Jobs at JCCC - Details - Executive Director ITS/Chief Security Officer

Position:  Executive Director ITS/Chief Security Officer

Department: Finance & Administrative Services

Type of Position: Full-time Salaried

Exemption Status: Exempt

Work Schedule, Hours per week: Monday-Friday, 40 hours per week

Opportunity for hybrid schedule: Yes

Starting Salary Range:  $117,281-$156,647 and determined based on relevant years of work experience provided on application and resume.

Position Summary: The Executive Director, IT Security serves as JCCC’s senior information security leader, functioning as the institution’s de facto Chief Information Security Officer (CISO). Reporting to the Vice President of Information Services and Chief Information Officer (CIO), this position provides strategic direction and operational leadership for all aspects of information security, cybersecurity risk management, identity and access management (IAM), regulatory compliance, and emerging technology governance across the college.

The Executive Director develops and executes a comprehensive, risk-based security program that protects college data, systems, and infrastructure while enabling JCCC’s educational mission. This role leads a team of security and IAM professionals; oversees security governance, policy, and compliance; and collaborates broadly with academic, administrative, and technical stakeholders to build a culture of security awareness and resilience throughout the college. The position also provides counsel on the secure adoption of cloud, AI, and other emerging technologies in alignment with institutional priorities.

Required Qualifications:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Business Administration, or a closely related field.
• CISM required within 1 year of employment.
• Minimum of ten (10) years of progressive experience in information security, cybersecurity, risk management, identity and access management, or a closely related information technology discipline, including 5+ years in a senior leadership or management role with direct supervisory responsibility.
• Incumbent will be on-call and have extended work hours occasionally.
• Position will be Hybrid per policy.

Preferred Qualifications:

• Master’s degree in Information Technology, Cybersecurity, Business Administration, or a closely related field.
• Preferred candidates will hold additional certifications in information security, networking, or cloud platforms (e.g., CISSP, CISM, AWS, Google, Azure, Cisco)
• Experience leading information security programs in a higher education or public sector institution.
• Demonstrated experience implementing or managing enterprise IAM platforms (e.g., Microsoft Entra ID/Azure AD, Okta, SailPoint, Fischer Identity or equivalent).
• Demonstrated experience with cloud security architecture in hybrid or multi-cloud environments.
• Familiarity with ITIL or Agile service delivery frameworks and their application to security operations.
• Experience presenting to senior leadership, institutional governance bodies, or boards on cybersecurity risk and program performance.
• Active participation in professional security communities or information-sharing organizations (ISACA, (ISC)², EDUCAUSE, MS-ISAC, InfraGard, or equivalent).

Position details include but are not limited to:

• Strategic Security Leadership and Program Management:
  • Develop and evolve an institution-wide information security strategy and multi-year roadmap aligned with JCCC’s mission and FY2027 priorities.
  • Serve as the primary security advisor to the VP of Information Services/CIO and leadership, providing regular reporting on security posture and program effectiveness.
  • Establish and maintain a cybersecurity governance framework, including a security steering committee and risk tolerance guidelines.
  • Monitor the external threat landscape and evolving regulatory requirements to adapt the college’s security posture proactively.
  • Integrate AI and emerging technology governance into the security framework, establishing guardrails for institutional adoption.
• Identity and Access Management (IAM):
  • Lead the enterprise identity lifecycle program to ensure secure, scalable, and compliant access to institutional data and systems.
  • Oversee IAM/IDM solutions, including MFA, SSO, PAM, and enterprise directory services.
  • Collaborate with infrastructure and application teams to embed identity controls into system design and onboarding.
  • Enforce Role-Based Access Control (RBAC) frameworks aligned with data classification and the principle of least privilege.
  • Drive continuous IAM improvements to support cloud adoption and hybrid infrastructure. 
• Compliance, Governance, and Risk Management:
  • Ensure systems and vendor relationships comply with federal/state laws (FERPA, GLBA, PCI-DSS) and higher education requirements.
  • Lead the cybersecurity risk program, including regular assessments, vulnerability management, and audit coordination.
  • Maintain a current risk register and report mitigation progress and residual risk to leadership.
  • Serve as the primary contact for internal and external auditors, coordinating responses and tracking remediation of findings.
  • Champion program alignment with industry standards such as NIST CSF and ISO 27001/27002. 
• Incident Response and Business Continuity:
  • Lead the development and execution of the cybersecurity incident response plan, including communication protocols and escalation procedures.
  • Act as the primary coordinator for security incidents, overseeing investigation, containment, and recovery.
  • Oversee business continuity and disaster recovery planning for critical systems and information security.
  • Conduct after-action reviews to identify lessons learned and improve detection and response capabilities.
  • Maintain relationships with law enforcement and threat intelligence agencies (CISA, MS-ISAC) for incident coordination. 
• Security Awareness, Training, and Culture:
  • Design and evaluate security awareness programs for all faculty, staff, and students.
  • Develop role-based training for specific risk profiles, such as financial data handlers and IT administrators.
  • Use phishing simulations and completion rates to measure program effectiveness and guide improvements.
  • Promote a college-wide security culture through communications, recognition programs, and a security champion network 
• Policy Development and Implementation:
  • Develop and enforce a comprehensive suite of security policies, standards, and procedures for the college community.
  • Ensure policies are reviewed regularly for alignment with regulatory requirements and industry frameworks.
  • Coordinate communication and acknowledgment processes to ensure broad compliance and understanding across the institution. 
• Budget and Resource Management:
  • Manage the information security budget, ensuring resource allocation aligns with risk priorities and institutional goals.
  • Evaluate and oversee investments in security technologies, managed services, and vendor partnerships.
  • Negotiate contracts and manage vendor performance for all security-related tools and services. 
• Other duties as assigned 

