Medical University of South Carolina Chief Information Security Officer (CISO) in Charleston, South Carolina
Job Summary: The senior executive who bears responsibility to provide leadership over all information security/cyber capabilities supporting MUSC's academic, research, and healthcare missions. Delivers end to end solutions that preserve the confidentiality, availability and integrity of MUSC's digital assets to include technology systems, patient information, intellectual property information, student information and employee information. Working closely with Risk Management, Compliance, HR, Internal Audit, General Council and Information Solutions senior leaders, implements a comprehensive information security program across the MUSC enterprise and affiliates. Sets technical direction and promotes professional development of information security competencies.
Payscale Salary Range: UNIV-Band 0: Commensurate with experience.
20% - Leadership: Member of MUSC CIOs senior leader team responsible for developing overall strategy, setting the vision, and the governance of all Information Solutions functions. Develop productive relationships with business leaders across the enterprise to ensure services and support are meeting expected levels of service, quality, and performance. Provides leadership, coaching and direction to the leadership team and staff. Collaborates with executive leadership and business partners to define and execute the information security strategy. Participates in and contributes to the assessment of external opportunities and threats, and internal technology capabilities required to achieve desired competitive positioning. Develops and controls annual operating and capital expenditure budget to ensure it is consistent with overall strategic objectives of the enterprise. - (Essential)
30% - Information Security Capabities: Be the executive with authority, responsibility and accountability to exploit the value of information security technologies to business outcomes. Ensure all critical clinical, business, academic, and research systems are protected and business needs are being managed and addressed consistent with expected service level, quality, and performance. Demonstrate proven expertise and end-user interaction to understand and document business and functional requirements for complex projects and manage technical teams across the full technology life cycles. Able to be flexible, decision oriented, and motivated to establish support from executive leaders. Own Executive level communication and interaction including consulting, understanding and translating business needs into achievable, sustainable and innovative technical solutions and capability roadmaps. - (Essential)
20% - Strategy: Provide the information security strategy to support the academic, research, and health care missions of MUSC. Use thought leadership in applying methodologies, setting technical direction, and promoting professional development for team members Coordinate strategy, architecture, roadmap, budget, and execution of information security systems and services. Develop and sustain existing architecture and technology while growing utilization of current platforms to meet the business need. Expand, enhance, and optimize, utilization of information security capabilities and develop key strategic relationships with risk management, legal, and compliance executives. Directly support implementation of system enhancements, upgrades, updates, patches, and fixes to assure optimal system performance, data integrity, and reliability. - (Essential)
15% - Advocacy: The primary advocate for the implementation and support of information security controls across MUSC. Responsible for the development and monument of an information security education program. Work with IS and MUSC stakeholders to develop and maintain curriculum around the appropriate use and protection of MUSC information assets. Identify, monitor, and report on overall MUSC information security IQ and adoption. - (Essential)
15% - Risk Management: In partnership with IS senior leaders, growth & affiliations, risk management, and compliance, directs the risk assessment and risk management process for the evaluation of new and existing technology services. This includes software packages, hosted software solutions, medical devices and other equipment that may attach to MUSC's network(s) or interface with MUSC information Services. - (Essential)
Preferred Experience & Additional Skills: Experience in project management, strategic planning, budgeting, vendor relations, quality and continual service improvement strongly preferred. ITIL/TOGAF certification preferred. MUSC ITIL foundations certification required within 6 months of employment. Excellent research, analytical and problem-solving skills. Strong technical writing and oral communications skill.
Certified Information Systems Auditor, Manager (CISA/CISM, SANS GIAC, AHIMA Certified in Healthcare Privacy & Security (CHPS).
Minimum Experience and Training Requirements: Master degree in information technology, business administration, cyber security or related field with at least seven (7) years of experience in managing enterprise level information security capabilities including analysis and evaluation of security programs, policies, and operational needs. In lieu of master degree, at least ten (10) years of deep experience with a large/complex organization in at least two of the following areas: Applications Development, IT Architecture, Data Management, Network Administration, Project Management, IT Security/Compliance, or Systems Administration. Healthcare and/or academic experience strongly preferred. Experience working directly with state or federal government regulators highly desired.
Additional Knowledge, Skills, and Abilities Preferred: Ability to use and execute collaborative and team building skills. High level of integrity and accountability. Experience prioritizing and managing multiple, simultaneous information security related initiatives and responses. High degree of initiative, showing a commitment to execution and results orientation; visionary; goals oriented.
Physical Requirements: Ability to perform job functions in an upright position. (Frequent) Ability to perform job functions in a seated position. (Frequent) Ability to perform job functions while walking/mobile. (Frequent) Ability to work indoors. (Continuous) Ability to work outdoors in all weather and temperature extremes. (Infrequent) Ability to work in confined/cramped spaces. (Infrequent) Ability to perform job functions from kneeling positions. (Infrequent) Ability to squat and perform job functions. (Infrequent) Ability to perform 'pinching' operations. (Infrequent) Ability to fully use both hands/arms. (Frequent) Ability to perform repetitive motions with hands/wrists/elbows and shoulders. (Frequent) Ability to reach in all directions. (Frequent) Possess good finger dexterity. (Continuous) Ability to maintain tactile sensory functions. (Continuous) Ability to lift and carry 15 lbs., unassisted. (Infrequent) Ability to lift objects, up to 15 lbs., from floor level to height of 36 inches, unassisted. (Infrequent) Ability to lower objects, up to 15 lbs., from height of 36 inches to floor level, unassisted. (Infrequent) Ability to push/pull objects, up to 15 lbs., unassisted. (Infrequent) Ability to maintain 20/20 vision, corrected. (Continuous) Ability to see and recognize objects close at hand. (Frequent) Ability to see and recognize objects at a distance. (Frequent) Ability to determine distance/relationship between objects; depth perception. (Continuous) Good peripheral vision capabilities. (Continuous) Ability to maintain hearing acuity, with correction. (Continuous) Ability to perform gross motor functions with frequent fine motor movements. (Frequent)