Washington University is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity or expression, national origin, genetic information, disability, or protected veteran status.
This position is full-time and works approximately 40 hours per week.
Department Name/Job Location:
This position is in the Department of Information Technology Support Services. This position is for the Medical School Campus.
Reporting to the Washington University School of Medicine (WUSM) CIO, the WUSM Chief Information Security Officer (CISO) is responsible for developing, executing, and continuously improving the information security strategy for WUSM. This role will establish and maintain WUSM’s information security vision and programming including policy creation, education, training, risk assessment and security incident response to ensure WUSM’s information assets and technologies are adequately protected. The WUSM CISO will direct information security operations and drive architecture directions to mitigate emerging threats, strengthen detection and prevention of vulnerabilities, and proactively plan for cyber-attacks. This role will also provide leadership to maintain a comprehensive Information Security program in partnership with the HIPAA and Privacy Officer to support compliance and further manage organizational risks. This role requires a proven leader, capable of working in a fast-paced, regulated, matrixed environment across multiple departments and disciplines and with the ability to create strong partnerships across WUSM administrative units and departments.
PRIMARY DUTIES AND RESPONSIBILITIES:
Direct the WUSM information security strategy, and select, staff, and lead an information security team to establish and maintain a comprehensive Information Security and Data Privacy program, in partnership with the HIPAA Privacy Officer, to ensure compliance and management of organizational risks.
Develop and oversee WUSM information security programs, strategy, and services across WUSM departments:
Manage cybersecurity threats for WUSM to protect WUSM’s digital assets.
Guide the information security strategy & architecture decisions.
Creation of information security policy, procedures, & program services.
Design of information security awareness & training programming.
Deliver and monitor information security metrics and associated reporting.
Partnership, business interactions, and executive communications include, but are not limited to:
Close alignment with the HIPAA Privacy Officer.
Report risks to WUSM Executive Leadership.
Present program maturity & strategy communications to Audit Committee & WUSM FPP Board.
Coordinate WUSM vulnerability and penetration testing services, to include:
Coordinate with General Counsel on subpoenas and other legal items, as appropriate.
Perform other duties as assigned.
Bachelor’s degree in information security, engineering, telecommunications, computer science, or a field closely related.
Ten years of experience in the field of information security, including five years in a senior-level leadership role.
CHPS or CISM certifications.
Healthcare experience as a CISO.
Demonstrated track record in information security, including demonstrated skills in guiding and assisting organizations in implementing appropriate Information Security products and practices.
Demonstrated experience building credibility with organization management and comfortable interacting at Executive and Board level.
Strong leadership skills and the ability to be effective in a decentralized environment.
Ability to interact effectively with senior management, CIOs and their direct reports.
Developed network of security providers, contacts, and knowledge of differing policies procedures and regulations in multiple arenas.
Business-based attitude, i.e., the recognition that no policies can be implemented without demonstrable business benefit.
Experience demonstrating a high-level of expertise in information security and a wide exposure to all aspects of information technology in a large, high transaction healthcare environment, including an educational healthcare setting.
Ability to provide WUSM CIO with Information Security Strategy through a risk management methodology.
Ability to demonstrate successful experience in project leadership for information security initiatives.
Ability to set strategy and approve goals and objectives consistent with WUSM strategic plan.
Ability to maintain relationships with local, state and federal law enforcement and other related government agencies.
Strong communication skills.
Ability to establish peer knowledge sharing relationships.
Ability to oversee the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
Ability to work with outside consultants as appropriate for independent security audits.
Consensus-builder, while still results-oriented and commitment-focused.
Articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff.
Experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.
Proactive and confident. The successful candidate is highly approachable, accessible and responsive (virtually and in-person).
Possess strong healthcare knowledge and understanding of healthcare requirements, such as HIPAA.
Base pay commensurate with experience.
All external candidates receiving an offer for employment will be required to submit to pre-employment screening for this position. Current employees applying for a new position within the university may be subject to this requirement. The screenings will include a criminal background check and, as applicable for the position, other background checks, drug screen, employment and education or licensure/certification verification, physical examination, certain vaccinations and/or governmental registry checks. All offers are contingent upon successful completion of required screening.
Please attach a copy of your most current signed performance evaluation (completed within the last 18 months) to your online account. If you have not received a performance evaluation, you may provide two current signed letters of recommendation (written within the last 18 months), preferably to include one letter from either a current or recent former supervisor. To attach these documents, go to: My Career Tools, Add Attachment, Attachment Type – Performance Reviews or Letters of Recommendation.
Applicant Special Instructions:
The individual must be available to respond to incidents after normal hours and is required to travel between campuses as needed.
Washington University in St. Louis, a medium-sized, independent university, is dedicated to challenging its faculty and students alike to seek new knowledge and greater understanding of an ever-changing, multicultural world. The University offers more than 90 programs and almost 1,500 courses leading to bachelor's, master's and doctoral degrees in a broad spectrum of traditional and interdisciplinary fields, with additional opportunities for minor concentrations and individualized programs. The faculty is composed of scholars, scientists, artists and members of the learned professions. They serve society by teaching; by adding to the store of human art, creativity, understanding, and wisdom; and by providing direct services, such as health care.