Associate CISO & HIPAA Security Officer, IT - Information Security
Job no: 494598
Work type: Staff
Categories: Information Technology, Full Time
Pay Grade: 33S
Context of the Job:
The IT Information Security unit assesses risks to University information assets and works closely with a broad range of University constituencies to implement appropriate administrative, technical, and physical controls to comply with laws, regulations, funding agency requirements and security policies. The office develops, implements, and maintains a comprehensive information security program and establishes policies, procedures, training, and awareness initiatives designed to protect University information resources, limit liability, and prevent legal and regulatory violations. In addition, the office defines, promotes, and enforces policies and standards to manage risks throughout the digital identity lifecycle, including user identification and authentication, user privileges and account management, in accordance with laws, regulations and contractual obligations.
Under limited direction from the Chief Information Security Officer, the Associate Chief Information Security Officer & HIPAA Security Officer is charged with providing strategic direction and setting priorities for University of Delaware PHI (Protected Health Information) cybersecurity efforts. The Associate CISO & HIPAA Security Officer works collaboratively with technical, non-technical and clinical colleagues to protect information assets and provide relevant services to the University health care components. The incumbent approaches information security in a holistic, risk-based manner, giving priority to efforts with the greatest impact across the University. The incumbent is responsible for leading the development, implementation, and maintenance of cybersecurity strategy for University of Delaware health care components, and will also work closely with the CISO in support of the overarching Information Security Program.
The Associate CISO & HIPAA Security Officer will serve as the lead for the health care component Information Security Program initiatives and oversight, and take the lead in developing and implementing a risk management framework, with an emphasis on PHI data security.
- Serve as the University’s designated HIPAA Security Officer.
- Provide vision and strategic direction in the areas within this position's portfolio.
- Participate in strategic planning and development of annual goals and objectives for the Information Security Program, with special attention to providing leadership for those related to the areas within this position's portfolio.
- Ensure delivery of a suite of highly aligned services including superior customer experience and support for external and internal customers
Information Security and Cybersecurity Oversight:
- Determine, formulate and administer information security policies and procedures to mitigate risks and ensure the security and privacy of the health care components’ data assets.
- Ensure compliance with University policy; federal and state requirements such as HIPAA.
- Lead the development, implementation, and maintenance of elements associated with the University's formal campus-wide information security program to protect University of Delaware health care component information assets.
- Coordinate responses to cybersecurity incidents and data breaches for health care components.
- Work closely with other university offices on matters involving confidential/sensitive data.
- Serve as a liaison to federal, state, local, and professional organizations for information security/cybersecurity matters.
- Collaborate with all members of the Information Security team and IT staff across campus to develop procedures, standards, processes and communication paths to forward security work and the work of the broader division and to achieve information security goals without duplicating efforts.
- Establish a repeatable method for measuring and communicating risk to senior leadership, and effectively communicate that risk to the appropriate risk owners.
- Identify risks to sensitive data, and establish methods for mitigation and reduction of risk-items that are deemed unacceptable.
- Identify applicable administrative and technical controls.
- Serve as an advisor to the institution regarding cybersecurity practices and controls.
Outreach and Professional Development
- Participate, as appropriate, in internal and external professional activities, such as an author, committee member, search chair, meeting or conference presenter, staying abreast of emerging developments within the field, and educating the SBM community.
- Represent the University on a local, regional, and national level and provides leadership in national collaborative efforts with other institutions and agencies.
- Evaluate employee performance and provide guidance and feedback.
- Develop and implement appropriate professional development and training programs for direct reports.
- Empower and lead team to achieve objectives. Communicate management decisions to staff, and staff concerns to management.
- Measures the success of program efforts and makes adjustments when appropriate.
- Establish and maintain appropriate working relationships with colleagues and users and propagates and follows University policies and procedures governing IT efforts. Participates in IT and University-wide planning and governance as appropriate by participating in committees and task forces and forming partnerships with colleagues on campus.
- Other duties or projects as assigned as appropriate to rank and department mission.
- Bachelor's degree with seven years of full-time, increasingly complex information security/cybersecurity experience, or equivalent combination of education and experience.
- One or more active cybersecurity certifications (e.g. CISSP, CISM, HCISPP, GSEC, etc.).
- Information security/cyber security experience in a healthcare organization, or a complex, distributed Higher Education/Academic environment is preferred.
- Experience evaluating and managing cyber risk, and working within industry-standard frameworks (e.g. NIST Cybersecurity Framework, CIS Top 20, NIST 800-XX, etc.).
- Experience working, collaborating, and establishing credibility and relationships with senior leadership, colleagues and customers.
- Experience successfully building consensus among a large number of diverse colleagues, senior leadership and outside agencies to address and resolve issues.
- Strategic and analytical thinking skills with an ability to solve problems and make effective decisions.
- Experience developing information security policy is preferred.
- Experience presenting information security/cybersecurity information and concepts is preferred.
- Experience mentoring information technology professionals.
- Excellent interpersonal and customer service skills
- Strong organizational skills with an exceptional attention to detail.
- Ability to work independently as well as part of a team with a collaborative approach to problem solving.
Applications close: Eastern Standard Time
Back to search results Apply now Refer a friend