Duke University's IT Security Office (ITSO) is seeking a skilled Senior Program Manager to help shape, communicate, and advance Duke's cybersecurity strategy. This role focuses on quantifying, contextualizing, and managing cyber risk across Duke University. You will partner closely with leadership, including the CISO and other Security Office leaders, to craft and communicate standards, practices, and program direction.

This position is ideal for someone who thrives in a fast-paced, analytical environment and enjoys translating complex information into clear guidance for diverse audiences. While prior security experience is helpful, candidates with strong backgrounds in analytics, risk, or strategic program management are encouraged to apply.

Minimum Requirements
• Bachelor's degree in a related field plus 3 or more years of experience in security, audit, analytics, or related areas.

OR
• 5+ years of combined education/experience in a related field.

Preferred Qualifications
• Certifications such as SANS/GIAC, CISSP, CISA, CISM.
• Experience with cybersecurity, risk analytics, or security program development.
• Proficiency with quantitative and qualitative analysis supporting data-driven decisions.

Other Requirements
• Strong verbal, written, and analytical communication skills.
• Ability to collaborate across diverse teams and influence through clarity and insight.
• Ability to work independently and in team settings on complex, fast-moving projects.

Be Bold

As Senior Program Manager, you will help drive the strategic maturity of Duke's information security program guided by the CI Security Critical Controls. This means providing insight into cyber risk trends, enabling data-driven decision-making, and ensuring the security program evolves with the regulatory landscape, including NIST SP 800-171.
• Assess the cyber risk landscape using metrics dashboards and advise on enhancements to improve clarity and risk quantification.
• Advise on development of inventory, tracking, and measurement tools, including dashboards covering accounts, devices, servers, network activity, websites, and adoption of key controls such as MFA, endpoint management, patching, and automated IP blocking.
• Identify strategic priorities for ITSO initiatives based on metrics, analysis, potential impact, and risk.
• Provide briefings to the security community, highlighting trends and implications for operational and strategic decisions.
• Lead project work to align the program with actionable industry best practices.
• Manage embedded security roles to ensure alignment with program priorities.
• Develop materials articulating policies, positions, and security guidance.
• Create innovative approaches to enhance the efficiency and value of ITSO's risk management programs-including vendor reviews.
• Coordinate response efforts on cross-functional issues involving groups such as Privacy and Audit, the Duke Health Information Security Office, and other departmental IT groups.

Supervisory Responsibilities
• Manage a team of 3-7 direct reports, 5 indirect reports, and graduate student interns.
• Perform all aspects of staff management including hiring, performance management, professional development, recognition, and staffing alignment for services provided by the team.