Chief Information Security Officer, SMPH

$170,000 - $170,000/Yr

University of Wisconsin System - Madison, WI

posted 5 months ago

Full-time - Senior
Hybrid - Madison, WI
Educational Services

About the position

The University of Wisconsin-Madison School of Medicine and Public Health (SMPH) is seeking a Chief Information Security Officer (CISO) to lead and coordinate cybersecurity and data security initiatives within the institution. This role is pivotal in ensuring the security of information and technology services that support the university's mission in research, teaching, outreach, and administration. The CISO will be part of the SMPH Informatics and IT leadership team and will represent the school in discussions at the campus level. Reporting directly to the SMPH Associate Dean of Informatics and Information Technology, the CISO will be responsible for developing a comprehensive information security and privacy program that aligns with statutory and regulatory requirements, ensuring that all information created, acquired, or maintained by the university is used appropriately and securely. The successful candidate will possess a robust leadership toolkit that fosters positive and inclusive work environments, strategic thinking, and effective communication with diverse stakeholders. They will be expected to develop partnerships that enhance the university's cybersecurity posture and deliver measurable results. The CISO will also need to understand the critical role of security in supporting the university's mission, particularly in relation to diversity, equity, inclusion, and accessibility in higher education. This position requires a proactive approach to risk management, incident response, and compliance with various information security policies and regulations, including FERPA, HIPAA, and others relevant to the academic environment.

Responsibilities

  • Develops and delivers a comprehensive information security and privacy program for the institution(s).
  • Develops and implements an ongoing risk assessment program targeting enterprise information security and privacy matters.
  • Coordinates the enterprise development of information security policies, standards, and procedures.
  • Serves as the institution's compliance officer with respect to campus, state, and federal information security policies and regulations.
  • Develops and implements an incident reporting and response system to address institution security incidents (breaches).
  • Serves as the official campus contact for information security, privacy, and copyright infringement incidents.
  • Serves as the campus contact for internal and external auditors and agencies, survey requests, and other relevant parties or requests on security/privacy matters.
  • Develops, plans, and implements long- and short-term campus security goals, projects, and initiatives.
  • Exercises supervisory authority, including hiring, transferring, suspending, promoting, managing conduct and performance, discharging, assigning, rewarding, disciplining, and/or approving hours worked of at least 2.0 full-time equivalent (FTE) employees.

Requirements

  • Bachelor's Degree in Computer Science or related field (required).
  • At least five years experience with information security and regulatory compliance.
  • At least five years experience managing and motivating teams.
  • Demonstrated leadership in data and cyber security.
  • Experience in risk management.
  • Experience with incident management.
  • Practical knowledge of common cyber security management frameworks.
  • Experience in establishing cyber security and risk metrics.
  • Strong verbal, presentation, and written communication skills.
  • Highly organized, able to multi-task, and meet deadlines.
  • Work successfully with different teams and co-workers.
  • Demonstrated problem solving, conflict resolution, and negotiation skills.
  • Excellent working knowledge of current IT risks and experience implementing cybersecurity best practices.

Nice-to-haves

  • Master's Degree in Computer Science or related field (preferred).
  • Experience with information security and regulatory compliance in an academic environment.
  • CISSP, CISM, GIAC, PMP or related certifications.
  • Experience with HIPAA data, IRB, and human subjects' research.
  • Experience managing teams in a matrixed environment.
  • Experience with securing cloud computing environments.
  • Experience with data and cyber security management in an academic medical center.
  • Experience in data de-identification as it pertains to HIPAA and honest brokering.
  • Experience in evaluation, procurement, and secure deployment of software and hardware.
  • Proven experience in establishing Data Use/Sharing Agreements.
  • Working knowledge in the 7-layer OSI model.

Benefits

  • Generous vacation, holidays, and sick leave.
  • Competitive insurances and savings accounts.
  • Retirement benefits.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service