Director, Information Security

Milton Hershey School (MHS) plays a special role in the lives of our studentsfar different from that of any other pre-K through 12th-grade school in the world. When chocolatier Milton S. Hershey and his wife, Catherine, founded the school in 1909, they did so with the intention of giving children with less moremore hands-on learning, more access to daily needs, and more opportunities to enrich their lives. More than a century later, the school has graduated almost 12,000 students.

MHS is one of the world’s best private schools, where students from qualifying families looking for greater opportunity can explore their individual interests to the fullestwith all costs covered. From our career-focused education to character and leadership development, we nurture students from lower-income backgrounds to prepare them to enter the world equipped to thrive as self-sufficient adults.

MHS is seeking a full-time on-siteDirector, Information Security. This position reports to the Associate Sr. Director IT, and is responsible for the design, implementation, management, and oversight of the organization's information security practicesas defined within the MHS Cyber-Security Framework.The Information Security team overseesseveral key security programs which include:

• Security Awareness – (ex: Annual and supplemental student and employee Training, PhishingCompetitions, and ongoing programs, etc.)
• Security Incident Response and Investigations (ex: Breaches, Disclosures, Staff and Student technology investigations, Litigation Hold eDiscovery, etc.)
• Vulnerability Management and Remediation (ex: Vuln. Scanning, analysis, and closure, annual Penetration Test engagements and remediation)
• Security Risk Management (ex: Disaster Recovery, Business Continuity Planning, Enterprise Risk Management, Assessments, etc.)
• Technical and Administrative Security Controls (Device and System Baseline hardening, Ongoing MDM controls, Internal and Organizational Security Policies, etc.)
• Governance and Compliance (ex: Data Destruction, Application, Hardware, and Account Lifecycles, etc.)

The starting compensation range for this position is $128k- $171k plus a competitive benefits package.This is an on-site position in Hershey, PA.

Responsibilities:

• Collaborate with senior IT management to create and implement an overall strategic vision for Information Security.
• Serve as the lead for information security incident response planning, management, and tracking which also includes all technology related investigations.
• Maintain and enhance the MHS enterprise information security stance through policy, architecture, technical controls, training, and awareness. Collaboration on and recommendations of appropriate security solutions to protect the organization.
• Collaborate with other areas within the IT department as well as with leaders throughout the MHS community to share the organization’s security vision and to solicit their involvement in achieving higher levels of enterprise security.
• Serves as the school’s HIPAA Security Officer and work with the HIPAA Privacy Officers and HIPAA Committee to ensure ongoing management of information security policies, procedures, and technical systems for all healthcare information systems tomaintain the confidentiality, integrity, and availability of all organizational Protected Health Information (PHI).
• Supervise the Information Security team and 3rd party contractors.
• Ensure all work, both operational and project work, is prioritized and completed in an organized, professional, and timelymanner.
• Ensurethe team communicatesand collaborates effectivelywithin other areas of the IT department, and across the school.
• Ensure proactive monitoringof existing systems to identify and resolve security issues and concerns in an efficient and professional manner.
• Ensure preventative maintenance is being performed on existing systems to remediate security concerns.
• Ensure approved technology solutions are designed and implemented in a professional, secure, and timely manner.
• Assist with the design and implementation of application, system, and infrastructure technology to ensure security controls are in place with the rollout of new, or upgrades to existing, technology.
• Maintain all required service and support contracts.
• Create and maintainaccurateinformation security systems and policies documentation.
• MHS is a 24x7x365 campus which requires after-hours support for critical systems and security incidents. This position ensuresappropriate levels of support are provided by the team to respond in a timely manner.
• Assists with annual operating and capital budget planning for systems, services, and projects within the Information Security team.