University of Chicago Medical Center
Executive Director, Deputy Chief Information Security Officer (CISO)
University of Chicago Medical Center, Chicago, Illinois, United States, 60290
Job DescriptionJoin a world-class academic healthcare system,
UChicago Medicine , as the
Executive Director, Deputy Chief Information Security Officer (CISO)
responsible for directing the strategies of the UCM IT Security Operations and Identity Access Management team.
The Deputy Chief Information Security Officer is responsible for providing leadership, executive support, strategic and tactical guidance, including identifying, evaluating, and reporting on information security risks. This critical role will influence and implement tools and practices to enhance overall security processes and increase the security posture of the organization. The Deputy CISO will develop and implement cybersecurity initiatives, strategies, and policies and procedures to safeguard patients, data and the organization's information assets. Acting as a trusted advisor, the position helps to ensure the effective and efficient functioning of the Information Security Office.
This position requires a high level of knowledge in the areas of risk assessment, network and system security, and security implementation. Reporting to the Chief Information Security & Privacy Officer (CISPO), this position will support the CISPO in managing and coordinating the organization’s Security Operations and Identity and Access Management (IAM) initiatives for the health system.
Who you are:
A transformative leader striving to improve the enterprise system’s security with:
Bachelor of Science in Information Security, Computer Science, Information Technology, or related field.
Master’s degree highly preferred.
Minimum of 10 years of progressively responsible and directly related work experience with leadership experience in Security Operations and Identity and Access Management while demonstrating increasing levels of responsibility.
3+ years of leadership experience at an AMC, Large Hospital or Health Care consulting role where you have defined strategic goals, established policy, and implemented a multi-year strategic program.
Demonstrated proficiency with HIPAA Security and other relevant healthcare regulations an absolute must.
Knowledge of security frameworks such as NIST CSF, NIST SP 800-53, HICP, PCI, and similar security frameworks.
Previous experience required in Security Operations to include CrowdStrike, Proofpoint, and Akamai.
Previous experience required with SailPoint and CyberArk to effectively guide effective business solutions.
The following certifications are strongly preferred:
CISSP, CISM, CISA and/or CRISC.
Experience with advising and effectively guiding senior management as to information security matters and demonstrated skill successfully working in a matrixed organization. Proven ability to build effective relationships across all levels of the enterprise with a solid reputation as an individual who can provide sound leadership and build effective teams to maximize success.
Skilled in project management and work plan development and implementation.
Knowledge and ability to direct a team in integrating informational technology services with the work requirements and deliverables of units and departments.
Track record of effective oral and written communication skills.
What you’ll gain as an Executive Director, Deputy Chief Information Security Officer:
The opportunity to apply regulatory and contractual requirements and use compliance-based processes and analytics to ensure the protection and confidentiality of data and other information assets across the health system.
Collaborate with the Chief Information Security & Privacy Officer, General Counsel, and other key senior stakeholders to evaluate organization conformance with applicable information security laws and regulations, contractual terms, and agreements.
Opportunity to provide support, consulting, and compliance assurance to numerous governance forums.
Positioned to be a visible and transformative leader, capable of directing assurance projects and driving cultural change across the enterprise.
What you’ll do as an Executive Director, Deputy Chief Information Security Officer:
Lead a “security first” culture while developing and maintaining an organizational information security program that is compliant with applicable laws, regulations, and best practice frameworks and contractual requirements.
Develop, mentor, and manage a high performing staff of information security professionals.
Oversee the evaluation, selection, implementation, and ongoing monitoring of information security solutions that are innovative, cost-effective, and minimally disruptive.
Assist in the development of the security program roadmap and develop business metrics to measure the effectiveness of the security program, with a plan to increase the maturity of the program over time.
Monitor the industry and external environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
Oversee incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations, regulatory and legal matters.
Lead due diligence and post integration activities related to information security for all merger and acquisition, joint venture, and similar type activity.
Manage detection and vulnerability operations, internal and external IT audit groups reviews, and the coordination of all required fixes and technical corrective actions
Collaborate with senior leaders to enhance and strengthen an IT security risk management program. Coordinate with internal and external business partners to resolve complex and highly sensitive issues.
Serve in a leadership capacity with delegated authority in the Chief Information Security Officer’s absence, work to ensure the allocated budget is appropriate, and perform duties as assigned related to program oversight and efforts.
Why Join UsWe’ve been at the forefront of medicine since 1899. We provide superior healthcare with compassion, always mindful that each patient is a person, an individual. To accomplish this, we need employees with passion, talent and commitment… with patients and with each other. We’re in this together: working to advance medical innovation, serve the health needs of the community, and move our collective knowledge forward. If you’d like to add enriching human life to your profile, UChicago Medicine is for you. Here at the forefront, we’re doing work that really matters. Join us. Bring your passion.
UChicago Medicine is growing; discover how you can be a part of this pursuit of excellence at: UChicago Medicine Career Opportunities.
UChicago Medicine is an equal opportunity employer.
We evaluate qualified applicants without regard to race, color, ethnicity, ancestry, sex, sexual orientation, gender identity, marital status, civil union status, parental status, religion, national origin, age, disability, veteran status and other legally protected characteristics.
Must comply with UChicago Medicine’s COVID-19 Vaccination requirement as a condition of employment. If you have already received the vaccination, you must provide proof as part of the pre-employment process. This is in addition to your compliance with the Flu Vaccination requirement as well. Medical and religious exemptions will be considered consistent with applicable law. Lastly, a pre-employment physical, drug screening, and background check are also required for all employees prior to hire.