To be considered for this position we will require an application, resume, and cover letter.

*Unofficial transcripts are required for all Adjunct faculty and Faculty positions.

Benefits Category

For Full‑time Employees:

• Health insurance with some employer paid options.
• Life insurance & AD&D (employer provided)
• Retirement plans (403(b), 457(b), and KPERS)
• Employer paid 8% contribution into a 403(b) no match required
• Paid time off (vacation, sick, personal, and floating holidays)
• 14 days of paid holidays
• Full tuition reduction for JCCC credit courses (for employee and eligible dependents)
• Tuition reimbursement / assistance for non‑JCCC courses for employee
• Free access to the Gym on campus for all employees and dependents
• Discount to the Hiersteiner Child Development Center
• And many more!

About JCCC:

Established in 1969, Johnson County Community College is dedicated to transforming lives and strengthening communities through learning. Located in Overland Park, Kansas, JCCC has enjoyed a national reputation for educational excellence and student success for more than 50 years. That's five decades dedicated to smaller class sizes, more resources and a thriving campus culture – not to mention our competitive tuition rates and extracurricular experiences that transcend the norm.

Mission: JCCC inspires learning to transform lives and strengthen communities.

Vision: JCCC will be an innovative leader in equitable student access, learning and success.

Equal Employment Opportunity:

JCCC is an equal opportunity employer and equal access institution. JCCC does not discriminate on the basis of sex, race, color, national origin, ancestry, disability, age, religion, marital status, parental status, military status, veteran status, sexual orientation, gender identity, genetic information or other factors that cannot be lawfully considered in its programs and activities, which includes employment and admissions, in accordance with Titles VI and VII of the Civil Rights Act of 1964, the Equal Pay Act of 1963, the Age Discrimination in Employment Act of 1967, the Age Discrimination Act of 1975, Executive Order 11246, Title IX of the Education Amendments of 1972, Section 503 and 504 of the Rehabilitation Act of 1973, the Americans with Disabilities Act, the Vietnam Era Veteran’s Readjustment Assistance Act, the Jobs for Veterans Act of 2002, the Kansas Acts Against Discrimination and all other applicable civil rights and nondiscrimination laws.

Inquiries concerning JCCC's compliance with its nondiscrimination policies (including Title IX, Title VI and Section 504 inquiries) may be referred to a Title IX Coordinator (TitleIX@jccc.edu), or Director of Human Resources, or the Dean of Students and Learner Engagement at Johnson County Community College, 12345 College Blvd, Overland Park, KS 66210, 913-469-8500; or to Office for Civil Rights, Kansas City Office, U.S. Department of Education, One Petticoat Lane, 1010 Walnut Street, Suite 320, Kansas City, MO 64106, Telephone: 816-268-0550, Facsimile: 816-268-0559, Email to: OCR.KansasCity@ed.gov.

Disclosure: 

If you need any assistance throughout the search process, please reach out to the HR@jccc.edu. In accordance with the college policy, finalists for this position will be subject to criminal background investigations. Individual hiring departments at JCCC may elect to administer pre-employment tests, which are relevant to essential job functions as part of the applicant selection/hiring process. Many departments require those selected for hire to submit a certified transcript for all degrees obtained. For full consideration, applicants are encouraged to apply prior to the review date listed in posting.

Duties and responsibilities, as required by business necessity, may be updated at any time at the discretion of management. Scheduling, shift assignments and work location may be changed at any time, as required by business necessity. Scheduling, shift assignments and work location may be changed at any time, as required by business necessity.

If you are an applicant requesting assistance or a reasonable accommodation in the application process, please contact the Office of Human Resources at 913-469-3877, or email HR@jccc.edu.