Director Applications & System Security
Reporting to the Senior Director of DevOps Planning, the Director of Application and System Security is responsible for shaping and implementing the security strategy for applications and systems, both on-premises and in the Cloud.
This position ensures that security principles are integrated into the configuration of systems and the development and deployment of web applications across all stages. Additionally, this position collaborates closely with application and engineering teams to proactively address current and potential security threats and oversees the University’s system configuration management, maintains a secure Software Development Life Cycle (SDLC) program, and conducts regular audits, assessments, penetration tests, and vulnerability scans of systems and applications.
This position may require occasional evening, weekend, and holiday hours.
Essential Functions
Formulates, defines, and executes application and system security strategies aimed at enhancing the adoption of new technologies and assesses the effects of these technologies on intended audiences through comprehensive impact analysis.
Manages the overall system configuration to ensure security and compliance, and ensures security is a core component in system configurations and the development/deployment process of web applications at all phases.
Oversees the security aspects of running systems and applications in both Cloud and On-Prem environments.
Partners with application and engineering teams to safeguard against existing and emerging security threats.
Implements vulnerability scanning of applications to detect potential security issues and leads penetration testing initiatives to identify vulnerabilities.
Crafts communications strategies by developing key messaging elements and channels, establishing timelines for agreed-upon actions, and overseeing the execution of the strategy.
Is responsible for a secure Software Development Life Cycle (SDLC) program.
Performs periodic audits and assessments for system and application security.
Negotiates with vendors, partners, and internal departments to achieve optimal security outcomes.
Essential Functions Note
This list is not intended to be an exhaustive list.
The University may assign additional related duties as necessary.
Management Responsibilities
Guides work of other employees who perform essentially the same work and/or student workers. Organizes, sets priorities, schedules and reviews work, but is generally not responsible for final decisions in hiring, performance management or compensation.
Additional Functions
Formulates training strategies through the assessment of available materials, development of training plans, selection of appropriate delivery methods, and management of related risks and issues.