Exec Director, Chief Information Security Officer


The University of Chicago Medicine


Posted Under: Chicago, Illinois jobs in Executive; Executive jobs in zipcode 60696
Posted On: 2021-05-05

Job Description:Join a world-class academic healthcare system,UChicago Medicine, as theExecutive Director, Chief Information Security Officer (CISO)responsible for directing the strategies of the UCM IT identity and access management team.The Chief Information Security Officer is responsible for the development, delivery and administration of an organizational information security program and corresponding functions that include strategy, tactics, standards and systems. This position requires a high level of knowledge in the areas of risk assessment, network and system security, security implementation, and changing the culture of the institution through training and education. The position reports to the Senior Vice President, Chief Information Officer, but recognizing the enterprise-wide nature of the responsibility, the CISO will frequently be involved with policy development and systems security analysis throughout UCM. The CISO will lead the continued implementation and optimization of UCMs security strategies and capabilities. Who you are:A transformative leader striving to improve the enterprise systems security with:Bachelor of Science in related field such as Computer Science, Information Science and Security.Certification of two or more of the following: CISSO, CISM, CHP, CGEIT, CSCS, CISSP, ISSAP.Minimum of 10+ years of progressively responsible and directly related work experience with at least 6-8 years of leadership experience in an information security management role with increasing levels of responsibility.Experience with advising and effectively guiding senior management as to information security matters and demonstrated skill successfully working in a matrixed organization.In-depth knowledge of HIPAA Privacy and Security regulations.Substantial experience in data auditing processes and methods, cyber-security principles such as CIA (confidentiality, integrity & availability), encryption (including symmetric and asymmetric keys), digital signatures, ports, protocols & services, policies, procedures, physical security, risk management, configuration management, ethics, access control, security architecture, continuity of operations, contingency planning, disaster recovery, application security, and cyber-security rules, laws, and regulations.Ability to define and implement a multi-year strategic program and a corresponding set of strategic goals.Proven skills and experience with general management, strategic planning, program development and negotiations; skills in analysis, organization, and presentation.Knowledge and ability to direct a team in integrating informational technology services with the work requirements and deliverables of units and departments.Ability to carry out position with a high degree of discretion, customer service, communication, teamwork, and timeliness.What youll gain as an Executive Director, Chief Information Security Officer:The opportunity to apply regulatory and contractual requirements and use compliance-based processes and analytics to ensure the protection and confidentiality of data and other information assets across the health system. Collaborate with the Chief Privacy Officer, Chief Compliance Officer, general counsel, and other CISOs across the University of Chicago system including the university and biological sciences division to evaluate organization conformance with applicable information security laws and regulations, contractual terms, and agreements. Opportunity to provide support, consulting, and compliance assurance to numerous governance forums.Positioned to be a visible and transformative leader, capable of directing assurance projects and driving cultural change across the enterprise.What youll do as an Executive Director:Develop, implement, and maintain an organizational information security program, developing an annually revised corresponding strategic plan and goals. Direct the strategies of the UCM IT identity and access management team, including the deployment of identity and access management platforms and solutions across the health system.Collaborate with peer stakeholders to enhance and strengthen an IT security risk management program which identifies and reduces risks on an ongoing basis by, aligning and prioritizing information security activities to mitigate business risk priorities. Reports quarterly to the Board of Trustees Audit Committee on the UCM Enterprise Risk Management progress.Coordinate and support external and internal audits and assessments of UMC IT security, including reviews performed by UCMs Internal and External Auditors, and collaborate with UMC IT leaders responsible for disaster recovery and continuity planning to ensure security requirements are accounted for.Ensure organizational compliance in accordance with information security policies, standards, procedures; responsible for the exception process, authorizes and documents all exceptions, and maintains a repository of all exceptions. Collaborate with the UCM IT operational units & leaders to define the appropriate information assurance technical measures required to secure the UCM network, endpoints, applications, and data.Ensure that a visible and effective Incident Response Policy and Procedure is in effect for timely enforcement, tracking and reporting.Maintain knowledge of security-related regulatory requirements and laws (e.g., HIPAA, HITECH, PCI, 405(d)), standards (NIST, COBIT, ISO etc.) affecting healthcare privacy and security assurance, and communicates throughout the organization to increase awareness and ensure that compliance is achieved where required. Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.Responsible for conducting training and communications plans and programs which includes security awareness, security training, security training compliance, security reminders, and new hire security orientation.Why Join Us:Weve been at the forefront of medicine since 1899. We provide superior healthcare with compassion, always mindful that each patient is a person, an individual. To accomplish this, we need employees with passion, talent and commitment with patients and with each other. Were in this together: working to advance medical innovation, serve the health needs of the community, and move our collective knowledge forward. If youd like to add enriching human life to your profile, The University of Chicago Medicine is for you. Here at the forefront, were doing work that really matters. Join us. Bring your passion.________Bring your career to the next level at a hospital that is thriving; from patient satisfaction to employee engagement, we are at the Forefront of Medicine. Take advantage of all we have to offer and #BringYourPassiontotheForefront.University of Chicago Medicine is growing; discover how you can be a part of this pursuit of excellence at: University of Chicago Medical Center is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, ethnicity, ancestry, sex, sexual orientation, gender identity, marital status, civil union status, parental status, religion, national origin, age, disability, veteran status and other legally protected characteristics.

Apply for this job, view similar jobs, and more at http://www.localjobboard.com/chicago.illinois-jobs/1255804607!