Director III, Info Technology

The Director of Data Protection, Privacy, and Risk is responsible for establishing, implementing, and managing the organization's IT risk management and cybersecurity governance program. This position oversees IT risk assessment, data protection including privacy, third-party risk management (including supply chain security), compliance monitoring, security policy development, security awareness training, and security exception management.

This position is On-site.

All employees must reside in the United States when they begin working to comply with state law. K-State is unable to provide remote or hybrid work opportunities for residents of the state of Idaho.

Minimum Qualifications:

• Requires a high school diploma (or equivalent) and ten years of relevant experience in a combination of the following: IT risk management and leadership, cybersecurity governance and compliance and/or developing and delivering security programs at scale. Requirements may be met through a combination of education and experience.

Preferred Qualifications:

• Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or related field
• Minimum of 8 years of progressive experience in IT risk management, cybersecurity governance, compliance, or related fields
• Minimum of 3 years of supervisory or team leadership experience
• Demonstrated expertise in IT risk assessment methodologies and frameworks (NIST CSF, ISO 27001/27005, FAIR)
• Strong understanding of cybersecurity principles, technologies, and threat landscape
• Experience with regulatory compliance requirements relevant to the organization
• Master's degree in Cybersecurity, Information Systems, Risk Management, or MBA
• Professional certifications such as CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CGRC (Certified GRC Professional), or CISA (Certified Information Systems Auditor)
• Demonstrated success building IT risk management or GRC programs from inception
• Extensive experience with third-party risk management and supply chain security
• Experience in higher education, healthcare, financial services, or similarly regulated industry
• Strong knowledge of privacy regulations (GDPR, CCPA, HIPAA), compliance frameworks (SOC 2, ISO 27001, Secure Control Framework), and regulatory requirements (PCI DSS, GLBA, FERPA, CMMC)
• Experience with GRC platforms and risk management tools
• Proven ability to communicate complex technical risks to non-technical executives and board members
• Experience developing and delivering security awareness programs at scale
• Strong project management skills and experience leading cross-functional initiatives
• Must maintain currency with evolving cybersecurity threats, regulations, and industry best practices
• Strong analytical skills with ability to synthesize complex technical information into executive communications
• Excellent written and verbal communication skills with ability to influence stakeholders at all levels
• Ability to work independently and manage multiple priorities in a dynamic environment
• Strong business acumen and ability to balance security requirements with operational needs

Sponsorship eligibility:

Candidates must be legally authorized to work in the U.S. on an ongoing basis without sponsorship

Please submit the following documents:

• Resume
• Cover Letter
• Three Professional References

Applications close on: 2/6/26

$110,000-$140,000