Chief Information Security Officer, SMPH

at  University of WisconsinMadison

JOB SUMMARY:

The University of Wisconsin-Madison School of Medicine and Public Health (SMPH) seeks an experienced data and cyber security leader to provide strategic vision and coordination for cybersecurity and data security services, facilities, and technology initiatives within the SMPH. The Chief Information Security Officer, SMPH, will be a member of the SMPH Informatics and IT leadership team and will represent the school in campus level discussions. They will report to the SMPH Associate Dean of Informatics and Information Technology.
The successful candidate will have experience working in an academic medicine setting. They will possess a leadership toolkit that enables them to nurture positive, inclusive work environments; think strategically; communicate with diverse stakeholders; develop effective partnerships; and deliver results. They will also understand the unique importance of security in supporting the research, teaching, outreach, advising, and administration mission of a public research university, including the impact of IT infrastructure on diversity, equity, inclusion, and accessibility in higher education.
NOTE: The job responsibilities listed below are generalized and align with the UW standard job description. Please note that though this language includes references to institutional responsibility, this position’s scope is within the School of Medicine and Public Health and the span of authority or responsibility is not across UW-Madison’s information security functions.

EDUCATION:

Required
Bachelor’s Degree
Computer Science or related field
Preferred
Master’s Degree
Computer Science or related field

QUALIFICATIONS:

Required Qualifications:

• At least five years experience with information security and regulatory compliance in an academic environment.
• At least five years experience managing and motivating teams.
• Demonstrated leadership in data and cyber security.
• Experience in risk management.
• Experience with HIPAA data, IRB, and human subjects’ research.
• Experience with incident management.
• Practical knowledge of common data and cyber security management frameworks.
• Experience in establishing cyber security and risk metrics.
• Strong verbal, presentation, and written communication skills.
• Highly organized, able to multi-task, and meet deadlines.
• Work successfully with different teams and co-workers.
• Demonstrated problem solving, conflict resolution, and negotiation skills.
• Excellent working knowledge of current IT risks and experience implementing cybersecurity best practices.

Preferred Qualifications:

• CISSP, CISM, GIAC, PMP or related certifications
• Experience managing teams in a matrixed environment.
• Experience with securing cloud computing environments.
• Experience with data and cyber security management in an academic medical center.
• Experience in data de-identification as it pertains to HIPAA and honest brokering.
• Experience in evaluation, procurement, and secure deployment of software and hardware.
• Proven experience in establishing Data Use/Sharing Agreements.
• Working knowledge in the 7-layer OSI model.

Develops and delivers a comprehensive information security and privacy program for the institution(s). Includes information in electronic, print, and other formats to assure that information created, acquired, or maintained by the university and its authorized users is used in accordance with its intended purpose to protect university information and its infrastructure from external or internal threats and to assure that campus complies with statutory and regulatory requirements regarding information access, security, and privacy.

• 20% Develops and implements an ongoing risk assessment program targeting enterprise information security and privacy matters. Recommends methods for vulnerability detection and remediation and oversees vulnerability testing
• 10% Coordinates the enterprise development of information security policies, standards, and procedures
• 10% Serves as the institution’s compliance officer with respect to campus, state, and federal information security policies and regulations such as FERPA, HIPAA, Gramm-Leach-Bliley, DMCA, Wisconsin Statutes, Cyber Security Policy, USA Patriot Act, PCI, and other relevant policies and regulations
• 20% Develops and implements an incident reporting and response system to address institution security incidents (breaches). Responds to alleged policy violations or complaints from external parties or internal reporting
• 10% Serves as the official campus contact for information security, privacy, and copyright infringement incidents, including relationships with law enforcement entities
• 10% Serves as the campus contact for internal and external auditors and agencies, survey requests, and other relevant parties or requests on security/privacy matters
• 10% Develops, plans, and implements long- and short-term campus security goals, projects, and initiatives
• 10% Exercises supervisory authority, including hiring, transferring, suspending, promoting, managing conduct and performance, discharging, assigning, rewarding, disciplining, and/or approving hours worked of at least 2.0 full-time equivalent (FTE) employees