Director of Security Assurance

Position Details Position Information Posting date 05/20/2026 Closing date Open Until Filled Yes Position Number 1129554 Position Title Director of Security Assurance Hiring Range Minimum Please inquire Hiring Range Maximum Please inquire Union Type Not a Union Position SEIU Level Not an SEIU Position FLSA Status Exempt Employment Category Regular Full Time Scheduled Months per Year 12 Scheduled Hours per Week 40 Schedule Location of Position Hanover, NH Remote Work Eligibility? Hybrid Is this a term position? No If yes, length of term in months. NA Is this a grant funded position? No Position Purpose The Director of Security Assurance leads Dartmouth's cybersecurity governance, risk, and compliance functions within the Office of Information Security. The role establishes and maintains the institutional security policy framework, enterprise risk management program, third party risk oversight, awareness initiatives, and audit support processes, translating complex regulatory and research security requirements into actionable institutional standards. Operating in a decentralized academic environment with shared governance, the Director advises the CISO and senior leadership on institutional cyber risk posture, ensures compliance with applicable federal and state requirements, and partners across academic and administrative units to embed security and risk management practices that support Dartmouth's teaching, research, and clinical missions. Description Required Qualifications

• Education and Yrs Exp Bachelors plus 6 or more years' experience or combination of education and experience Required Qualifications
• Skills, Knowledge and Abilities Demonstrated commitment to a collaborative, mission driven environment, with a track record of building cross functional trust and enabling teaching, research, and clinical operations through effective security practices.

Minimum of 10 years of progressive professional experience in cybersecurity, including at least 5 years in governance, risk, and compliance leadership roles. Demonstrated experience designing, implementing, and maturing cybersecurity governance, risk, and compliance programs. Ability to conduct risk assessments, develop enforceable policies and standards, configure and optimize GRC platforms, and perform compliance gap analyses. Direct experience with at least two of the following regulatory or compliance frameworks:

NIST SP 800-171, CMMC, HIPAA, FERPA, GLBA

Safeguards Rule, PCI DSS, or ITAR and EAR . Demonstrated application of established security frameworks, such as

NIST CSF, NIST RMF, CIS

Controls, or ISO 27001, to structure and advance enterprise security programs. One or more current industry certifications, such as CISSP, CISM, CRISC, CGRC, or CISA, or equivalent credentials. Proven ability to communicate complex security and risk concepts effectively to executive leadership, faculty governance bodies, and technical stakeholders. Experience leading, hiring, mentoring, and developing cybersecurity or GRC professionals. Preferred Qualifications Master's degree in cybersecurity, information security, risk management, or a related field preferred. Experience in an R1 or R2 research university, academic medical center, or complex multi entity higher education environment. Experience supporting or managing controlled unclassified information environments, including Department of Defense funded research subject to NIST SP 800-171 or CMMC requirements. Experience operating effectively in decentralized organizations where influence, relationship building, and consensus development are critical to success. Experience assessing and governing security and privacy risks associated with artificial intelligence and machine learning systems, including generative AI adoption, data exposure risks, and institutional AI governance frameworks. Department Contact for Recruitment Inquiries Kyle Hastbacka Department Contact Phone Number Kyle.

M.Hastbacka@dartmouth.edu Department Contact for Cover Letter and Title Tom Nudd, Chief Information Security Officer Department Contact's Phone Number Equal Opportunity Employer Dartmouth College is an equal opportunity employer under federal law. We prohibit discrimination on the basis of race, color, religion, sex, age, national origin, sexual orientation, gender identity or expression, disability, veteran status, marital status, or any other legally protected status. Applications are welcome from all. Background Check Employment in this position is contingent upon consent to and successful completion of a pre-employment background check, which may include a criminal background check, reference checks, verification of work history, conduct review, and verification of any required academic credentials, licenses, and/or certifications, with results acceptable to Dartmouth College. A criminal conviction will not automatically disqualify an applicant from employment. Background check information will be used in a confidential, non-discriminatory manner consistent with state and federal law. Is driving a vehicle (e.g. Dartmouth vehicle or off road vehicle, rental car, personal car) an essential function of this job? Not an essential function Special Instructions to Applicants Dartmouth College has a Tobacco-Free Policy. Smoking and the use of tobacco-based products (including smokeless tobacco) are prohibited in all facilities, grounds, vehicles or other areas owned, operated or occupied by Dartmouth College with no exceptions. For details, please see our policy.

https:

