Find The RightJob.

Director of Information Security

The Director of Information Security leads and manages the University’s information security program across academic, administrative, and clinical IT environments. This role combines strategic leadership with hands-on execution, overseeing governance, risk management, security architecture, threat detection and response, and regulatory alignment (e.g., FERPA, GLBA, PCI DSS) while collaborating broadly across the University of New England.

UNE’s HIPAA Compliance Officer oversees privacy compliance and breach reporting for clinical operations. The Director of Information Security ensures IT systems and processes meet required security standards to support HIPAA and HITECH compliance.

This in-person position is based on the University of New England’s Portland, Maine campus and reports to ITS leadership. The Director partners closely with ITS, Research/IRB, Compliance & Privacy, Legal, HR, Finance, Academic and Student Affairs, Clinical Affairs/Health Services, Advancement, Risk, and external agencies and consortia (e.g., REN-ISAC/H-ISAC, law enforcement, regulators) to safeguard institutional data, systems, and institutional trust.

About the University of New England
UNE is Maine’s largest private university, with two beautiful coastal campuses in Maine, a one-of-a-kind study-abroad campus in Tangier, Morocco, and an array of flexible online offerings. In an uncommonly welcoming and supportive community, we offer hands-on learning, empowering students to positively impact a world full of challenges. We are the state’s top provider of health professionals and home to Maine’s only medical and dental colleges, a variety of other interprofessionally aligned health care programs, and nationally recognized programs in the marine sciences, the natural and social sciences, business, the humanities, and the arts.

Benefits Overview

Multiple health and dental plan options, plus vision coverage.
Up to 8% retirement plan match.
Generous leave time, including vacation, sick, and personal time, and 12+ holidays per year.
Educational benefits:
- UNE tuition waiver for employees, spouses, and domestic partners.
- UNE tuition waiver for dependents of employees with 1 year of full-time service.
  - 50% tuition reduction if less than 1 year of full-time service.

For more information about our outstanding benefits, please visit: UNE Benefits Overview

Responsibilities

Strategy, Governance and Policy

Define and maintain UNE’s information security strategy, roadmap, and governance model aligned to NIST CSF/800-53 and higher-education best practices.
Develop university-wide security policies, standards, and procedures; ensure alignment with existing acceptable use and data handling and classification guidance.
Advise the VP/CIO and institutional leadership on information security risk posture, investment priorities, and incident trends.

Information Security Risk Management and Compliance

Lead the enterprise information security risk register, control assessments, and remediation plans; oversee third-party and vendor security reviews for IT purchases and research and clinical tools.
Ensure IT security controls align with FERPA, HIPAA and HITECH technical safeguards, GLBA, PCI DSS, and UNE policies, partner with the HIPAA Compliance Officer for audits and incident coordination.
Prepare for and support internal and external audits; manage corrective actions and attestations related to IT security.

Security Architecture and Engineering (Hands-On)

Design and implement security controls across on-prem, cloud (e.g. Microsoft 365/Azure, Box), and clinical IT systems; develop secure patterns for IAM, PAM, segmentation, encryption, logging, and backup and disaster recovery.
Operate or co-operate key platforms (e.g. SIEM, EDR/XDR, email security, WAF, CASB, vulnerability management, code scanning), including rule tuning, integrations, and automation and runbooks.

Threat Detection, Incident Response and Forensics (Hands-On)

Stand up and run day-to-day monitoring, alert triage, and incident response, lead investigations, forensics, containment, recovery, and post-incident reviews.
Serve as UNE’s primary security contact for external agencies (for example, state AG, FBI/InfraGard) and sector ISACs, coordinate breach notifications for IT security incidents in partnership with Compliance.

Data Protection and Privacy (IT Scope Only)

Implement technical safeguards for regulated data; confirm IT practices support institutional obligations under HIPAA and HITECH, FERPA, and other frameworks.
Collaborate with Privacy and Compliance teams to embed security controls in academic systems, research, and clinical IT systems.

