This role requires extensive knowledge and experience with cyber security controls to reduce the impact of evolving cyber threats in the K-12 school board environment. Knowledge and experience with online privacy and cyber safety is also highly desirable.
Common framework, standards and policy(ies) provide a consistent, common mapping for all which will in turn provide a common means to demonstrate assurance/compliance and ability to defend against current and future cyber threats.
The resource is responsible for, but not limited to:
Contributing to a framework that is based primarily on NIST with considerations from other industry frameworks and standards such as SANS/CIS, COBIT, ISO, etc.
Developing standards for priority (cyber security, privacy protection and online safety) controls including documented guidance
Providing hands-on subject matter expertise and guidance to support adoption of the framework, standards and policy(ies)
Collaborating with other workstreams of the cyber protection strategy such as cyber security and privacy assessments to identify vulnerable areas
Presenting to various stakeholders, as needed.
Delivering on other duties as assigned.
Provide status and project status reports on all deliverables assigned.
5+ years’ experience mapping and adapting cyber security frameworks such as NIST, COBIT and ISO 27001 for adoption by an organization comparable in size and complexity to a school board.
5+ years’ experience integrating cyber security frameworks into an organization’s enterprise risk management practice and overall governance.
5+ years’ experience performing security analysis, developing and implementing cyber security policies, standards and guidelines, preferably for the public sector or broader public sector.
Demonstrated experience applying privacy frameworks such as the ISO/IEC 27701 is highly desirable.
Security certification is mandatory (Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM))