Chief Information Security Officer

Job Description

Company: Middle Georgia State University

Location: Macon, US

Job Title: Chief Information Security Officer
Location: MGA – Macon
Regular/Temporary: Regular
Full/Part Time: Full-Time
Job ID: 299689
About Us

Middle Georgia State University (MGA), a multi-campus, baccalaureate and graduate degree-granting public institution, is the most affordable public state university in Georgia. MGA has five campuses-Macon, Cochran, Dublin, Eastman, and Warner Robins, all located in central Georgia-and global outreach through its fully-online campus. Its enrollment of 8,400 students is largely comprised of students from most of Georgia’s 159 counties. The University has six academic schools, including Georgia’s flagship aviation program, that support its mission to educate and graduate inspired, lifelong learners whose scholarship and careers enhance the state.
Job Summary

The Chief Information Security Officer (CISO) provides institution cybersecurity leadership aligned to USG governance, data, and procurement frameworks. The CISO develops, implements, and maintains a comprehensive university-wide cybersecurity strategy designed to protect institutional information assets, infrastructure, systems, and services from internal and external threats while ensuring compliance with applicable federal, state, regulatory, and institutional requirements.

The CISO collaborates with executive leadership, technology teams, academic and administrative departments, and external partners to promote a culture of cybersecurity awareness, resilience, governance, and responsible technology innovation across the university.
Responsibilities

Cybersecurity Governance, Risk, and Strategy (40%) –
Develops and maintains the university’s comprehensive cybersecurity program, governance framework, policies, standards, and procedures.
Leads enterprise cybersecurity risk assessments and maintains institutional cybersecurity risk management processes.
Develops and executes a multi-year cybersecurity roadmap aligned with university strategic priorities and technology modernization efforts.
Establishes cybersecurity metrics, maturity benchmarks, and key risk indicators to evaluate institutional security posture and program effectiveness.
Collaborates with university leadership to integrate cybersecurity and privacy considerations into institutional planning, digital transformation initiatives, procurement activities, and operational decision-making.
Coordinates with USG system-level cybersecurity initiatives to ensure alignment, consistency, and efficiency across institutions.
Acts as the institution authority on cybersecurity risk, advising executive leadership on risk acceptance, mitigation, and enterprise risk posture.
Ensures alignment with cybersecurity frameworks and best practices including NIST Cybersecurity Framework (CSF), CIS Controls, Zero Trust principles, and applicable regulatory requirements.

Security Operations and Incident Response (25%) –
Oversees institutional cybersecurity operations including threat monitoring, vulnerability management, endpoint protection, identity and access management, network security architecture, and security monitoring technologies.
Champions identity-centric security architecture, recognizing identity as the primary control mechanism for institution cybersecurity.
Ensures timely and accurate reporting of cybersecurity incidents in accordance with USG incident response requirements and escalation protocols.
Leads cybersecurity incident response planning, coordination, investigation, tabletop exercises, and post-incident analysis activities.
Coordinates cybersecurity-related disaster recovery and business continuity planning efforts.
Collaborates with infrastructure and enterprise systems teams to ensure secure architecture, configuration standards, segmentation strategies, backup protections, and resilience practices.
Oversees institutional security architecture for firewalls, VPNs, wireless security, cloud services, and secure remote access technologies.

Compliance, Privacy, and Vendor Risk Management (15%) –
Ensures institutional compliance with applicable cybersecurity, privacy, and data protection requirements including FERPA, GLBA, HIPAA, PCI DSS, and other applicable regulations.
Leads cybersecurity assessments and reviews associated with third-party vendors, cloud platforms, software systems, and institutional technology integrations.
Collaborates with university departments to support cybersecurity governance within technology procurement and project review processes.
Maintains cybersecurity documentation, reporting, and audit support materials.

Security Awareness and Institutional Engagement (10%) –
Develops and maintains institutional cybersecurity awareness, training, and communication programs for faculty, staff, and students.
Promotes a culture of shared responsibility for cybersecurity and data protection across the university community.
Collaborates with institutional stakeholders to support secure and ethical use of artificial intelligence, analytics, automation, and institutional data resources.