//policies.dartmouth.edu/policy/tobacco-free-policy Additional Instructions Quick Link https://searchjobs.dartmouth.edu/postings/85759 Key Accountabilities Description Cybersecurity Policy and Standards

• Develops, implements, and maintains Dartmouth's cybersecurity policy framework, aligned with

NIST CSF

2.0 and CIS Controls v8, covering institutional systems, research computing, and cloud services in partnership with the CISO . Drafts and maintains enforceable standards, procedures, and guidelines that reflect Dartmouth's shared governance environment and distributed operational model. Manages the full policy lifecycle, including drafting, stakeholder consultation, governance review and approval, publication, version control, exception management, and periodic review. Translates regulatory and contractual obligations, including

FERPA, GLBA

Safeguards Rule, HIPAA, NIST SP 800-171 and CMMC, ITAR and

EAR, PCI

DSS, and

NH RSA 359-C

20, into clear, actionable institutional requirements. Percentage Of Time 20 Description Risk Management

• Designs, implements, and continuously improves the formal cybersecurity risk management program, including risk identification, assessment methodology, scoring, treatment planning, risk acceptance, and exception workflows.

Leads and facilitates risk assessments across institutional systems, research computing environments, cloud platforms, and third-party integrations. Maintains an enterprise cybersecurity risk register and presents risk posture and trends to the CISO and senior leadership, translating technical findings into institutional, financial, and mission impact for non-technical audiences, including the Board of Trustees. Percentage Of Time 20 Description Third Party Risk Management

• Develops and oversees a comprehensive third-party risk management program, including intake workflows, vendor tiering, security assessment criteria, and ongoing monitoring.

Evaluates vendors, SaaS providers, cloud services, and research collaborators for alignment with institutional security standards and regulatory requirements. Partners with Procurement, the Office of General Counsel, and Research Administration to integrate security review into contracting, vendor onboarding, and research partnership processes. Monitors and reports on aggregate third party risk exposure and prioritizes mitigation based on risk severity and concentration. Percentage Of Time 15 Description Cybersecurity Education and Awareness

• Designs and leads a comprehensive cybersecurity awareness and training program tailored to faculty, staff, students, and researchers, recognizing distinct risk profiles and operational realities.

Develops role based training curricula for high risk populations, including system administrators and personnel handling regulated or controlled unclassified information. Oversees phishing simulations, tabletop exercises, and targeted awareness initiatives aligned with current threat trends and institutional risk priorities. Establishes and tracks metrics to evaluate behavioral change, training effectiveness, and risk reduction. Percentage Of Time 15 Description Cybersecurity Metrics and Reporting

• Defines and maintains key performance and risk indicators that inform decision making at the CISO, CIO, executive leadership, and Board levels.

Develops dashboards and recurring reports that communicate program maturity, compliance posture, risk exposure, and operational effectiveness in clear, accessible language. Benchmarks institutional cybersecurity capabilities against higher education peers using available

EDUCAUSE, REN

• ISAC, and Ivy Plus cohort data. Percentage Of Time 15 Description Compliance and Audit Support
• Serves as the primary information security liaison for internal and external audits, compliance reviews, and regulatory inquiries.

Oversees control mapping, evidence collection, gap assessments, and remediation tracking across applicable regulatory frameworks. Partners with Research Administration to support compliance requirements for federally funded and export controlled research, including NIST SP 800-171, CMMC, and ITAR and EAR . Maintains audit ready documentation and ensures corrective actions are tracked through completion. Percentage Of Time 15

• Demonstrates professionalism and collegiality through actions, interactions, and communications with others appropriate to an environment that is welcoming to all.
• Performs other duties as assigned. Supplemental Questions Required fields are indicated with an asterisk (
• ).

• How did you learn about this employment opportunity?

Current Dartmouth employee (Please specify full name below) Word of mouth Mentioned on social, digital, or print media (e.g. LinkedIn feed, VOX, Valley News, listserv) jobs@dartmouth.edu email outreach (includes Job Alert notifications, marketing emails from Talent Acquisition) Recruiter (Please specify full name or event below) abilityJOBS Chronicle of Higher Education Glassdoor Handshake HigherEdJobs HigherEdMilitary Indeed Inside Higher Ed LinkedIn's Job Board RecruitMilitary Dartmouth's Job Board (searchjobs.dartmouth.edu) Other (Please specify below) If you would like to add more information to your answer, please specify here: (Open Ended Question) Documents Needed to Apply Required Documents Cover Letter Resume Optional Documents Curriculum Vitae Additional Document #1