Director, IT Security

About Us

Stellar Virtual was founded in 2019 with one school in Texas. We serve parents of K-12 students, unhappy with their current school, or needing an at-home/flexible learning environment. Today, Stellar Virtual has grown to six schools across three states: Texas, Arizona, and Indiana. Stellar Virtual is committed to going above and beyond for our virtual families. 

Our Promise
Empowering families with the choice of a high-quality virtual school with dedicated staff focused on student outcomes and an exceptional customer experience, our program will enable students to thrive and unleash their full potential.

Our Mission

Empowering Families. Unleashing Potential. 

Our Core Values

Stellar Virtual has five core values that shape and define our organization’s culture across all programs and locations. Each establishes a shared sense of purpose and creates a cohesive environment where everyone can feel connected to the mission.

• Go the Extra Mile (Go): Customer Service is everyone’s job.
• Make Your Motion Matter (Make): Prioritize, focus, and support Stellar Virtual goals.
• Kids First, Always (Kids): Our actions, decisions, and behaviors are always grounded by those we serve, students and their families.
• Respect: Assume positive intent with our students, families, and colleagues.
• Create, Collaborate, & Communicate (the Cs): Demonstrate the skills we want our students to learn. 

We remember our values with this phrase: Go Make Kids Respect the Cs! 

Technology Aspect
Stellar Virtual is committed to ensuring our employees have the tools they need to succeed in a virtual work environment. To support your role effectively, we provide a company-issued laptop, equipped with the necessary software, security features, and internal support. This does not apply to Independent Contractors (1099), seasonal, or unpaid individuals.

At-Will Notice
Employment with Stellar Virtual is on an at-will basis (only W2 employment types), meaning either the employee or the company may terminate the employment relationship at any time, with or without cause or notice, subject to applicable laws. Nothing in this job description should be construed as creating a guarantee of continued employment or a contract of employment for any specific duration. This does not apply to Independent Contractors (1099).

Equal Employment (EEO) Statement

At Stellar Virtual, we embrace diversity and foster an inclusive and supportive work environment. We welcome applicants from all backgrounds and experiences. Stellar Virtual is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

Position Details
Position Name: Director, IT Security
Status: Salaried, Exempt
Type: Regular, Full-Time (12)
School Year (if applicable): Not Applicable
Estimated Time to Start: 3-4 Weeks

Position Overview
The IT Security Director is responsible for developing, implementing, and managing the organization's cybersecurity strategy to protect IT systems, networks, and data from cyber threats for a large online K-12 charter school serving tens of thousands of students. This role requires balancing robust cybersecurity with the unique needs of digital education environments and protecting student data while enabling effective online learning. This role involves overseeing security policies, ensuring compliance with industry regulations, leading incident response efforts, and collaborating with business units to strengthen the organization's overall security posture.

Essential Duties & Responsibilities

• One Number: 0 Security Breaches
• Design security protocols specifically for educational technology platforms, including learning management systems and virtual classrooms.
• Develop age-appropriate security policies that balance protection with educational access needs across K-12 grade levels.
• Develop and implement the organization's IT security strategy, policies, and frameworks.
• Ensure alignment of cybersecurity initiatives with business objectives and regulatory requirements.
• Lead the security team in identifying, assessing, and mitigating security risks.
• Provide executive leadership with regular updates on the organization's security status.
• Ensure strict compliance with education-specific regulations (FERPA, COPPA, CIPA) with particular focus on protecting student data.
• Establish and enforce security standards, best practices, and compliance with regulations (e.g., GDPR, HIPAA, NIST, ISO 27001).
• Conduct regular risk assessments and vulnerability testing to identify security gaps.
• Develop security standards specific to remote learning environments and school-issued devices.
• Oversee audits and ensure the organization meets legal, regulatory, and industry cybersecurity requirements.
• Create incident response protocols that minimize disruption to online learning activities.
• Implement specialized monitoring for threats targeting educational institutions and student data.
• Develop and maintain an incident response plan to quickly detect, respond to, and recover from security incidents.
• Oversee security monitoring, threat intelligence, and forensic investigations.
• Collaborate with internal teams and external partners (e.g., law enforcement, vendors) during security incidents.
• Evaluate and implement security solutions that protect student and family privacy while enabling effective digital education.
• Ensure the implementation and maintenance of robust security architectures for networks, applications, and cloud environments.
• Evaluate and recommend security technologies, such as firewalls, SIEM, endpoint protection, and identity management solutions.
• Work with IT teams to integrate security best practices into system development and infrastructure projects.
• Develop differentiated security awareness programs for staff, students, and parents.
• Lead security awareness training programs to educate employees on cybersecurity threats and best practices.
• Foster a security-first culture across the organization.
• Engage with senior leadership and IT teams to ensure security considerations are embedded in business decisions.
• Collaborate with curriculum directors to integrate cyber safety into digital citizenship instruction.
• Partner with curriculum and instruction teams to ensure security measures support rather than hinder educational objectives.
• Collaborate with educational technology teams to secure diverse learning applications and digital resources.
• Design and implement secure parent/guardian access to student information and learning platforms.

Knowledge, Skills & Attributes 

• 8+ years of experience in IT security, with at least 3+ years in a leadership role.
• Experience implementing security in K-12 educational environments, preferably in online/digital learning contexts.
• Knowledge of educational technology platforms and their unique security requirements.
• Understanding of the balance between security controls and accessibility needs in education.
• Strong knowledge of cybersecurity frameworks (NIST, CIS, ISO 27001) and regulatory requirements.
• Expertise in network security, cloud security, identity & access management, and endpoint security.
• Proficiency with security tools such as SIEM, IDS/IPS, firewalls, and vulnerability mgmt. platforms.
• Excellent leadership, communication, and stakeholder management skills.
• Ability to work under pressure and handle security incidents effectively.
• Experience managing cybersecurity operations, risk management, and compliance programs.

Education & Certification Requirements

• A bachelor's degree in Information Security, Computer Science, or a related field is required.
• A master's degree is preferred (in a related field) but not required; substantive experience will substitute for education (8+ years).
• Certified Information Systems Security Professional (CISSP)
• Preferred CoSN CETL (Certified Education Technology Leader) - Preferred
• Preferred Certified Information Security Manager (CISM) - Preferred
• Preferred Certified Information Systems Auditor (CISA)
• Preferred GIAC Security Certifications (GSEC, GCIH, etc.)