Awareness, Training and Culture

Build and deliver targeted security awareness programs for faculty, clinicians, researchers, staff, and students; measure and improve behavior change (for example, phishing resilience campaigns).
Provide security onboarding for new systems and projects; publish concise playbooks and guidance aligned with UNE policies.

Collaboration and Stakeholder Engagement

Maintain deep, proactive partnerships with ITS engineering and operations, Research, Clinical Affairs and Health Services, Compliance and Privacy, Legal, HR, Finance, Advancement, and Budget and Planning.
Participate in academic governance and research data committees; support grant and data-use reviews; advise on technology acquisitions and integrations.

Liaison Responsibilities, Proactive Planning, and Cross ITS Collaboration

Serve as a primary ITS liaison to colleges and administrative units for security-related technology initiatives.
Assist institutional partners with proactive planning, including development of realistic timelines, dependencies, and coordination of delivery across teams.
Promote a culture of partnership between ITS and business units, ensuring that security considerations are co-designed with end users and stakeholders.
Provide clear, concise, and regular updates to leadership and governance groups regarding security program status, risks, issues, and decision needs.

Strategy, Governance, and Continuous Improvement

Partner with ITS leadership to develop multi-year security roadmaps and annual plans that align with institutional strategy.
Support technology and data governance processes, including prioritization, information security risk management, and investment decisions related to security.
Establish and track key performance indicators for security operations, vendor performance, incident response effectiveness, and training impact using pragmatic and sustainable approaches.
Identify opportunities to streamline processes, reduce duplication, and improve the overall experience of technology services and security delivery.

People Leadership and Team Development

Lead and mentor a future information security team that may include analysts, engineers, and specialists.
Set clear performance expectations, provide regular feedback, and support professional growth and development.
Promote an inclusive, collaborative, and outcomes-focused culture within the team and across ITS.
Champion modern practices in cybersecurity operations, information security risk management, and continuous learning.

Additional Responsibilities

Participate in special projects and perform other duties as assigned.

Supervision Exercised:

The Director leads a team that may include IAM specialists, threat analysts, and security engineers. The Director is responsible for setting clear performance expectations, developing and leading operational processes and procedures, delegating responsibilities appropriately, and supporting professional growth and development. The size and composition of the team will be determined based on institutional needs, portfolio requirements, and strategic priorities.

Qualifications

Bachelor’s in Cybersecurity, Computer Science, Information Systems, Business Administration or related field.

5+ years in information security with progressive responsibility; 3+ years in a leadership or architect role. Direct experience in higher education and/or healthcare IT strongly preferred.
Demonstrated hands-on expertise with SIEM/EDR, IAM/PAM, vulnerability management, cloud security (Microsoft 365/Azure, Box), network security, scripting and automation, and incident forensics.
Regulatory frameworks (FERPA, HIPAA technical safeguards, GLBA, PCI DSS), NIST CSF/800-53, risk management, secure architecture.
Executive communication, stakeholder influence, vendor management, policy writing, clear documentation, and ability to operate independently while building future capability.

Preferred Qualifications

Master’s Degree in Cybersecurity, Computer Science, Information Systems, Business, or related field.
CISSP, CISM, CRISC, CCSP; HCISPP or equivalent healthcare security credential or certifications.
Experience in higher education or a similarly complex, mission driven organization.
Experience standing up or maturing an information security office or information security management function.
Experience with information security tools and platforms and with service management practices.

EEO Statement Summary

Consistent with federal and state law and University policy, the University of New England is committed to the fundamental concept of equal opportunity for all of the members of the University community. The University prohibits, and will not tolerate, discrimination in employment, the provision of academic services or in any other area of University life based on race, color, sex, physical or mental disability, religion, age, ancestry, national origin, sexual orientation, gender identity and/or expression, ethnicity, genetic information, HIV status, or status as a veteran. Prohibited bias factors should not motivate decisions regarding students, employees, applicants for admission, applicants for employment, contractors, volunteers or participants in and/or users of institutional programs, services, and activities.

COVID Vaccination Statement (PLEASE NOTE)

Employees in clinical settings must meet the State of Maine’s immunization requirements for clinical activity.

Additional Note

This position is not eligible for H-1B visa sponsorship.

Similar jobs