Current Employees: If you are currently employed at any of the Universities of Wisconsin, log in to Workday to apply through the internal application process.

Position Title:

Director of Information Security

Job Category:

Limited

Employment Type:

Regular

Job Profile:

IT Director I (C)

Job Duties:

POSITION SUMMARY:

The Director of Information Security is a full-time leadership role jointly serving UW-River Falls and UW-Superior. This position develops and directs strategic plans for information technology security programs to ensure effective use of resources in delivering administrative, research, outreach, and instructional IT services. Under the general direction of the CIO at UW-River Falls, with input from UW-Superior’s CIO, the Director is responsible for implementing and managing comprehensive security initiatives, including policy development, regulatory compliance, risk mitigation, incident response, and business continuity. This role is expected to operate equally across both campuses, with on-site presence required for security incidents and key activities. While the position is split 50/50, UW-River Falls serves as the home campus, and its employment policies apply. Hybrid work flexibility is available, and occasional after-hours response may be required.

RESPONSIBILITIES:

• Develop and direct strategic IT planning initiatives for information security across UW-River Falls and UW-Superior, ensuring alignment with institutional goals and effective use of financial, administrative, and staffing resources

• Establish and maintain a framework for IT policy development that engages stakeholders and supports compliance with institutional, state, and federal regulations

• Exercises supervisory authority, including hiring, transferring, suspending, promoting, managing conduct and performance, discharging, assigning, rewarding, disciplining, and/or approving hours worked of at least 2.0 full-time equivalent (FTE) employees

• May develop and audit the unit budget and/or financials

• Serves as a liaison representing the interests of the unit to research, propose, and implement IT policies that address legal, regulatory, and operational needs, and communicate their impact to internal and external campus stakeholders

• Frequently assists the division's IT director in advising institutional or divisional leadership on information technology operations and business models

• Develop, maintain, and oversee the implementation of a comprehensive IT Security Plan that aligns with campus and Universities of Wisconsin strategic initiatives. This includes leading the dissemination of IT policies, consulting with departments to ensure compliance, and supporting mitigation efforts where needed to uphold institutional security standards and regulatory requirements.

• Define operational controls and benchmarks to measure and report compliance with internal and external IT security policies

• Monitor and address violations of IT security policies, providing metrics and support for audits, assessments, and compliance reviews

• Stay current on applicable laws and regulations (e.g., FERPA, HIPAA, GDPR, GLBA, PCI, WI Statute 134.98) and lead or assist in developing institutional compliance strategies

• Ensure PCI compliance in collaboration with campus business offices, participating in audits and reviews

• Develop and maintain an IT Security Plan aligned with campus and Universities of Wisconsin strategic initiatives

• Define technical security standards for campus IT systems and oversee their implementation and compliance.

• Create and manage a comprehensive IT security awareness and training program, including metrics for effectiveness and regulatory compliance.

• Implement risk assessment frameworks to guide leadership in evaluating and mitigating IT security risks.

• Develop, test, and maintain disaster recovery and business continuity plans, including periodic assessments and reporting.

• Participate in relevant working groups and committees to stay informed on best practices in IT security and continuity planning.

• Design and lead IT security incident response processes, including stakeholder engagement and team coordination.

• Detect and assess security incidents through monitoring, and coordinate response planning with system owners and subject matter experts.

• Execute incident response plans and communicate actions and outcomes to campus leadership.

• Coordinate responses to external information requests, including legal, law enforcement, and abuse-related inquiries.

Key Job Responsibilities:

• Develops operating policies and procedures to comply with regulations, institutional policies, and unit objectives

• Directs strategic information technology planning initiatives and establishes objectives for IT functional department(s), unit(s), or program(s) to ensure appropriate use of financial, administrative, staffing resources in alignment with the strategic plan

• May perform manager functions 

• Frequently assists the division's IT director in advising institutional or divisional leadership on information technology operations and business models

• May develop and audit the unit budget and/or financials

• Serves as a liaison representing the interests of the unit to internal and external stakeholders

• Exercises supervisory authority, including hiring, transferring, suspending, promoting, managing conduct and performance, discharging, assigning, rewarding, disciplining, and/or approving hours worked of at least 2.0 full-time equivalent (FTE) employees

Department:

Technology Services

Required Qualifications

• Must pass and maintain a Wisconsin DOJ CJIS fingerprinted background check within six months of hire.

• Bachelor’s degree in information security, computer science, MIS, business, or a related field.

• Minimum of 3 years of progressively responsible experience in IT policy, security, or governance, preferably in higher education.

• Strong knowledge of networking and security technologies (e.g., firewalls, VPNs, intrusion detection/prevention).

• Familiarity with security frameworks such as NIST, ISO/IEC 27001, InCommon Assurance, OWASP, and COBIT.

