The Associate Vice President for IT and Chief Information Security Officer (AVP/CISO) is responsible for developing and maintaining a world-class, institution-wide information security and risk management program to ensure that information assets are adequately protected. This executive is responsible for creating and maintaining a cyber security program and leading the Georgia Tech cyber security function in maintaining the confidentiality, integrity, and availability of Institute information assets and managing cyber security related compliance. 

The AVP/CISO serves as the program owner of all assurance activities and is responsible for leading the investigation of, and response to, cyber security incidents. This individual will oversee the establishment of OIT and Institute cybersecurity goals,  determining the resources needed to meet those goals, assessing overall performance feedback, while overseeing and managing the cybersecurity-related budget. 

A key element of the AVP/CISO's role is working with Georgia Tech’s executive leadership team, external and internal leadership, stakeholders, and law enforcement agencies to determine acceptable levels of risk for the organization.  The AVP/CISO must be highly knowledgeable about the higher education environment (or can demonstrate equivalent experience) and ensure that information systems and data are maintained in a  secure mode while ensuring usability for The GT community.. The ideal candidate is a thought leader, a consensus builder, and an integrator of people, technology and processes.

• Provide cyber security risk management leadership in support of the academic, research, and administrative mission and goals of the Institute.
• Define vision, mission, objectives, and goals of the Institute cyber security program, and manage the overall program to attain goals.
• Provide strategic budget management across organizational domains to maximize investments in information technology, while minimizing risk to appropriate levels.
• Engage with information technology and business leaders across GT to continuously improve customer experience and increase business impact.
• Identify cyber threats and vulnerabilities; lead response efforts for all major cyber incidents, including partnership with USG and law enforcement agencies.
• Direct operations of the cyber security engineering activities across GT including design, development, and deployment of cyber security solutions that provide identification, prevention, detection, and response capabilities.
• Direct programs to continuously mature monitoring and response capabilities and direct operations for detecting incidents, respond to incidents, manage vulnerabilities, and lead the digital forensics program.
• Direct programs to continuously mature cyber security policy and compliance framework including to design, develop, and promulgate Institute cyber policy, standards and guidelines and ensure compliance with relevant regulations.
• Define cybersecurity metrics and reporting mechanisms to measure the ongoing success of the GT cyber security program, and regularly report the state of cyber risk to Institute executive leadership.
• Partner with Information Technology and Institute leadership to ensure institute initiative and programs incorporate appropriate controls and standards to manage risk and safeguard information/data assets belonging to, or entrusted to the Institute.
• Partner with Information Technology and other stakeholders across GT to develop innovative approaches to defend GT information systems and data including leveraging automation and emerging technologies such as generative artificial intelligence.
• Collaborate with the University System of Georgia and the Georgia Technology Authority to ensure Institute policies, the University System of Georgia, and the state support the efforts of the Institute.
• PREFERRED SKILL: CISSP (Certified Information System Security Certification), Masters Degree in Information Technology.

YEAR ONE CRITICAL SUCCESS FACTORS  

Georgia Tech has deemed the following as mission critical to be completed in year one:

• Review and rationalize cybersecurity tools and related technologies (e.g., networking tools, monitoring technologies) across GT to maximize investments, fully utilize resource capabilities, and strengthen our defense against current and emerging threats.
• Define the ideal security posture that balances the needs of the business with adequate protection of information assets.
• Develop GT cybersecurity strategic plan in alignment with the information technology and Institute strategic plans.
• Ensure compliance with all existing and upcoming regulations including CMMC.
• Establish a relationship of trust and accountability with leadership and stakeholders across the organization.
• Build a best-in-class cyber security team through organization management, the training and development of current team members, the recruitment and hiring of key individuals to fill gap areas that are uncovered and leveraging student employment and internships.

PROFESSIONAL EXPERIENCE/QUALIFICATIONS

Georgia Tech seeks a visionary and collaborative leader with a distinguished record of outstanding accomplishment.  While no one person will embody all of the qualities enumerated below, the ideal candidate will possess as many of the following professional and personal characteristics:

• 10+ years of technology management experience, as well as experience in a university (or equivalent) environment.
• Strong interpersonal skills, the ability to organize resources and establish priorities, problem solving skills, and knowledge of office related computer applications.
• Demonstrated success in understanding research university business objectives and applying appropriate process or technology solutions.
• Strong skills in building professional relationships with peers both inside and outside of the institution.
• Knowledge of state and/or federal procurement processes and requirements.
• Strong knowledge of IT auditing and enterprise risk assessment.
• Knowledge of cyber security legal and policy issues.
• Ability to independently assess new technologies in the marketplace, determines relevance to the Georgia Tech mission, and plan for the acquisition and implementation of those technologies.
• This job requires advanced knowledge of strategic planning in a complex technology environment.
• Experienced managing large IT or cybersecurity budgets.
• Team building, coaching, skills assessment and personnel evaluation skills are necessary.
• Ability to aggregate and prioritize multiple complex priorities.
• Strong servant leadership philosophy skills are required to also include adaptive, agile, and versatile thinking in the face of rapid changes and uncertainty, situational awareness and assessment in making sound decisions, and aligning team and institutional values.
• Strong skills in risk management and tolerance are also necessary.
• Experienced with securing and leading responsible adoption of emerging technologies with the security function and across the organization.

About Georgia Institute of Technology

Connections working at Georgia Institute of Technology