The UNC School of Medicine Chief Information Security Officer (CISO) is responsible for information security policy and the coordination of information security efforts across the School of Medicine, which consists of 9,000+ faculty and staff across approximately 50 departments. The Director will develop the process to build a school-wide information security strategy and vision with a goal of ensuring the security and integrity of all data within the SOM's purview, including student, employee, patient, and research data, and to ensure that robust security measures are in place to mitigate risk. The CISO will lead a team of information security professionals and will oversee security risk assessment efforts. The CISO will be responsible for developing and overseeing a security remediation program for the SOM, and advising and collaborating with departments on security processes, business continuity and disaster recovery plans. This position requires an innovative strategic thinker with an open and collaborative style of leadership and management that fosters teamwork, sustains a learning environment for staff, and develops a healthy and deliberate culture in a service organization that engenders trust from the School of Medicine community. The incumbent will collaborate with security and privacy officers from the UNC campus and the UNC Health Care System to ensure compatibility with programs across those organizations. SOM policies must be taken into consideration alongside UNC Health Care as both environments work in tandem, and this role will collaborate with its counterpart in UNC Health Care to ensure that policies and processes are not impeding abilities to collaborate between the two entities. Additional responsibilities include assuring the SOM complies with university, state, and federal statutory and regulatory requirements regarding information access, security and privacy. This position reports to the School of Medicine Associate Dean of IT & CIO. Six years of progressive experience in the field of Information Technology. Given the nature of the position, incumbents must have demonstrated experience in a supervisory role. Incumbents must possess a minimum of Certified Information Systems Security Professional (CISSP) certification, or equivalent combination of acceptable certifications in lieu of CISSP; additional certifications above this minimum are highly desirable. Incumbents must be proficient with HIPAA Privacy and Security rules and regulations, possess working knowledge and experience in the policy and regulatory environment of information security, especially as it relates to medical education. Incumbents must have experience and/or proficiency with computer forensic tools and procedures. Incumbents must be able to work in a team/collaborative environment with a broad range of constituents. Incumbents must have excellent written and oral communication skills. Demonstrated experience leading and managing a large organization of technical staff through subordinate managers. Demonstrated experience leading large, complex projects or programs. Demonstrated ability to work and communicate effectively with others. Expertise with clinical data from common EMR platforms (Epic preferred). Experience with HIPAA and other Federal and State regulations relating to research data usage. Outstanding communication, writing, and interpersonal abilities, including skills such as attitude, diplomacy, collaboration, persuasiveness, and analytical ability. Must be able to serve as a bridge between the research organization and technical staff, and provide clear and concise communications across the organization and at varying levels. Self-driven and excellent planning and execution skills with a proven ability to establish and meet impactful goals and objectives. Preferred: 10+ years of experience in health and research informatics. 5+ years of experience in a senior information security position. 5+ years of experience in health and biomedical research leadership
Bachelor's degree in Computer Science, Information Technology, Telecommunications, or a closely related field. Master's degree or higher preferred.
The University Of North Carolina