Director of Information Assurance Operations

The Director of Information Assurance Operations (Director) will be responsible for progressing the overall maturity and sustainability of the Identity Assurance and Cybersecurity Operations teams of the Michigan Medicine Information Assurance department. This includes attention to key processes, investment prioritization, product management, vendor management, relationship management and operational delivery of assurance related services to ensure the Information Assurance department continues to improve as a shared service provider within Michigan Medicine. The Director will help improve the effectiveness of major information security investments and services on behalf of the Academic Medical Center Chief Information Security Officer (AMC CISO). Additionally, the Director will actively promote Information Assurance employee engagement, identify & develop talent pipelines for difficult to recruit roles, and champion leadership development at all levels within IA. As a key member of the Information Assurance leadership team, the Director will also provide support for ad hoc efforts related to the scope of that office, typically directed from Michigan Medicine operational leadership.

The Information Assurance leadership team convenes and coordinates the necessary authority, direction, and support for the development and implementation of the Information Assurance (IA) administrative, strategic, and oversight functions. This position acts in close collaboration with the Chief Information Security Officer of the regional health network, the Business Information Security Officer, the Chief Information Security Officer of the academic medical center, and the Michigan Medicine Chief Information Security Officer.

This role requires specific subject matter expertise or advanced awareness in Identity and Access Management and Cybersecurity Operations, as well as a familiarity and understanding of risk management concepts. This role will focus on operational effectiveness, delivery, prioritization, and sustainability of our teams, services, and capabilities. Backgrounds in continual service improvement, resource management, making and keeping commitments within multiple project delivery frameworks, ongoing asset management, product lifecycle, determining value on investments, and most importantly deep collaboration and negotiation skills are parts of being successful in this role in our environment.

Our Division’s Mission

We serve as a trusted partner and provide a best-in-class security program to uphold and protect the mission of Michigan Medicine.

Our Division’s Vision

We believe in cultivating a shared responsibility of security to enhance how we provide care, deliver education, and create innovation to protect the quality of healthcare.

Our Division’s Principles

• Prioritize your self-care, family-care, team-care, then the work.
• Implement balanced assurance solutions.
• Strengthen our department’s capabilities.
• Develop an assurance-minded workforce.
• Focus on practical information assurance.

Responsibilities*

Major Responsibilities of Assurance Operations:

• Cybersecurity Operations:
  • The Cybersecurity Operations Analyst Team provides detection and response capabilities for cybersecurity incidents and the subsequent coordination of cybersecurity incident response activities aligned with established University of Michigan Policies, Standards, and best practices. In addition to incident response, the team is also responsible for coordinating activities related to preservation holds and eDiscovery.
  • The Cybersecurity Operations Engineering Team creates and manages the lifecycle of cybersecurity incident detection and response tooling consumed by the Cybersecurity Operations Team. In addition, the CSOE team seeks to increase the maturity and capabilities of the CSO team through tooling automations and integrations.
  • The Cybersecurity Product Support Team’s primary focus is to provide infrastructure and lifecycle support for the tools, products, and applications used and consumed by Michigan Medicine Information Assurance teams, including being the coordinator and facilitator between IT and MM:IA vendors.
  
  
• Identity Assurance
  • The operation of a robust, highly available, and well-integrated Directory service. Supporting centralized authentication and authorization services.
  • The operation of identity meta-directory services for collecting and sharing User and group provisioning services.
  • The design and operation of Privileged Access Security tools and services used to secure accounts and devices.
  
  

Major Responsibilities of the Director include:

• Manage the function and performance of healthy teams so that team members are continually engaged and supported in maintaining strong commitment to work/life balance and career development.
• Develop sustainability plans for key functions, personnel, management, and capabilities so that our teams and our technologies are resilient from disruption and degradation.
• Develop methods for resource allocation and commitment so that teams are prioritizing and delivering appropriate higher value work on behalf of the institution and deferring lower value efforts in a reputable and transparent way.
• Coordinate, manage, and lead the problem solving related to the analysis, improvement, and delivery of key assurance operations processes.
• Support and direct the evolution of the teams towards data driven and risk informed methods.
• The principle point of coordination for significant regional and centralized requested operational improvements.
• Develop vendor management procedures with strategic operational partners.
• Counselor to the Michigan Medicine Deputy and Chief Information Security Officer in the operational delivery of capabilities as a shared service provider to Michigan Medicine and affiliates.
• Ensure parameters are established around quality and performance metrics and monitor those with analysis and trending reports.
• Point of escalation for the team, helping to remove barriers that interfere with the success of operational objective delivery.
• Closely integrate processes, technologies, and functions with infrastructure, application, and architecture teams in both the academic medical center and the broader university.
• Establish goals that drive the team to success by understanding demand, capacity, and business management.

Required Qualifications*

The Director of Information Assurance Operations must be positioned to be a visible and servant leader, capable of leading in the context of complex and strained environments and driving change across the organization. To this end, candidates for this position should have the following traits, skills, and experience:

• Bachelor’s degree
• 7 to 10 years of increasingly responsible experience in the operation and management of IT services
• Experience working in large matrixed or federated teams.
• Seasoned diplomatic skills and demonstrated experience working successfully in a decentralized organization.
• Experienced decision maker with excellent communication skills.

Desired Qualifications*

• Leadership experience in an academic medical center.
• Strong knowledge of infrastructure technology, identity management, and relevant information security solutions.
• Strong service orientation.
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)

Work Locations

You will work at one of the best learning and research institutions in the world, and you will have the ability to negotiate alternative work schedules and remote or on-site options to suit your work-life balance. Non-Michigan residents should inquire about potential employment while working remotely in a state other than Michigan.

Modes of Work

Positions that are eligible for hybrid or mobile/remote work mode are at the discretion of the hiring department. Work agreements are reviewed annually at a minimum and are subject to change at any time, and for any reason, throughout the course of employment. Learn more about the .

Additional Information

Opportunity and Benefits

Our team is focused on protecting Michigan Medicine together – shielding patients, researchers, providers, students, data, systems, and identities from cybersecurity threats. We value diverse backgrounds and experiences, and we champion our staff. We offer a robust benefits package that includes comprehensive training and career development opportunities, generous retirement savings plans, ample paid time off, and a wealth of family care support:

Diversity Statement

HITS is firmly committed to advancing inclusion, diversity, equity, accessibility, and belonging, which are core to the culture and values of Michigan Medicine. Our community supports recruiting and cultivating a diverse workforce as a reflection of our commitment to serve the diverse people of Michigan and the world. We strive to create a work culture where each team member feels respected, valued, and safe.

Background Screening

Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings. Background screenings are performed in compliance with the Fair Credit Report Act. Pre-employment drug testing applies to all selected candidates, including new or additional faculty and staff appointments, as well as transfers from other U-M campuses.

Application Deadline

Job openings are posted for a minimum of seven calendar days. The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.

U-M EEO/AA Statement

The University of Michigan is an equal opportunity/affirmative action employer.

Source ⇲