Director III, Info Technology

Job Description

Director III, Information Technology

Kansas State University – Manhattan, Kansas – United States – On‑site

About This Role
The Director of Data Protection, Privacy, and Risk is responsible for establishing and managing the organization’s IT risk management and cybersecurity governance program. The position oversees IT risk assessment, data protection and privacy, third‑party and supply chain risk management, compliance monitoring, security policy development, security awareness training, and security exception management.

What You’ll Need to Succeed

• Requires a high school diploma (or equivalent) and ten years of relevant experience in IT risk management, cybersecurity governance, compliance, and/or developing and delivering security programs at scale.

Preferred Qualifications

• Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or related field.
• Minimum of 8 years of progressive experience in IT risk management, cybersecurity governance, compliance, or related fields.
• Minimum of 3 years of supervisory or team leadership experience.
• Demonstrated expertise in IT risk assessment methodologies and frameworks (NIST CSF, ISO 27001/27005, FAIR).
• Strong understanding of cybersecurity principles, technologies, and threat landscape.
• Experience with regulatory compliance requirements relevant to the organization.
• Master’s degree in Cybersecurity, Information Systems, Risk Management, or MBA.
• Professional certifications such as CRISC, CISM, CISSP, CGRC, or CISA.
• Demonstrated success building IT risk management or GRC programs from inception.
• Extensive experience with third‑party risk management and supply chain security.
• Experience in higher education, healthcare, financial services, or similarly regulated industry.
• Strong knowledge of privacy regulations (GDPR, CCPA, HIPAA), compliance frameworks (SOC 2, ISO 27001, Secure Control Framework), and regulatory requirements (PCI DSS, GLBA, FERPA, CMMC).
• Experience with GRC platforms and risk management tools.
• Proven ability to communicate complex technical risks to non‑technical executives and board members.
• Experience developing and delivering security awareness programs at scale.
• Strong project management skills and experience leading cross‑functional initiatives.
• Must maintain currency with evolving cybersecurity threats, regulations, and industry best practices.
• Strong analytical skills with ability to synthesize complex technical information into executive communications.
• Excellent written and verbal communication skills with ability to influence stakeholders at all levels.
• Ability to work independently and manage multiple priorities in a dynamic environment.
• Strong business acumen and ability to balance security requirements with operational needs.

Sponsorship Eligibility
Candidates must be legally authorized to work in the U.S. on an ongoing basis without sponsorship.

How to Apply
Please submit the following documents:

• Resume
• Cover Letter
• Three Professional References

Application Window
Applications close on: 2/6/26

Anticipated Hiring Pay Range
$110,000–$140,000

To apply, please visit: (Use the "Apply for this Job" box below).-8ad6842db101