#J-18808-Ljbffr
UChicago Medicine , as the
Executive Director, Deputy Chief Information Security Officer (CISO)
responsible for directing the strategies of the UCM IT Security Operations and Identity Access Management team.
The Deputy Chief Information Security Officer is responsible for providing leadership, executive support, strategic and tactical guidance, including identifying, evaluating, and reporting on information security risks. This critical role will influence and implement tools and practices to enhance overall security processes and increase the security posture of the organization. The Deputy CISO will develop and implement cybersecurity initiatives, strategies, and policies and procedures to safeguard patients, data and the organization's information assets. Acting as a trusted advisor, the position helps to ensure the effective and efficient functioning of the Information Security Office.
This position requires a high level of knowledge in the areas of risk assessment, network and system security, and security implementation. Reporting to the Chief Information Security & Privacy Officer (CISPO), this position will support the CISPO in managing and coordinating the organization’s Security Operations and Identity and Access Management (IAM) initiatives for the health system.
Who you are:
A transformative leader striving to improve the enterprise system’s security with:
Bachelor of Science in Information Security, Computer Science, Information Technology, or related field.
Master’s degree highly preferred.
Minimum of 10 years of progressively responsible and directly related work experience with leadership experience in Security Operations and Identity and Access Management while demonstrating increasing levels of responsibility.
3+ years of leadership experience at an AMC, Large Hospital or Health Care consulting role where you have defined strategic goals, established policy, and implemented a multi-year strategic program.
Demonstrated proficiency with HIPAA Security and other relevant healthcare regulations an absolute must.
Knowledge of security frameworks such as NIST CSF, NIST SP 800-53, HICP, PCI, and similar security frameworks.
Previous experience required in Security Operations to include CrowdStrike, Proofpoint, and Akamai.
Previous experience required with SailPoint and CyberArk to effectively guide effective business solutions.
The following certifications are strongly preferred:
CISSP, CISM, CISA and/or CRISC.
Experience with advising and effectively guiding senior management as to information security matters and demonstrated skill successfully working in a matrixed organization. Proven ability to build effective relationships across all levels of the enterprise with a solid reputation as an individual who can provide sound leadership and build effective teams to maximize success.
Skilled in project management and work plan development and implementation.
Knowledge and ability to direct a team in integrating informational technology services with the work requirements and deliverables of units and departments.
Track record of effective oral and written communication skills.
What you’ll gain as an Executive Director, Deputy Chief Information Security Officer:
The opportunity to apply regulatory and contractual requirements and use compliance-based processes and analytics to ensure the protection and confidentiality of data and other information assets across the health system.
Collaborate with the Chief Information Security & Privacy Officer, General Counsel, and other key senior stakeholders to evaluate organization conformance with applicable information security laws and regulations, contractual terms, and agreements.
Opportunity to provide support, consulting, and compliance assurance to numerous governance forums.
Positioned to be a visible and transformative leader, capable of directing assurance projects and driving cultural change across the enterprise.
What you’ll do as an Executive Director, Deputy Chief Information Security Officer:
Lead a “security first” culture while developing and maintaining an organizational information security program that is compliant with applicable laws, regulations, and best practice frameworks and contractual requirements.
Develop, mentor, and manage a high performing staff of information security professionals.
Oversee the evaluation, selection, implementation, and ongoing monitoring of information security solutions that are innovative, cost-effective, and minimally disruptive.
Assist in the development of the security program roadmap and develop business metrics to measure the effectiveness of the security program, with a plan to increase the maturity of the program over time.
Monitor the industry and external environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
Oversee incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations, regulatory and legal matters.
Lead due diligence and post integration activities related to information security for all merger and acquisition, joint venture, and similar type activity.
Manage detection and vulnerability operations, internal and external IT audit groups reviews, and the coordination of all required fixes and technical corrective actions
Collaborate with senior leaders to enhance and strengthen an IT security risk management program. Coordinate with internal and external business partners to resolve complex and highly sensitive issues.
Serve in a leadership capacity with delegated authority in the Chief Information Security Officer’s absence, work to ensure the allocated budget is appropriate, and perform duties as assigned related to program oversight and efforts.
Why Join UsWe’ve been at the forefront of medicine since 1899. We provide superior healthcare with compassion, always mindful that each patient is a person, an individual. To accomplish this, we need employees with passion, talent and commitment… with patients and with each other. We’re in this together: working to advance medical innovation, serve the health needs of the community, and move our collective knowledge forward. If you’d like to add enriching human life to your profile, UChicago Medicine is for you. Here at the forefront, we’re doing work that really matters. Join us. Bring your passion.
UChicago Medicine is growing; discover how you can be a part of this pursuit of excellence at: UChicago Medicine Career Opportunities.
UChicago Medicine is an equal opportunity employer.
We evaluate qualified applicants without regard to race, color, ethnicity, ancestry, sex, sexual orientation, gender identity, marital status, civil union status, parental status, religion, national origin, age, disability, veteran status and other legally protected characteristics.
Must comply with UChicago Medicine’s COVID-19 Vaccination requirement as a condition of employment. If you have already received the vaccination, you must provide proof as part of the pre-employment process. This is in addition to your compliance with the Flu Vaccination requirement as well. Medical and religious exemptions will be considered consistent with applicable law. Lastly, a pre-employment physical, drug screening, and background check are also required for all employees prior to hire.
#J-18808-Ljbffr