Scheduled Hours
40
Position Summary
The Associate CISO supports the AVC and University Chief Information Security Officer through the creation and maintenance of information security policy, leading cyber risk assessments, operating an effective information security program and overseeing a team of security professionals who together, maintain effective relationships with key stakeholders across the university. This role will provide leadership to maintain a comprehensive Information Security program for the clinical operations of the School of Medicine, the Brown School (social work), and the Habif Health and Wellness Center, and partner with the HIPAA Privacy Officer and Office of General Counsel to support compliance and further manage organizational risks. This role requires a proven leader, capable of working in a fast-paced, regulated, matrixed environment across multiple departments and disciplines and with the ability to create strong partnerships across university clinical, administrative, and academic units, and within WashU IT. The Associate CISO is a key member of the Information Security team with leadership responsibility for information security for the university’s clinical operations. This position is responsible for coordinating provision of all aspects of Information Security to clinical practices including policy, compliance, audit, outreach, education and training, architecture, solutions, incident response, and vulnerability management. The position is a key collaborator and trusted advisor to University Information Technology leadership across the enterprise and will report to the Chief Information Security Officer, with dotted-line responsibility to the Deputy CIO for Clinical, Research, and Medical Education Technologies.
Job Description
Primary Duties & Responsibilities
Clinical Policy, Compliance and Security Engagement and Leadership
- Provide critical leadership, support and guidance to clinical initiatives that require technology and compliance with HIPAA, FDA, and other regulations.
- Collaborate with clinical sponsors and leadership to define and direct security assessments, requirements, reviews, and remediation recommendations.
- Define the strategy for technology related regulatory compliance impacting the clinical practice at the School of Medicine.
- Monitor and report the changes in regulatory requirements impacting School of Medicine and refine strategies to address these changes. Keep University Chief Information Security Officer and other key stakeholders fully appraised of all changes and directions.
- Working within the WashU IT communication strategy and framework, define and lead education and communication practices for the Clinical Community and IT on the overall approach and required action to be compliant to these technology-related regulations.
Outreach, Education and Training
- Work closely with senior IT leaders, technical experts, clinical chairs and administrative leaders across the School of Medicine to provide them with an in-depth understanding of the wide variety of clinical-related security issues, and their required responsibilities.
- Create and deliver education and awareness programs, which inform and advise faculty and staff at the School of Medicine and department on security issues, best practices, and vulnerabilities.
- Work with University-wide IT staff on an ongoing basis to build and maintain awareness and understanding of their responsibilities pertaining to information security.
Program Oversight
- Coordinate with University project managers and information security management teams to assess current project timelines that have tasks that impact information security resources.
- Oversee, and track all information technology and security-related audits including scope of audits, departments and units involved, timelines, auditing agencies and outcomes.
- Lead the team that responds to third-party audits of clinical information security, mobilizing necessary Security and other IT professionals from across the University.
- Monitor and report the overall resource constraints and task due dates to provide leadership a dashboard of information security utilization and involvement in the University.
Manage a Team of Information Security Professionals
- Manage a team within the University Office of Information Security. This includes hiring, training, staff development, performance management and annual performance reviews.
- Provide leadership and exert influence without formal authority to determine and achieve goals.
- Develop the information security organization’s talent, engaging and managing third-parties as needed to ensure the required capabilities are available either internally or externally.
- Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
Perform other duties as assigned.
Preferred Qualifications
- An advanced degree, such as a Masters in Information Technology or Security.
- Demonstrated effectiveness advising senior management on information security strategy, risk posture, policy and governance.
- Ability to develop and maintain highly effective, collaborative and consultative relationships as a leader and trusted advisor.
- Experience in attaining operational success managing security functions in complex settings that include academic, research, medical education and patient care activities.
- Demonstrated ability to successfully communicate information security-related concepts to technical and non-technical university stakeholders.
- Ability to successfully work and effectively prioritize operations and demands in a highly dynamic work environment.
- Demonstrated ability to innovate, think strategically and to lead through influence and negotiation.
- Excellent problem solving and analytical skills in complex, new, or evolving situations.
Required Qualifications
- BA or BS in Computer Science, Information Management, or related field, or equivalent experience.
- Ten or more years of experience in information technology, with a solid knowledge of information security issues and technologies. This includes a deep understanding of information security policy, compliance, audit, data privacy laws and accepted industry practices.
- Experience designing and delivering comprehensive outreach programs pertaining to information security.
- Experience working with IT security guidelines and requirements outlined or as driven by HIPAA, PCI-DSS, NIST, etc.
Grade
G18
Salary Range
$127,300.00 - $223,900.00 / Annually
Accommodation
If you are unable to use our online application system and would like an accommodation, please email CandidateQuestions@wustl.edu or call the dedicated accommodation inquiry number at 314-935-1149 and leave a voicemail with the nature of your request.
Pre-Employment Screening
All external candidates receiving an offer for employment will be required to submit to pre-employment screening for this position. The screenings will include criminal background check and, as applicable for the position, other background checks, drug screen, an employment and education or licensure/certification verification, physical examination, certain vaccinations and/or governmental registry checks. All offers are contingent upon successful completion of required screening.
Benefits Statement
Personal
- Up to 22 days of vacation, 10 recognized holidays, and sick time.
- Competitive health insurance packages with priority appointments and lower copays/coinsurance.
- Want to Live Near Your Work and/or improve your commute? Take advantage of our free Metro transit U-Pass for eligible employees. We also offer a forgivable home loan of up to $12,500 for closing costs and a down payment for homes in eligible neighborhoods.
- WashU provides eligible employees with a defined contribution (403(b)) Retirement Savings Plan, which combines employee contributions and university contributions starting at 7%.
Wellness
- Wellness challenges, annual health screenings, mental health resources, mindfulness programs and courses, employee assistance program (EAP), financial resources, access to dietitians, and more!
Family
- We offer 4 weeks of caregiver leave to bond with your new child. Family care resources are also available for your continued childcare needs. Need adult care? We’ve got you covered.
- WashU covers the cost of tuition for you and your family, including dependent undergraduate-level college tuition up to 100% at WashU and 40% elsewhere after seven years with us.
For policies, detailed benefits, and eligibility, please visit: https://hr.wustl.edu/benefits/
EEO/AA Statement
Washington University in St. Louis is committed to the principles and practices of equal employment opportunity and especially encourages applications by those from underrepresented groups. It is the University’s policy to provide equal opportunity and access to persons in all job titles without regard to race, ethnicity, color, national origin, age, religion, sex, sexual orientation, gender identity or expression, disability, protected veteran status, or genetic information.
Diversity Statement
Washington University is dedicated to building a diverse community of individuals who are committed to contributing to an inclusive environment – fostering respect for all and welcoming individuals from diverse backgrounds, experiences and perspectives. Individuals with a commitment to these values are encouraged to apply.