HCS CHIEF INFORMATION SECURITY OFFICERApply Now Email Job Job ID: OTH01OAO
Responsible for the overall planning, organizing, and execution of all Information Technology functions for the health system. Directs all IT operations to meet customer requirements including support and maintenance of existing application and development of new technical solutions
The Chief Information Security Officer is responsible for a comprehensive enterprise wide Information Security Program for UNC Health Care System and its affiliate hospitals and clinics. This position is a member of the ISD leadership team and works closely with leadership across the enterprise. The CISO is an advocate for the security needs across UNC Health Care system and is responsible for both the continence and development of a comprehensive security strategy to insure the assets of the Health Care system are secure. The CISO will lead both the development and delivery of a security strategy and work closely with leadership in a collaborative manor, advises leadership on security direction, and supports design and implementation of appropriate security policies to manage security risks.
Communication – Effectively communicates expectations and responsibilities to subordinates. Actively listens and addresses issues and concerns promptly. Establishes a shared vision with employees.
-Provide regular updates on the status of the Information Security Program to UNC HC executives.
-Oversee information security awareness training programs for all approved systems users.
-Coordinate information security and risk management projects with resources from the IT organization and business units.
Compliance – Ensures compliance with health system and external accrediting agency guidelines and regulations. Develops, maintains, and ensures adherence to policies and procedures related to IT security/privacy.
-Ensure continued compliance of the Information Security Program with applicable laws and regulations.
-Develop, review and approve security policies and standards.
-Conduct information security risk assessments and develop actionable plans to protect the business.
Customer Focus – Creates exceptional customer relations and maintains those relationships through continuing improvement efforts. Exhibits courtesy, cooperation, and respect towards customers.
-Establish appropriate metrics to track improvement of the UNC HC security posture.
-Oversee the dissemination of cybersecurity policies, standards, best practices and education to technical personnel with privileged access.
Leadership – Directs system-level operations, develops goals and objectives, and administers policies, procedures and processes as needed.
-Serve as the expert advisor to the UNC HC executive team on current UNC HC security posture and risks.
-Oversee security operations center activities and ensure prevention and detection mechanisms and practices remain current with cyber threats.
-Manage major incident containment, investigation, communication and reporting activities.
-Review and update security team member roles and responsibilities.
-Provide training and mentoring to security team members.
-Establish goals, objectives, priorities and performance expectations for the Information Security Office, security teams and security team members.
-Monitor progress, and coach and adjust as necessary.
-Recruit, evaluate, select and hire strong candidates for open information security positions.
Strategic Planning & Financial Awareness – Aligns system-level objectives with organizational strategic plans. Develops operating budget and capital requests. Monitors financial performance and adjusts resources to maximize profitability while maintaining exceptional quality and service.
-Continuously monitor and assess the effectiveness of the UNC HC enterprise Information Security Program, and initiate, develop, and implement tactical and strategic changes in response to changes to UNC HC strategies, operations and the information security threat landscape.
-Oversee the overall security architecture, strategy, and necessary budget.
-Oversee cyber incident response planning.
-Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
Technical Support Administration – Consults and provides technical support on technical aspects of contracts. Oversees project budgets once established and implements projects in accordance with established project plan.
-Conduct research and provide updates on industry trends, standards and practices.
-Create, communicate and implement a risk-based process for vendor risk management.
-Maintain a current understanding of the Cyber threat landscape.
-Constantly update the cybersecurity defense technologies to leverage new technology and threat information.
Bachelor's degree in Computer Science, Information Systems Management or related field (or equivalent combination of education, training and experience). If a Bachelor's degree: Eight (8) years of related experience and five (5) years of progressive management experience. If an Associate's degree: Twelve (12) years of related experience and five (5) years of progressive management experience. If a High School diploma or GED: Sixteen (16) years of related experience and five (5) years of progressive management experience. Licensure/Certification Requirements
-One or more of the following professional certifications: CCISO, CISSP, CISM, CGEIT, SANS/GIAC preferred
-Previous CIO, CTO or CISO experience in health care industry.
-Experienced IT project manager.
-Quantitative Risk Assessment experience.
Knowledge, Skills, and Abilities Requirements
Understands and applies principles, procedures, requirements, regulations, and policies related to specialized expertise:
-Technical knowledge of different types of networking, applications and operating systems.
-HIPAA and PCI DSS regulatory compliance knowledge.
-Strong leadership and persuasion skills.
-Strong attention to detail.
-Excellent interpersonal skills and professional demeanor.
-Excellent verbal and written communication skills.
Bachelor's degree in Computer Science, Information Systems Management or related field (or equivalent combination of education, training and experience).
If a Bachelor's degree: Eight (8) years of related experience and five (5) years of progressive management experience.
If an Associate's degree: Twelve (12) years of related experience and five (5) years of progressive management experience.
If a High School diploma or GED: Sixteen (16) years of related experience and five (5) years of progressive management experience.
Primary Location: Morrisville, North Carolina, United States
Department: SHRD-71100-IT ADMINISTRATION
Shift: Day Job