System-Wide Chief Information Security Officer (CISO)

Title: System-Wide Chief Information Security Officer (CISO)

Employee Classification: Executive/Admin & Managerial

Institution: System Office

Department: Office of Information Technology

Campus Location: Tennessee Board of Regents System Office

Job Summary

The System-Wide Chief Information Security Officer (CISO) is responsible for leading and managing the institution's information security strategy, operations, and compliance. This role ensures the protection of the institution's data, networks, and systems across all campuses and satellite locations. The CISO will work closely with executive leadership, IT teams, and other stakeholders to establish and maintain a comprehensive security framework that aligns with the institution's goals and regulatory requirements.

Oversee a team of security experts responsible for implementing and administering the security program across thirteen community colleges, twenty-four Technical Colleges of Applied Technology, and a System Office that includes a shared services division.

This position may have the opportunity to work remotely within the state of Tennessee but with periodic visits to the TBR System Office (Nashville, TN) at the employee’s expense, and potential travel to Tennessee TBR colleges may be necessary.

Job Duties

• 25% - Develop, implement, and maintain the institution's information security strategy, policies, and procedures to protect data and systems. - (Essential)
• 20% - Lead incident response efforts and manage the investigation of security breaches, coordinating with internal and external stakeholders as needed. - (Essential)
• 20% - Oversee the security architecture and controls for all network systems, applications, and cloud environments. - (Essential)
• 15% - Conduct regular security assessments and audits to identify vulnerabilities and ensure compliance with federal, state, and institutional regulations. - (Essential)
• 10% - Collaborate with the CIO and executive leadership to align security initiatives with institutional objectives and provide regular updates on security posture. - (Essential)
• 5% - Manage security awareness training programs for faculty, staff, and students, fostering a culture of cybersecurity across the institution. - (Essential)
• 5% - Perform other duties as assigned to support the institution's mission and goals. - (Marginal)

Minimum Qualifications

• Bachelor’s degree in information technology, Cybersecurity, or a related field.
• Minimum of 5 years of experience in a senior information security role, preferably in higher education.
• Extensive knowledge of information security best practices and compliance requirements.
• Experience in leading security incident response and managing security operations.
• Professional certifications such as CISSP, CISM, or equivalent.
• Supervisory experience

Preferred Qualifications

• Master’s degree in Cybersecurity, Information Technology, or a related field.
• Experience working in a multi-campus or system-wide higher education environment.
• Demonstrated ability to lead cross-functional teams and manage large-scale security initiatives.
• Familiarity with cloud security and emerging technologies.
• Should have an appreciation for and an understanding of a two-year college mission as well as workforce development.

Knowledge, Skills, and Abilities

• Strong leadership and management skills with a proven ability to develop and implement strategic plans.
• Deep understanding of information security frameworks, standards, and regulations applicable to higher education (e.g., NIST, ISO, FERPA, GLBA).
• Excellent problem-solving skills with the ability to analyze complex issues from multiple perspectives and develop effective solutions.
• Strong communication and interpersonal skills, with the ability to engage with stakeholders at all levels of the organization.
• Proficiency in security technologies, including firewalls, encryption, IDS/IPS, VPN, and cloud security.

Physical Demands / Working Conditions