Job Summary

The Department of University Information and Technology Services at Columbus State University has an immediate need for a Chief Information Security Officer (CISO). The CISO reports to the Vice President of Information Technology and Chief Information Officer (CIO), is a member of the CIO leadership team and serves a key role in University leadership. This position works closely with administration, academic leaders, and the campus community, is an advocate for the University's total information security needs, and is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the University. The CISO leads the development and implementation of a security program that leverages collaborations and campus-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risks.

Responsibilities

University and Program Leadership

• Responsible for the strategic leadership of the University's information security program.
• Provide guidance and counsel to the CIO and key members of the University Executive Leadership Team, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security, while building relationships and goodwill.
• Manage institution-wide information security governance processes, chair the Information Security Governance Committee, and lead the UITS Information Security Team in the establishment of an information security program and project priorities.
• Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire institution in support of academic, research, and administrative information systems and technology.
• Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
• Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level, participate in national policy and practice discussions, and communicate to the University's campus on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
• Provide leadership philosophy for the Office of Information Security to create a strong bridge between organizations, build respect for the contributions of all, bring groups together to share information and resources, and create better decisions, policies and practices for the campus.
• Mentor the Office of Information Security, UITS team members and Student Assistants in order to implement professional development plans.
• Represent the University on committees and boards associated with the University System of Georgia (USG) and in national and regional consortiums and collaborations.
• Perform special projects and other duties as assigned.

Policy, Compliance, and Audit

• Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Lead efforts to internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for the University's information and technology systems.
• Work with University Internal Audit, Board of Regents (BOR), Office of Internal Audit, and Compliance Office along with outside consultants as appropriate on required security assessments and audits.
• Coordinate and track all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies, and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities, and provide a consistent perspective that continually sets the institution in its best light. Provide guidance, evaluation, and advocacy on audit responses.
• Work with University leadership and relevant responsible compliance departmental leadership to build cohesive security and compliance programs for the University to effectively address state and federal statutory and regulatory requirements.
• Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PII, FERPA, HIPAA, FISMA, PCI, and any applicable international requirements such as GDPR, CISL and 2018DPA.

Outreach, Education, and Training

• Work closely with IT leaders, technical experts, deans, and administrative leaders across campus on a wide variety of security issues that require understanding of the UITS security environment as it relates to their colleges, departments and research areas.
• Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
• Work with campus student organizations and university partners and the local community at large to build awareness and a sense of common purpose around security.
• Pursue student, faculty and staff security initiatives to address unique needs in protecting identity theft, mobile social media security, and online reputation program.

Risk Management and Incident Response

• Work with University Risk Management Office, University Legal, USG Cybersecurity, USG Legal Affairs Legal, Office of Internal Audit and Compliance Office, and outside consultants as appropriate on required security risks and incident handling.
• Keep abreast of security incidents and act as primary point of contact during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise.
• Convene Ad Hoc Security Committee as appropriate and provide leadership for breach response and notification actions for the University.
• Develop, implement, and administer technical security standards, as well as, a suite of security services and tools to address and mitigate security risks.
• Provide leadership, direction, and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
• Examine impacts of new technologies on the University's overall information security. Establish processes to review the implementation of new technologies to ensure security compliance.
• Provide leadership in all aspects of preparing, managing, and executing responses to all University System of Georgia and Georgia Open Records Act (GORA) requests to include coordinating document retrieval processes among all University senior management, colleges, departments, and Data Governance Committee. Collaborates with University Legal, USG Legal Affairs, and University Human Resource Department to review documents for legal privilege and confidentiality. Perform detail-oriented work that is confidential in nature.

Required Qualifications

Minimum qualifications include a Bachelor's degree from an accredited college or university (Master's degree is preferred); five to ten years' experience in a related field; experience in securing enterprise systems and infrastructure; and certification recognized by the security industry standards such as CISM or CISSP, or GSEC are required.

The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities at the campus level. The selected candidate must possess exceptional project management and verbal and written communication skills; the ability to work effectively with a group of diverse, highly motivated peers; possess collegial and mutually respectful attitudes & behaviors; the ability to maintain high confidentially at all levels; and the ability to work collaboratively with constituents from all areas of the University.

Proposed Salary

The salary range for this position is $75,000 - $80,000 annualized.

Required Documents to Attach

For fullest consideration, please submit your application immediately. Columbus State University is an Affirmative Action/Equal Opportunity Employer, Committed to Diversity in Hiring.

Required Documents to Submit with Online Application:

• Cover Letter/Letter of Application
• Resume
• Unofficial Transcripts

All applications and required documents must be submitted using the Columbus State University's online employment site.

Contact Information

If you have any questions, please contact the Human Resources Office at 706-507-8920 or e-mail to hr@columbusstate.edu.

Conditions of Employment

A successful criminal background check and credit check will be required as a condition of employment.