Description:
Milton Hershey School (MHS) plays a special role in the lives of our students—far different from that of any other pre-K through 12th-grade school in the world. When chocolatier Milton S. Hershey and his wife, Catherine, founded the school in 1909, they did so with the intention of giving children with less more—more hands-on learning, more access to daily needs, and more opportunities to enrich their lives. More than a century later, the school has graduated almost 12,000 students.
MHS is one of the world’s best private schools, where students from qualifying families looking for greater opportunity can explore their individual interests to the fullest—with all costs covered. From our career-focused education to character and leadership development, we nurture students from lower-income backgrounds to prepare them to enter the world equipped to thrive as self-sufficient adults.
MHS is seeking a full-time on-site Director, Information Security. This position reports to the Associate Sr. Director IT, and is responsible for the design, implementation, management, and oversight of the organization's information security practices as defined within the MHS Cyber-Security Framework. The Information Security team oversees several key security programs which include:
- Security Awareness – (ex: Annual and supplemental student and employee Training, Phishing Competitions, and ongoing programs, etc.)
- Security Incident Response and Investigations (ex: Breaches, Disclosures, Staff and Student technology investigations, Litigation Hold eDiscovery, etc.)
- Vulnerability Management and Remediation (ex: Vuln. Scanning, analysis, and closure, annual Penetration Test engagements and remediation)
- Security Risk Management (ex: Disaster Recovery, Business Continuity Planning, Enterprise Risk Management, Assessments, etc.)
- Technical and Administrative Security Controls (Device and System Baseline hardening, Ongoing MDM controls, Internal and Organizational Security Policies, etc.)
- Governance and Compliance (ex: Data Destruction, Application, Hardware, and Account Lifecycles, etc.)
The starting compensation range for this position is $128k - $171k plus a competitive benefits package. This is an on-site position in Hershey, PA.
Responsibilities:
- Collaborate with senior IT management to create and implement an overall strategic vision for Information Security.
- Serve as the lead for information security incident response planning, management, and tracking which also includes all technology related investigations.
- Maintain and enhance the MHS enterprise information security stance through policy, architecture, technical controls, training, and awareness. Collaboration on and recommendations of appropriate security solutions to protect the organization.
- Collaborate with other areas within the IT department as well as with leaders throughout the MHS community to share the organization’s security vision and to solicit their involvement in achieving higher levels of enterprise security.
- Serves as the school’s HIPAA Security Officer and work with the HIPAA Privacy Officers and HIPAA Committee to ensure ongoing management of information security policies, procedures, and technical systems for all healthcare information systems to maintain the confidentiality, integrity, and availability of all organizational Protected Health Information (PHI).
- Supervise the Information Security team and 3rd party contractors.
- Ensure all work, both operational and project work, is prioritized and completed in an organized, professional, and timely manner.
- Ensure the team communicates and collaborates effectively within other areas of the IT department, and across the school.
- Ensure proactive monitoring of existing systems to identify and resolve security issues and concerns