Job Details

Chief Information Security Officer (Job ID: 297996)
Columbus State University, Full Time, Regular

About the University

Columbus State University is dedicated to inspiring the best in students, faculty, and staff. With exceptional facilities and a commitment to mentoring, we provide a dynamic environment for innovation and career growth.

Job Summary

The Chief Information Security Officer (CISO) provides strategic leadership for the university's information security program, ensuring confidentiality, integrity, and availability of institutional data and technology systems. The CISO reports to the Chief Information Officer, serves on the UITS leadership team, and collaborates with university leaders, faculty, staff, and students to develop and deliver a comprehensive security strategy aligned with the University System of Georgia IT Handbook and applicable regulations.

Responsibilities

• Strategic Security Leadership and Program Management (25%) – Provide strategic leadership for the information security program, develop and execute a multi‑year security roadmap aligned with institutional priorities, establish annual and long‑range security goals, define strategy, create maturity models, and develop reporting metrics for continuous improvement. Mentor security staff, advise the CIO and Executive Leadership, represent the university on committees and boards, and stay current on security trends, regulatory developments, and the threat landscape.
• Policy, Compliance, and Audit Coordination (20%) – Lead development, implementation, and maintenance of security policies and procedures consistent with USG IT Handbook, FERPA, GLBA, HIPAA, FISMA, PCI DSS, NIST 800‑171, CMMC, and GDPR. Coordinate IT and security audits, manage audits with internal and external stakeholders, and handle Georgia Open Records Act requests in partnership with Legal and HR.
• Risk Management and Incident Response (25%) – Design and deploy technical security standards and services to identify and mitigate risks, serve as primary point of contact during incidents, lead the Security Incident Response Team, and manage breach response and notification with Legal and compliance offices. Maintain incident response, business continuity, and disaster recovery plans for security functions.
• Governance and Stakeholder Engagement (15%) – Chair the Information Security Governance Committee, lead the UITS Security Team, build relationships with academic and administrative leaders, provide guidance to the CIO on resources and technology decisions, and engage with USG Cybersecurity, peer institutions, and national consortia.
• Outreach, Education, and Training (15%) – Develop and deliver a university‑wide security awareness, education, and training program for faculty, staff, students, and student employees; advise units on best practices, support secure research environments, collaborate with student organizations, and promote community awareness on identity protection and online safety.

Required Qualifications

• Bachelor's degree in information security, computer science, information systems, or a related field.
• Minimum 5 years of progressively responsible experience in information security, including at least 2 years in a supervisory or management role.
• Experience securing enterprise systems and infrastructure.
• Industry‑recognized security certification such as CISSP, CISM, or GIAC GSEC.

Preferred Qualifications

• Master's degree preferred.
• Experience in higher education or public‑sector environments.
• Familiarity with Microsoft 365 security tooling, identity platforms, and cloud security frameworks.

Knowledge, Skills, & Abilities

• Knowledge of information security frameworks (NIST Cybersecurity Framework, NIST 800‑53, NIST 800‑171, ISO 27001, CIS Controls).
• Understanding of higher education compliance requirements (FERPA, GLBA, FTC Safeguards Rule, HIPAA, FISMA, PCI DSS, GDPR, USG policies).
• Experience leading security operations (vulnerability management, threat detection, IAM, security architecture, cloud security).
• Ability to lead and respond to incidents, including breach notification and forensic coordination.
• Strong leadership and supervisory skills, mentoring technical staff and student assistants.
• Excellent communication for translating complex security concepts to technical and non‑technical audiences.
• Ability to develop and execute security strategy and governance across a decentralized organization.
• Knowledge of audit and risk management processes and regulatory examinations.
• Project management skills to manage concurrent initiatives with competing priorities.
• Maintaining confidentiality regarding sensitive institutional data.
• Collaboration with faculty, staff, students, vendors, USG partners, law enforcement, and auditors.
• Physical ability to sit for extended periods, use a computer, and lift up to 15 pounds.
• Occasional travel to USG institutions and conferences; after‑hours availability during active security incidents.

Equal Employment Opportunity

Columbus State University is proud to be an equal employment, equal access, and equal educational opportunity institution. We recruit, hire, train, promote, and educate persons without regard to race, color, national or ethnic origin, age, disability, gender, religion, sexual orientation, gender identity, or veteran status, in compliance with applicable state and federal laws.

Legal Notice

All selected candidates must submit and successfully pass a background investigation, including reference checks and verification of academic credentials. Additional requirements may apply (e.g., credit check for positions of trust, pre‑employment drug testing, vehicle reports for fleet vehicles). Please review applicable university policies and the University System of Georgia core values and code of conduct for full details.