Description
Chief Information Security Officer - Office of Information Technology

The University of Tennessee, Knoxville's (UTK) Chief Information Security Officer (CISO) will establish and lead the information security strategy, policies, and practices for the institution's academic and administrative computing and information assets. Your primary objective will be to ensure the confidentiality, integrity, and availability of sensitive data, digital resources, and IT infrastructure while fostering a culture of security awareness, compliance, and collaboration throughout the organization. This position reports directly to the Vice Chancellor for Information Technology and Digital Innovation (CIO). 

Qualifications

Key Responsibilities of the role:

·         Information Security Strategy:

o   Develop, implement, and maintain a comprehensive information security strategy and team aligned with the UTK goals and objectives.

o   Continuously assess and identify potential security risks and vulnerabilities and recommend proactive measures to mitigate them.

·         Policy and Compliance:

o   Establish and enforce information security policies, standards, guidelines, and procedures in compliance with industry best practices, legal and regulatory requirements, and system and institutional policies. Collaborate with internal stakeholders to ensure adherence to security policies and promote a culture of security awareness among students, faculty, and staff.

·         Incident Response and Management:

o   Develop and oversee an incident response plan to effectively respond to and contain security incidents and breaches.

o   Lead the investigation of security incidents, coordinate with relevant stakeholders, and provide timely reporting to the Chief Information Officer and Deputy CIO.

·         Risk Management:

o   Conduct regular risk assessments and security audits to identify potential threats and vulnerabilities and recommend risk treatment strategies to protect institutional data and assets. Work with various departments to establish risk management procedures and support mitigation efforts.

·         Security Incident and Threat Monitoring:

o   Implement and oversee security monitoring tools and techniques to detect and respond to potential security incidents and threats. Regularly analyze security logs and reports to identify patterns or anomalies that may indicate security breaches.

·         Vendor and Third-Party Risk Management:

o   Assess the security posture of third-party vendors and service providers, ensuring they adhere to the institution's security requirements. Monitor and evaluate third-party contracts to address information security concerns effectively.

·         Security Awareness and Training:

o   Develop and implement a comprehensive security awareness and training program for all academic community members.

·         Security Technology and Infrastructure:

o   Collaborate with IT teams to ensure the implementation of robust security measures in all IT systems, networks, and applications. Evaluate and recommend security technologies and solutions to enhance the institution's security posture.

Core Competencies:

·         In-depth knowledge of information security frameworks, standards, and regulations (e.g., NIST, ISO 27001, GDPR).

·         Familiarity with academic, student information systems, and research data security requirements in higher education.  Understanding of Cloud security, particularly Microsoft Azure and Office 365.

·         Strong leadership and communication skills, with the ability to engage and collaborate with diverse stakeholders.

·         Demonstrated experience in managing security incidents, conducting risk assessments, and implementing security awareness programs.

·         Understanding of security requirements in a High-Performance Computing Environment.

Education and Certifications:

·         Bachelor’s degree in Computer Science, Information Security, or a related field required.

·        Proven experience (typically 8+ years) in information security management, preferably in a higher education setting.

·        Advanced certifications like CISSP, CISM, or CISA are highly desirable.

Job: Executive/Administrative
Primary Location: US-Tennessee-knoxville
Organization: Oit Service Centers
Schedule: Full-time
Job Posting: Aug 17, 2023, 1:37:35 PM