Job Description

About the UT System
The University of Tennessee System is comprised of campuses at Knoxville, Chattanooga, Pulaski and Martin; the Health Science Center at Memphis; the Space Institute at Tullahoma; and the statewide Institute of Agriculture and Institute for Public Service. The UT System enrolls about 54,000 undergraduate and graduate students statewide, and more than 13,000 students graduate from UT campuses each year with bachelor’s, master’s, doctoral and professional degrees.

The UT System has a presence in each of Tennessee’s 95 counties. Through the combined force of education, research and outreach, the University serves students, business and industry, schools, governments, organizations and citizens statewide.

The University of Tennessee System, through its multiple campuses and institutes, serves the people of Tennessee and beyond through the discovery, communication, and application of knowledge. The System is committed to providing undergraduate, graduate, and professional education programs in a diverse learning environment that prepares students to be leaders in a global society. The UT System’s delivery of education, discovery, outreach, and public service contributes to the economic, social, and environmental well-being of all Tennesseans.

The Opportunity
Leads and manages team for large-scale projects, security assessments, compliance audits, etc. Serves as high level expert and leader in service area teams. Directly leads and coordinates the risk management program for UTSA and the University. Develop and oversee, as a part of the ISO team, the IT Governance, Risk, and Compliance (GRC) program system-wide. GRC will involve multiple federal and state compliance programs, including but not limited to Center for Internet Security (CIS), Graphics-Leach-Bliley Act (GLBA) Safeguards Rule, PCI, HIPAA, and the National Institute of Standards and Technology (NIST). Recommends and assesses security controls for applications, systems, networks, cloud-based solutions, or databases. Provides leadership support for the IT Security Department in terms of planning, direction, and services.



Primary responsibilities will include:

Governance, Risk, and Compliance
Develop and lead IT Governance, Risk, and Compliance (GRC) program system-wide (CIS, GLBA, PCI, HIPAA, NIST) with a focus on the risk management program
Implements the AuditBoard GRC application statewide with a focus on risk management for all campuses and institutes statewide
Implements the risk assessment program for use by all campuses with assigned responsibility and accountability for all risk mitigation tasks
Performs risk assessments for UTSA departments and enterprise systems as well as for systems, departments, or applications statewide based on request
Implements reporting processes for risk mitigation for the university
Participates in the technical assessment and compliance portion of the PCI program
Participates in the technical assessment and compliance portion of the HIPAA program
Directly accountable for the assessment of security controls applied to applications, systems, networks, and/or databases
Directly accountable for all risk mitigation efforts for UTSA applications, systems, networks, and/or databases
Directly accountable for UTSA compliance with the CIS critical security controls
Requires travel to campus and institute locations statewide

Security Leadership and Planning
Directly responsible for the resolution of lower impact or urgency problem and incident management issues
Reviews work of junior staff to ensure that services requests are correctly and effectively performed
Leads project teams to develop and implement new security controls for applications, systems, networks, and/or databases including leadership of multiple personnel that do not report to him
Leads projects, including planning, managing resources, and delivering final products
Directs and supervises project team members efforts
Maintains a current level of knowledge for all information security concepts and technologies (e.g. by reading, attending
conferences, training, professional communication/networking)
Actively engages and promotes new technologies (e.g. through networking, presenting at conferences, providing training)
Possesses expert domain knowledge in service area and knowledge of many related areas

Security Solutions
Seeks out new and innovative IT security solutions with the goal to enhance the overall IT security footprint of both UTSA and the University.
Designs, modifies, and implements routine, complex, and emergency security solutions to ensure and maximize service security
Responsible for the most critical and highest impact services with the largest (e.g. enterprise/university-wide) user bases including both UTSA wide and statewide.
Responsible for technical, procedural, and administrative security solutions for enterprise applications, systems, networks, and/or databases
Responsible for overall work efforts in the development and implementation of new systems, networks, and/or databases
Researches and trains on advanced systems, networks, and/or database technologies
Security Response
Directly responsible for resolution of high impact or urgency problem and incident management issues
Fulfills security focused service requests for applications, systems, networks, and/or databases under their responsibility

Performs other related duties as required