Chief Information Security Officer

Job Details

Job Title: Chief Information Security Officer

Location: MGA - Macon

Regular/Temporary: Regular

Full/Part Time: Full-Time

Job ID: 299689

About Us

Middle Georgia State University (MGA), a multi-campus, baccalaureate and graduate degree-granting public institution, is the most affordable public state university in Georgia. MGA has five campuses-Macon, Cochran, Dublin, Eastman, and Warner Robins, all located in central Georgia-and global outreach through its fully-online campus. Its enrollment of 8,400 students is largely comprised of students from most of Georgia's 159 counties. The University has six academic schools, including Georgia's flagship aviation program, that support its mission to educate and graduate inspired, lifelong learners whose scholarship and careers enhance the state.

Job Summary

The Chief Information Security Officer (CISO) provides institution cybersecurity leadership aligned to USG governance, data, and procurement frameworks. The CISO develops, implements, and maintains a comprehensive university-wide cybersecurity strategy designed to protect institutional information assets, infrastructure, systems, and services from internal and external threats while ensuring compliance with applicable federal, state, regulatory, and institutional requirements.

The CISO collaborates with executive leadership, technology teams, academic and administrative departments, and external partners to promote a culture of cybersecurity awareness, resilience, governance, and responsible technology innovation across the university.

Responsibilities

Cybersecurity Governance, Risk, and Strategy (40%)

• Develops and maintains the university's comprehensive cybersecurity program, governance framework, policies, standards, and procedures.
• Leads enterprise cybersecurity risk assessments and maintains institutional cybersecurity risk management processes.
• Develops and executes a multi-year cybersecurity roadmap aligned with university strategic priorities and technology modernization efforts.
• Establishes cybersecurity metrics, maturity benchmarks, and key risk indicators to evaluate institutional security posture and program effectiveness.
• Collaborates with university leadership to integrate cybersecurity and privacy considerations into institutional planning, digital transformation initiatives, procurement activities, and operational decision-making.
• Coordinates with USG system-level cybersecurity initiatives to ensure alignment, consistency, and efficiency across institutions.
• Acts as the institution authority on cybersecurity risk, advising executive leadership on risk acceptance, mitigation, and enterprise risk posture.
• Ensures alignment with cybersecurity frameworks and best practices including NIST Cybersecurity Framework (CSF), CIS Controls, Zero Trust principles, and applicable regulatory requirements.

Security Operations and Incident Response (25%)

• Oversees institutional cybersecurity operations including threat monitoring, vulnerability management, endpoint protection, identity and access management, network security architecture, and security monitoring technologies.
• Champions identity-centric security architecture, recognizing identity as the primary control mechanism for institution cybersecurity.
• Ensures timely and accurate reporting of cybersecurity incidents in accordance with USG incident response requirements and escalation protocols.
• Leads cybersecurity incident response planning, coordination, investigation, tabletop exercises, and post-incident analysis activities.
• Coordinates cybersecurity-related disaster recovery and business continuity planning efforts.
• Collaborates with infrastructure and enterprise systems teams to ensure secure architecture, configuration standards, segmentation strategies, backup protections, and resilience practices.
• Oversees institutional security architecture for firewalls, VPNs, wireless security, cloud services, and secure remote access technologies.

Compliance, Privacy, and Vendor Risk Management (15%)

• Ensures institutional compliance with applicable cybersecurity, privacy, and data protection requirements including FERPA, GLBA, HIPAA, PCI DSS, and other applicable regulations.
• Leads cybersecurity assessments and reviews associated with third-party vendors, cloud platforms, software systems, and institutional technology integrations.
• Collaborates with university departments to support cybersecurity governance within technology procurement and project review processes.
• Maintains cybersecurity documentation, reporting, and audit support materials.

Security Awareness and Institutional Engagement (10%)

• Develops and maintains institutional cybersecurity awareness, training, and communication programs for faculty, staff, and students.
• Promotes a culture of shared responsibility for cybersecurity and data protection across the university community.
• Collaborates with institutional stakeholders to support secure and ethical use of artificial intelligence, analytics, automation, and institutional data resources.

Leadership and Administration (10%)

• Provides leadership, mentoring, resource planning, and professional development for cybersecurity personnel.
• Assists in cybersecurity budgeting, resource allocation, and strategic technology planning.
• Participates in institutional committees, emergency response activities, and technology governance initiatives.
• Performs related duties as assigned.