• Deep understanding of data and security regulations relevant to higher education, including FERPA, HIPAA, PCI, GLBA, GDPR, CJIS, and WI Statute 134.98.

• Experience leading Information Security Incident Response Teams and coordinating multi-disciplinary responses.

• Ability to collaborate with IT and OT teams across campuses, providing governance and setting strategic priorities.

• Skilled in leading audit and compliance teams, ensuring coordinated and risk-aware responses.

• Proficient in implementing organizational change using IT project management principles.

• Strong leadership in forming and guiding cross-functional teams through process and organizational change.

• Ability to build effective partnerships across diverse departments and business units.

• Capable of articulating strategy and presenting plans to executive leadership.

• Effective in managing competing priorities and maintaining focus under pressure.

• Self-directed with the ability to balance priorities across two institutions, reduce redundancy, and report activities clearly.

• Up-to-date knowledge of current information security risks and threats in higher education. 

Preferred Qualifications:

• Five or more years of progressive experience in IT policy, security, or governance, ideally in higher education.

• Information security certification preferred (e.g., CISSP, CISM, GSEC).

• Hands-on technical background in software development, system administration, or network management.

• Experience in organizational management and business analysis, including financial and HR decision-making.

• Direct experience with compliance and policy related to FERPA, HIPAA, PCI, GLBA, and similar regulations.

• Proven ability to conduct independent technical investigations and produce detailed reports and presentations.

• Familiarity with Wisconsin Open Records law and coordination with legal counsel on subpoenas and data requests.

• Knowledge of system logging, monitoring tools, and dashboard/report development for various audiences.

• Strong understanding of disaster recovery, business continuity, and preparedness strategies.

• Experience with IT governance and service management frameworks such as MOF or ITILv3.

How to Apply:

Applicants are required to apply online. UWRF will not consider paper, emailed or faxed applications.  Applicants are required to provide:

• Resume

• Letter of interest specifying qualifications and experience (cover letter)

Initial review of applications will begin upon receipt. For full consideration, applicants should submit all required materials on or before November 2, 2025. 

Employees receive excellent benefits including exceptionally low-cost comprehensive health, dental and vision benefits; employer match of Wisconsin Retirement System contributions of 6.95%; an attractive amount of paid leave per year in addition to paid sick leave. To learn more about our benefits, go to:
https://www.wisconsin.edu/ohrwd/benefits/download/quickguidefasl.pdf

UW-River Falls does not offer H-1B or other work authorization visa sponsorship for this position. Candidates must be legally authorized to work in the United States at the time of hire and maintain work authorization throughout the employment term. If you have questions regarding this, please contact Human Resources at 715-425-4941.

Contact Information:

Inquiries should be addressed to:
James Williams

Search Chair

​james.williams@uwrf.edu

Confidentiality of Applicant Materials

The Universities of Wisconsin will not reveal the identities of applicants who request confidentiality in writing, except that the identity of the final candidates may be released. See Wis. Stat. sec. 19.36(7). 

Title IX Notice 

As required by Title IX and federal regulations, UW-River Falls does not discriminate on the basis of sex in its education programs or activities, including in admission and employment. Questions about the application of Title IX may be referred to UWRF’s Title IX Coordinator at titleix@uwrf.edu; the Department of Education’s Office for Civil Rights; or both. For more information, please see uwrf.edu/titleIX. 

Criminal Background Check and Reference Check Policy 

Employment will require a criminal background check. It will also require you, your most recent employer, and all previous Universities of Wisconsin institutions and State of Wisconsin agency employers from the past seven (7) years to answer questions regarding sexual violence and sexual harassment per Universities of Wisconsin Administrative Policy 1275. 

Annual Security and Fire Safety Report (Clery Act)

The Annual Security and Fire Safety Report, which includes statistics about reported crimes and information about campus security policies can be viewed at https://www.uwrf.edu/Police/Annual-Security-Report.cfm or call University Police at 715-425-3133 for a paper copy. 

Reasonable Accommodations 

UW-River Falls provides reasonable accommodations for applicants and employees with disabilities. Employment opportunities will not be denied because of the need to make reasonable accommodations for a qualified individual with a disability. If you need assistance or an accommodation in applying because of a disability, contact hr@uwrf.edu or 715-425-3518. 

Academic Freedom & Freedom of Expression 

The University is committed to academic freedom and freedom of expression, and provides all members of the University community the broadest possible latitude to explore ideas and to speak, write, listen, challenge and learn, pursuant to Regent Policy Document 4-21 Commitment to Academic Freedom and Freedom of Expression.

UW is an Equal Opportunity Employer
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, disability, status as a protected veteran, or any other bases protected by applicable federal or State law and UW System policies. We are committed to building a workforce that represents a variety of backgrounds, perspectives, and skills, and encourage all qualified individuals to apply.