of them teachers. CPS has set ambitious goals to ensure that every student in every school and every neighborhood has access to a world-class learning experience that prepares each for success in college career and civic life. In order to fulfill this mission we make three commitments to our students their families and all Chicagoans academic progress financial stability and integrity. Six core values are embedded within these commitments - student-centered whole child equity academic excellence community partnership and continuous learning. The Department of Information and Technology Services ITS works to build the capacity of schools to use information and technology maintain network infrastructure security standards and support other departments to meet district goals. ITS provides innovative technology solutions that improve the quality of education for students reduce the administrative burden on educators facilitate parent interaction increase community engagement and support CPS mission of transparency by focusing on the ease and equity of access to information. Job Summary Reporting to the Chief Information Officer the Executive Director Information Security is responsible to establish and execute information security program directives policy development and policy enforcement as well as overseeing districts network security systems. The Executive Director Information Security will develop mechanisms to best identify evaluate and mitigate district-wide information security risks in a manner that upholds compliance and regulatory requirements and aligns with the risk posture of CPS. This role leads the information security and operations teams. This is a full-time exempt position that will be paid for time worked on a salary basis. This Job will be held accountable for the following responsibilities · Establish and execute strategic comprehensive enterprise information security program directives and plans including any and all district-wide information security training efforts to ensure that the confidentiality integrity and availability of information is owned controlled or processed in a manner compliant with the CPS Board Policy and relevant regulatory authorities · Develop and maintain information security policies standards guidelines and oversee the dissemination of security policies and practices identify knowledge gaps to increase district awareness of relevant information security practices · Lead and develop the information security and operations teams · Provide leadership and guidance on information security topics advising and collaborating on security processes business continuity and disaster recovery plans · Provide oversight to the architecture and engineering of new security systems including the evaluation of technical designs · Ensure that system and application security design is in accordance with CPS Board Policy consult with IT teams to ensure that security is factored into the evaluation selection installation and configuration of hardware applications and software · Lead investigations of any actual or potential information security violations and manage escalation of security events assist with related legal matters associated with such events as needed and make recommendations to correct or prevent future incidents · Monitor external threat environment for emerging threats and advise relevant stakeholders on appropriate courses of action · Provide regular reporting on current state of information security program to the CIO and other senior managers as appropriate · Establish metrics and reporting framework to measure the efficiency effectiveness and maturity level of the program · Liaise with relevant CPS business units such as Internal Audit Law Finance Safety & Security Risk Management HR teams and external agencies as needed to ensure that CPS maintains a strong security posture · Work with system administrators and application developers to audit monitor and validate their environments security including conducting gap analysis and other comprehensive internal assessments of existing systems to improve the security infrastructure and mitigate risks · Other duties as assigned In order to be successful and achieve the above responsibilities this position must possess the following qualifications Education Required · Bachelors degree from an accredited college or university in Computer Science Information Systems or other related field · Professional security management certification such as Certified Information Systems Security Professional CISSP or similar credentials preferred · Masters degree preferred Experience Required · Minimum of seven 7 years experience in the information technology field including a minimum of five 5 years in an information security role · Minimum of three 3 years experience in large >50000 users heterogeneous enterprise-level IT organization · Minimum of five 5 years of supervisory experience · Experience with contract and vendor negotiations · Experience designing and managing new and existing security systems Knowledge Skills and Abilities · Proven track record and ability to develop information security programs policies and procedures including successful implementations in large enterprise environments · High degree of initiative dependability experience managing multiple simultaneous and high-profile information security initiatives and responses · High level of personal integrity as well as the ability to professionally handle confidential matters and show an appropriate level of judgement and maturity · Strong knowledge of common information security management frameworks such as ISOIEC 27001 COBIT NIST CSA and deep knowledge and understanding of relevant legal and regulatory requirementsstandards including but not limited to Family Educational Rights and Privacy Act FERPA Health Insurance Portability and Accountability Act of 1996 HIPAA Childrens Online Privacy Protection Act COPPA Payment Card Industry Data Security Standard PCI DSS Illinois School Student Records Act ISSRA · Ability to advise infrastructure and applications staff in securing their respective environments · Exhibit strong written and verbal communication skills interpersonal and collaborative skills · Strong ability to convey security information to non-technical end-users in a way that inspires adoption and adherence to all IT and Board security policies and programs Conditions of Employment As a condition of employment with the Chicago Public Schools CPS employees are required to