Please Do Not Contact Departments Directly.
Submit letter of interest and resume to (unless otherwise noted).

RMU is an equal opportunity employer (see Legal Statements).

For More Information, Contact:

Human Resources
Main Campus
Revere Center
Upper Level
412-397-6270 phone
412-397-2555 fax

Director, Information Security
The Human Resources Department announces the position of Director, Information Security, reporting to the Vice President, Information Technology.


Responsibilities include: leading the development, implementation, testing, and maintenance of the Information Security Program (ISP) for the University, identifying and recommending best practices to mitigate information security risks, developing metrics to indicate RMU’s information risk position, and communicating those metrics; keep current on information security threats and risks, monitor security warning services, participate in the development of other information-related RMU policies, and serve as the contact point for internal and external security audits and investigations; Security awareness program; Incident management and forensics. Supportive functions of an ISO include: Network security, Access control, Authentication and authorization, and Identity management. Develop, implement, and maintain a comprehensive risk-based Information Security Program (ISP) that addresses information security, privacy, integrity, and availability and provides input into the university’s Enterprise Risk Management program; lead RMU’s Information Security Program (ISP) Committee; lead the development and enforcement of university-wide security policies; drive the development of plans, procedures, and metrics that support the ISP; communicate progress against plans and metrics; develop test plans for assessing the ISP and lead periodic testing and remediation; ensure an effective Business Continuity plan exists and is tested periodically; provide leadership and guidance in regard to security best practices for application development, access control, incident response, security awareness, governance, administration, and other related areas; provide or coordinate the information technology response to internal and external audits, including commercial partner security assessments; perform evaluations and provide guidance on commercial security products and services applicable to security plans, policies, and metrics; drive the implementation of the IT Infrastructure Library framework for IT services; lead support activities for internal and external security investigations; and perform any and all relevant duties of the position.
Minimum Qualifications:
  • Bachelor’s Degree or equivalent experience required.  Master’s Degree, CISSP (Certified Information Security Systems Professional), GIAC (Global Information Assurance Certification), or other industry certification preferred.
  • Minimum of 10 years of experience in security or security-related positions.
  • Proven ability to develop and maintain a risk-based information security program that addresses information security, privacy, integrity, and availability.
  • Practical experience in a technical security area such as security architecture, security operations, incident management, networking, etc.
  • Ability to develop plans and execute a complex effort involving the application of technical security solutions and security management best practices.
  • Strong interpersonal skills, including teamwork, facilitation, and negotiation.
  • Excellent analytical and technical skills.
  • Excellent planning and organizational skills.
Internal Application Deadline:  August 27, 2014
External Application Deadline:  Until Position Is Filled
Starting Date:  As Soon As Possible