Leadership and Administration (10%) –
Provides leadership, mentoring, resource planning, and professional development for cybersecurity personnel.
Assists in cybersecurity budgeting, resource allocation, and strategic technology planning.
Participates in institutional committees, emergency response activities, and technology governance initiatives.
Performs related duties as assigned.
Required Qualifications

Educational Requirements
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Business, or a related field from an accredited institution.

Other Required Qualifications
Demonstrated leadership, communication, and supervisory skills.

Required Experience
Five (5) years of progressively responsible experience in cybersecurity, information security, risk management, and technology leadership.
Demonstrated experience in cybersecurity governance, policy development, incident response, risk management, and security operations.
Preferred Qualifications

Additional Preferred Qualifications
Professional cybersecurity certifications such as CISSP, CISM, GIAC, CCSP, or equivalent certifications.

Preferred Educational Qualifications
Master’s degree in Cybersecurity, Information Technology, Computer Science, Business, Public Administration, or a related field.

Preferred Experience
Experience in higher education, government, or other regulated environments.
Experience with NIST Cybersecurity Framework (CSF), CIS Controls, Zero Trust principles, and cloud security practices.
Experience supporting enterprise systems, identity management, or security governance programs.
Knowledge, Skills, & Abilities

Thorough knowledge of cybersecurity principles, frameworks, standards, and best practices.
Knowledge of cybersecurity governance, risk management, compliance, and incident response methodologies.
Knowledge of network security architecture, identity and access management, cloud security, endpoint protection, and security operations.
Knowledge of federal and state cybersecurity and privacy regulations applicable to higher education.
Knowledge of business continuity, disaster recovery, and resilience planning principles.
Ability to communicate cybersecurity risks and strategies to both technical and non-technical audiences.
Ability to balance institutional enablement, innovation, operational effectiveness, and cybersecurity risk management.
Skill in strategic planning, problem solving, and decision making.
Skill in leadership, collaboration, and organizational communication.
Skill in interpersonal relations and stakeholder engagement.
USG Core Values

The University System of Georgia is comprised of our 25 institutions of higher education and learning as well as the System Office. Our USG Statement of Core Values are Integrity, Excellence, Accountability, and Respect. These values serve as the foundation for all that we do as an organization, and each USG community member is responsible for demonstrating and upholding these standards. More details on the USG Statement of Core Values and Code of Conduct are available in USG Board Policy 8.2.18.1.2 and can be found on-line at https://www.usg.edu/policymanual/section8/C224/#p8.2.18_personnel_conduct.

Additionally, USG supports Freedom of Expression as stated in Board Policy 6.5 Freedom of Expression and Academic Freedom found on-line at https://www.usg.edu/policymanual/section6/C2653.
Institutional Values

Middle Georgia State University is committed to four core values in what we do and represent: CORE VALUES: Stewardship – Engagement – Adaptability – Learning
Equal Employment Opportunity

Middle Georgia State University is committed to ensuring a safe learning environment that supports the dignity of all members of the University community. Equal opportunity and decisions based on merit are fundamental values of the University System of Georgia (USG) and Middle Georgia State University. Pursuant to Board of Regents Policy Section 6.6 , federal and state laws and regulations, and our vision, mission, and values, Middle Georgia State University prohibits discrimination on the basis of an individual’s age, color, disability, genetic information, national origin, race, religion, sex, or veteran status (“protected status”). No individual shall be excluded from participation in, denied the benefits of, or otherwise subjected to unlawful discrimination, harassment, or retaliation under, any USG program or activity because of the individual’s protected status; nor shall any individual be given preferential treatment because of the individual’s protected status, except that preferential treatment may be given on the basis of veteran status when appropriate under federal or state law.
Other Information

This is a full-time, 12-month, exempt (salaried) staff position and includes a comprehensive benefits package. Benefits include:
• Health insurance
• Dental
• Vision
• Flexible Spending Account (FSA)
• Health Savings Account (HSA)
• Life Insurance
• Sick Leave
• Vacation Leave
• Parental Leave
• Retirement
• Employee discounts
• Tuition reimbursement
Background Check

Employment offer is contingent upon completing a background investigation, including a criminal background check demonstrating your employment eligibility with MGA, as determined by MGA in its sole discretion, confirmation of the credentials and employment history reflected in your application material, and, if applicable, a satisfactory credit check.

Source: Inside Higher Ed Careers