IT Security Program Manager

Position Type:
Admin Professional Technical/IT Security Program Manager

Date Posted:
4/11/2025

Location:
Education Service Center

Date Available:
07/01/2025

Closing Date:
04/25/2025Position Purpose:
The IT Security Program Manager protects the district's digital ecosystem by running a comprehensive IT security program that safeguards application, data, infrastructure, and operations. This role drives the development and execution of security strategies that support the district's educational and operational goals while ensuring compliance with privacy and regulatory standards. It spearheads activities such as incident response, training & awareness, and security assessment and reviews. Acting as a strategic advisor and collaborator, the position ensures cybersecurity efforts are aligned with the district's mission and emerging technology climate.

Essential Duties:

• Manage a comprehensive cybersecurity program that guides the definition of objectives, scope, timelines, and deliverables; ensure alignment with district goals, risk tolerance, and compliance requirements.
• Coordinate and execute the response and remediation to cybersecurity tickets, ensuring timely investigation, resolution, and collaboration across teams to address incidents, risks, and service-related issues.
• Coordinate with IT and Risk Management to identify, assess, and mitigate security related technology and data risks. Implement proactive strategies to safeguard application, data, and technology infrastructure systems.
• Develop, evaluate, and help enforce comprehensive policies and communication frameworks that support data privacy and confidentiality, technology security, and system availability.
• Develop and maintain incident response plans. Lead response and recovery efforts during cyber incidents. Ensure continuity planning supports ongoing learning and operations during disruptions.
• Ensure adherence to IT security and data related laws, frameworks, and industry standards (e.g., NIST, FERPA). Coordinate and respond to internal and external audits and ensure continuous improvements based on findings. Support cyber insurance and reporting requirements.
• Develop and maintain processes to ensure student and district data privacy. Review new tools for compliance with privacy policies and publish vendor privacy practices for transparency.
• Partner with IT teams on the implementation, operation, and maintenance of IT based security technologies (e.g., firewalls, endpoint protection, and backup systems). Ensure solutions are secure, updated, and meet district standards.
• Manage expectations and compliance of all third-party vendors. Regularly evaluate partner practices, ensure contractual obligations around data protection, technology standards, and maintain transparency with stakeholders.
• Serve as the primary escalation point for cybersecurity incident escalation and operational coordination, ensuring timely communication with leadership, regulatory bodies, and stakeholders. Lead cross-functional efforts in incident response, risk assessment, and process optimization while fostering collaborative relationships across internal teams and external partners.
• Lead security awareness programs for staff, students, and stakeholders. Foster a security-first culture by educating the organization on best practices and evaluating training effectiveness.
• Lead the virtual cybersecurity team and other supporting personnel. Promote a collaborative and accountable team culture, ensuring expertise is leveraged across functional areas to support IT security goals.
• Research and recommend program budget needs. Monitor expenditures and report program investments to district leadership.
• Perform other duties as assigned or requested.

Knowledge, Skills, and Abilities:

• Knowledge of and applicable experience with ITIL practices.
• Strong, modern, and applicable experience implementing industry standard cybersecurity controls, best practices, and frameworks (e.g. NIST).
• In-depth knowledge of regulatory compliance such as FERPA, COPPA, CIPA and other relevant state and federal statutes regarding cybersecurity, safety, and data privacy.
• Skilled in drafting strategic documents, policies, and procedures aligned with district objectives and IT security needs.
• Working experience using enterprise cybersecurity technologies; SIEM's, forensic tools, firewalls, and monitoring systems.
• Demonstrated experience performing cybersecurity analysis, risk assessments, and leading incident responses.
• Advanced abilities troubleshooting and resolving complex issues.
• Able to respond to urgent calls for emergencies and lead incident response 24/7 when needed.

Education:

• Bachelor's Degree or higher in a technology field or comparable progressive experience, preferably in cybersecurity or IT positions involving IT security.
• Relevant Professional/Technical Certifications (e.g. Security+, CISM, CISSP, and/or product security specific certifications such as AWS, Cisco, Microsoft, or Google).

Experience:

• Five years' experience as an IT security engineer or similar capacity.
• Demonstrated leadership of IT teams, preferably within a security-focused IT environment.

This is an exempt, year round position. 253 contract days.
Salary Range: minimum $88,878 to midpoint $108,107