Director I, Security Operations

Salary: $66,619.00 - $113,253.00 Annually Location : La Plata, MD Job Type: Full-Time Job Number: FY26-65 CSM Department: Information Management and Technology Division CSM Division: Information Management Team Opening Date: 02/23/2026 Position Summary Located 45 minutes from the Nation's Capital, nestled in a history-rich community of southern Maryland, The College of Southern Maryland (CSM) is a two-time Aspen Award-winning institution (top 15% of Community Colleges) with academic programs in over 100 disciplines. CSM is among America's top 100 producers of Minority Associate Degrees in twenty categories, according to Diverse Issues in Higher Education. CSM offers excellent health insurance benefits; State Retirement Pension plan; wellness programs; Code Green early closure Fridays in the summer; college closure for spring break and several major holidays, including the week between Christmas and New Year; and for several days in March for Spring Break. We are an innovative institution committed to student success and well known for our flexibility to meet student and community needs. The Security Operations Director (SecOps Director) is a critical leadership role within the IMT Division responsible for the day-to-day operation, maturation, and continuous improvement of the College's cybersecurity program. This position blends hands-on technical expertise with programmatic oversight to ensure the confidentiality, integrity, and availability of institutional information assets, technology services, and data entrusted to the College of Southern Maryland (CSM). The SecOps Director establishes and leads a campus-wide Security Operations Center (SOC) function, oversees real-time monitoring, incident response, vulnerability management, and threat intelligence, and drives strategic initiatives aligned to the NIST Cybersecurity Framework, NIST 800-171, FERPA, GLBA, and other relevant regulations. This individual collaborates with IT leadership, academic and administrative units, and external partners to reduce risk, develop policies, manage security technologies, and promote a culture of cybersecurity awareness across the institution. Reports to: Deputy Chief Information Officer (DCIO)The hiring salary for this position will be from the min to mid-point of the salary range advertised. This position is open until filled. Specific Duties and Responsibilities25%Security Operations & SOC Management Design, implement, and manage a 24 × 7 security monitoring capability (internal or managed service). Administer and optimize SIEM, EDR, IDS/IPS, firewalls, and log-aggregation platforms. Assist with the development, maintenance, and enforcement of security operating procedures (SOPs), runbooks, and escalation workflows. 20%Incident Response & Digital Forensics Serve as the Incident Commander for cybersecurity events, coordinating containment, eradication, and recovery. Conduct post-incident reviews and root-cause analyses; recommend and track remediation activities. Maintain and routinely test the Cybersecurity Incident Response Plan and its integration with Business Continuity/Disaster Recovery plans. 15%Threat Intelligence & Monitoring Collect, analyze, and operationalize threat intelligence relevant to higher education from MS-ISAC, REN-ISAC, CISA, and commercial feeds. Perform proactive threat hunting and coordinate purple-team exercises to validate controls. Correlate intelligence with internal telemetry to identify and mitigate emerging threats. 10%Vulnerability & Configuration Management Manage enterprise vulnerability scanning, penetration tests, and remediation tracking. Oversee secure configuration baselines using CIS Benchmarks and ensure adherence through continuous monitoring. Evaluate patch management effectiveness and manage risk-exception processes. 10%Governance, Risk & Compliance (GRC) Align security operations with NIST CSF, NIST 800-171, GLBA, FERPA, PCI-DSS, and state regulations. Contribute to annual risk assessments, audits, and security metrics; report on program maturity and gaps. Maintain evidence repositories and support external audit and accreditation activities. 5%Security Architecture & Technology Evaluation Assess emerging security technologies and recommend solutions to enhance the College's security posture. Lead proofs-of-concept, integrations, and lifecycle management for new security tools. 5%Security Awareness & Training Coordinate campus-wide security awareness campaigns and phishing simulations. Deliver targeted training to IT staff, faculty researchers, and executive leadership. 5%Vendor & Third-Party Risk Management Evaluate security controls of vendors, cloud services, and research partners. Enforce contractual security requirements and review SOC 2, ISO 27001, and penetration-test reports. 