Executive Director

Join a world-class academic healthcare system,UChicago Medicine, as theExecutive Director, Chief Information Security Officer (CISO)responsible for directing the strategies of the UCM IT identity and access management team.

The Chief Information Security Officer is responsible for the development, delivery and administration of an organizational information security program and corresponding functions that include strategy, tactics, standards and systems. This position requires a high level of knowledge in the areas of risk assessment, network and system security, security implementation, and changing the culture of the institution through training and education. The position reports to the Senior Vice President, Chief Information Officer, but recognizing the enterprise-wide nature of the responsibility, the CISO will frequently be involved with policy development and systems security analysis throughout UCM. The CISO will lead the continued implementation and optimization of UCM's security strategies and capabilities.

Who you are:

A transformative leader striving to improve the enterprise system's security with:

• Bachelor of Science in related field such as Computer Science, Information Science and Security.
• Certification of two or more of the following: CISSO, CISM, CHP, CGEIT, CSCS, CISSP, ISSAP.
• Minimum of 10 years of progressively responsible and directly related work experience with leadership experience in an information security management role with increasing levels of responsibility.
• 2+ years of CISO experience at an AMC, Large Hospital or Health System where you have defined strategic goals, established policy, and implemented a multi-year strategic program.
• In-depth knowledge of HIPAA Privacy and Security regulations an absolute must.
• Previous experience with SalePoint to effectively guide effective business solutions.
• Experience with advising and effectively guiding senior management as to information security matters and demonstrated skill successfully working in a matrixed organization. Proven ability to build effective relationships across all levels of the enterprise with a solid reputation as an individual who can provide sound leadership and build effective teams to maximize success.
• Substantial experience with business system continuity and Disaster Recovery planning, knowledgeable in data auditing processes and methods, cyber-security principles such as CIA (confidentiality, integrity & availability), encryption (including symmetric and asymmetric keys), digital signatures, ports, protocols & services, policies, procedures, physical security, risk management, configuration management, ethics, access control, security architecture, continuity of operations, contingency planning, disaster recovery, application security, and cyber-security rules, laws, and regulations.
• Track record of developing tools at penetration level to stop the spread of a potential cyber-attack.

• Technical experience and skills to interact, define, drive and audit technical implementations of security systems or security needs around infrastructure systems.
• Experience and knowledge in the implementation of CMDB for security.
• Knowledge and ability to direct a team in integrating informational technology services with the work requirements and deliverables of units and departments.

• Skilled in project management and work plan development and implementation. Must have the ability to carry out position with a high degree of discretion, customer service, communication, teamwork, and timeliness.
• Previous experience delivering Board-level presentations highly desirable.
• Hands-on experience implementing security tech to support policy.

What you'll gain as an Executive Director, Chief Information Security Officer:

• The opportunity to apply regulatory and contractual requirements and use compliance-based processes and analytics to ensure the protection and confidentiality of data and other information assets across the health system.
• Collaborate with the Chief Privacy Officer, Chief Compliance Officer, general counsel, and other CISOs across the University of Chicago system including the university and biological sciences division to evaluate organization conformance with applicable information security laws and regulations, contractual terms, and agreements.
• Opportunity to provide support, consulting, and compliance assurance to numerous governance forums.
• Positioned to be a visible and transformative leader, capable of directing assurance projects and driving cultural change across the enterprise.

What you'll do as an Executive Director, Chief Information Security Officer:

• Develop, implement, and maintain an organizational information security program, developing an annually revised corresponding strategic plan and goals.
• Direct the strategies of the UCM IT identity and access management team, including the deployment of identity and access management platforms and solutions across the health system.
• Collaborate with peer stakeholders to enhance and strengthen an IT security risk management program which identifies and reduces risks on an ongoing basis by, aligning and prioritizing information security activities to mitigate business risk priorities. Reports quarterly to the Board of Trustees Audit Committee on the UCM Enterprise Risk Management progress.
• Coordinate and support external and internal audits and assessments of UMC IT security, including reviews performed by UCM's Internal and External Auditors, and collaborate with UMC IT leaders responsible for disaster recovery and continuity planning to ensure security requirements are accounted for.
• Ensure organizational compliance in accordance with information security policies, standards, procedures; responsible for the exception process, authorizes and documents all exceptions, and maintains a repository of all exceptions.
• Collaborate with the UCM IT operational units & leaders to define the appropriate information assurance technical measures required to secure the UCM network, endpoints, applications, and data.
• Ensure that a visible and effective Incident Response Policy and Procedure is in effect for timely enforcement, tracking and reporting.
• Maintain knowledge of security-related regulatory requirements and laws (e.g., HIPAA, HITECH, PCI, 405(d , standards (NIST, COBIT, ISO etc.) affecting healthcare privacy and security assurance, and communicates throughout the organization to increase awareness and ensure that compliance is achieved where required.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Responsible for conducting training and communications plans and programs which includes security awareness, security training, security training compliance, security reminders, and new hire security orientation.

We've been at the forefront of medicine since 1899. We provide superior healthcare with compassion, always mindful that each patient is a person, an individual. To accomplish this, we need employees with passion, talent and commitment with patients and with each other. We're in this together: working to advance medical innovation, serve the health needs of the community, and move our collective knowledge forward. If you'd like to add enriching human life to your profile, The University of Chicago Medicine is for you. Here at the forefront, we're doing work that really matters. Join us. Bring your passion.

Bring your career to the next level at a hospital that is thriving; from patient satisfaction to employee engagement, we are at the Forefront of Medicine. Take advantage of all we have to offer and .

University of Chicago Medicine is growing; discover how you can be a part of this pursuit of excellence at:

The University of Chicago Medical Center is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, ethnicity, ancestry, sex, sexual orientation, gender identity, marital status, civil union status, parental status, religion, national origin, age, disability, veteran status and other legally protected characteristics.