5%Program Management, Budgeting, Documentation & Reporting Develop and manage the annual security operations budget. Track software licenses, maintenance contracts, and renewal schedules for security tools. Prepare executive reports, board briefings, and compliance submissions. Maintain detailed incident logs, investigative evidence, and knowledge-base articles. Additional Duties: Performs other related duties as assigned. Minimum Education and TrainingRequired Education and Experience: Five (5)+ years of progressive experience in security operations, incident response, or SOC management; three (3)+ years in a supervisory or lead role. Demonstrated experience deploying and managing SIEM, EDR, IDS/IPS, firewalls, and cloud-security controls (e.g., Microsoft 365/Azure Security Center, AWS Security Hub). Hands-on experience with log analysis, scripting (PowerShell, Python, Bash), packet capture, and forensic tooling. Experience interpreting and implementing NIST CSF/800-171, FERPA, GLBA, and/or PCI-DSS controls. Proven ability to develop policies, procedures, and security awareness programs. Preferred Education and Experience: Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related field preferred. Master's degree in Cybersecurity, Information Assurance, or Technology Management. Higher education or public-sector experience with research data protections (e.g., CUI, ITAR). Experience integrating security controls into DevOps or cloud-native environments. Licenses, Certifications, or Additional Requirements: CISSP, CISM, GIAC-certified (e.g., GCIH, GCIA, GCFA), or equivalent (preferred). ITIL Foundations or PMP for program/process management is a plus. Minimum Qualifications and Standards RequiredKnowledge, Skills, and Abilities: Deep knowledge of security operations frameworks, incident handling methodologies, and forensic techniques. Proficiency with SIEM platforms (Splunk, Sentinel, LogRhythm, etc.), EDR suites (CrowdStrike, Defender), and network security tools. Familiarity with cloud-security architectures (Azure, AWS, Google) and Kubernetes/Container security. Ability to conduct risk assessments, develop mitigation strategies, and present technical concepts to non-technical stakeholders. Strong leadership, team-building, and mentoring abilities; adept at managing cross-functional incident response teams. Excellent written and oral communication, analytical, and customer-service skills. Ability to plan and execute multiple, complex projects concurrently and adapt quickly to changing threat landscapes. PHYSICAL DEMANDS: The work is medium work which requires exerting up to 50 pounds of force occasionally, and/or up to 30 pounds of force frequently, and/or up to 10 pounds of force constantly to move objects. WORK ENVIRONMENT Standard office environment with occasional data-center access and limited travel (conferences, training). Availability to work outside normal business hours, including on-call rotations and emergency incident response. General Employment Information The College of Southern Maryland is an Equal Opportunity Employer. Background Checks The College of Southern Maryland conducts background checks in order to ensure the safety and well-being of the College's staff and students. The final candidate for this position will be subject to the following background checks: Criminal History Check and Sex Offender Registry Check. Conflict of Interest policy No College of Southern Maryland employee shall engage in or have a financial interest, directly or indirectly, in any activity that conflicts or raises a reasonable question of conflict with his or her duties and responsibilities. CSM Employees shall not at any time engage in any outside employment or independent consulting that would adversely affect their employment status or performance as employees at the college, create a conflict of interest, or, with the exception of constitutionally protected activities, would compromise or embarrass the college, or adversely affect professional standing. Any full-time college employee who also holds a full-time position or its equivalent in consulting elsewhere (whether permanent or seasonal) will be deemed to have a conflict of interest and will be asked to resign from one of the full-time positions. Full-time employees must promptly disclose in writing, on a form available from the Human Resources Office, to the college all other full-time employment or its equivalent in independent consulting. Employment Frequently Asked Questions Click here to find our frequently asked questions: Keep growing in your career at the College of Southern Maryland. CSM offers great benefits, beautiful campuses and a challenging environment. Check out why our employees give high marks to our benefits program 01 Please describe your experience leading a Security Operations Center (SOC) or similar security team. What was your scope of responsibility? 02 Share an example of a significant cybersecurity incident you responded to. What was your role and what actions did you take? 03 Describe your experience implementing or enhancing organizational security policies and procedures. 04 Tell us about a time you collaborated with non-technical stakeholders to address a cybersecurity challenge. How did you ensure understanding and buy-in? 05 What experience do you have aligning security operations with regulatory frameworks or requirements (e.g., NIST, ISO 27001, FERPA, GLBA)? Required Question

Created: 2026-03-17