Chief Information Security Officer – University of Michigan Academic Medical Center

Applicants should provide a cover letter specifically and concisely outlining their experiences as relevant to the listed role requirements without exceeding an overall submission of 4 pages including resume.

Job Summary

The University of Michigan?s Information Assurance team at Michigan Medicine (IA:MM) believes in promoting a shared responsibility of security to enhance how we provide care, learning and protect the quality of healthcare. We implement balanced assurance solutions and focus on practical Information Assurance to protect the systems, data, and identities on which Michigan Medicine relies for its operations.

We are looking for a Chief Information Security Officer for the Academic Medical Center (AMC) which is comprised of the U-M Medical School (UMMS) and the U-M Health (UMH). You will report to the Michigan Medicine Chief Information Security Officer and will earnestly contribute as part of the IA:MM leadership team to the greater vision for assurance at Michigan Medicine and our communities.

You will oversee the alignment & integration of organizational, risk, and technology strategies, ensuring that the business requirements and protective services for the AMC are part of an integrated information assurance program for Michigan Medicine. Your direct reports will be the Lead for Cybersecurity Threat Intelligence, the Cybersecurity Risk Manager and the Director of Information Assurance Operations with a combined staff of ~50 FTE and will work closely with the Regional Health Network and Academic Medical Center technology leadership to align and prioritize resources.

Additional objectives for this role are to centralize common information security capabilities with those of our regional health network information assurance department and differentiate specific capabilities as required.

You will be an advocate for the AMC information security program to protect the AMC workforce, patients, and their data across the state as well as contribute to the overall digital resiliency of the organization. You will have the opportunity to develop autonomy and mastery in navigating complex organizations and to coach our cybersecurity and risk management recruiting pipeline.

Opportunity and Benefits

Our team protects Michigan Medicine together – shielding patients, researchers, providers, students, data, systems, and identities from cybersecurity threats. We value diverse backgrounds and experiences, and we champion our staff. We offer a robust benefits package that includes comprehensive training and career development opportunities, generous retirement savings plans, ample paid time off, and a wealth of family care support: .

You will work at one of the best learning and research institutions in the world, and you will have the ability to negotiate alternative work schedules and remote or on-site options to suit your work-life balance.

This role is eligible for `U-M Flexible First` telecommuting agreements that fit into the expectations of the Michigan Medicine Chief Information Security Officer and the Michigan Medicine Human Resources definitions and guidance: . Specific conditions and expectations can be clarified for candidates.

Apply to be part of a strong team that partners with our institution, community, and each other.

Our Division?s Mission

We serve as a trusted partner and provide a best-in-class security program to uphold and protect the mission of Michigan Medicine.

Our Division?s Vision
We believe in cultivating a shared responsibility of security to enhance how we provide care, deliver education, and create innovation to protect the quality of healthcare.

Our Division?s Principles

• Prioritize your self-care, family-care, team-care, then the work.
• Implement balanced assurance solutions.
• Strengthen our department?s capabilities.
• Develop an assurance-minded workforce.
• Focus on practical information assurance.

Responsibilities*

• Partner engagement, business requirements gathering, and overall information security representation for the needs of University of Michigan Academic Medical Center.
• Continuing in progress activities and strategies around identity assurance services and protections.
• Differentiate as appropriate risk mitigation approaches for different major constituents of the AMC including faculty, students, clinical staff, and academic staff.
• Co-develop technology, process, and practice integration plans across the Regional Health Network and AMC with a peer CISO in the U-M Regional Health Network.
• Representation in improvement efforts for all aspects of Information Assurance programs in use at the AMC.
• Develop and coordinate essential information assurance capabilities at the AMC using Michigan Medicine services including:
  • Vulnerability management
  • Controls assessment
  • Internal Audit remediation
  • Incident response
  • Cybersecurity threat intelligence
  • Identity assurance operations and solution engineering
  
  
• Executive level reporting and presentations.

Required Qualifications*

The CISO-AMC will be an approachable, visible and servant leader, able to lead security investments and operations in the context of complex environments and drive change across the organization. You will have:

• Bachelor?s degree
• 3+ years of prior experience as an IT related CxO role at a major healthcare company, academic medical center, government agency, or significant critical infrastructure industry (Chief Technology Officer, Chief Information Security Officer, Chief of Staff, Chief Information Officer).
• Expert knowledge of infrastructure technology, cloud architectures, identity management, and relevant information security solutions.
• Experience designing services and managing service level agreements with orientation toward the Information Technology Service Management (ITSM) frameworks or concepts.
• 5+ years? experience working in large matrixed, remote, or federated teams.
• Experience with partner engagement, developing trust quickly, and supporting teams.
• 5+ years? experience leading successfully in a decentralized organization towards complex IT implementations or transformation.
• Experienced executive with excellent communication skills capable of authoring and presenting to different levels of executives and leaders consistently.
• Knowledge of legal and regulatory requirements relating to information security, including the HIPAA Security Rule, PCI-DSS, FISMA and the capability to understand emerging administrative rules and regulations from federal and state agencies.

Desired Qualifications*

• Leadership experience in an academic medical center environment.
• Prior experience as an information security leader in a complex organization or critical infrastructure sectors.
• Certified Information Systems Security Professional (CISSP) or similar certification.

Modes of Work

Positions that are eligible for hybrid or mobile/remote work mode are at the discretion of the hiring department. Work agreements are reviewed annually at a minimum and are subject to change at any time, and for any reason, throughout the course of employment. Learn more about the .

Background Screening

Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings. Background screenings are performed in compliance with the Fair Credit Report Act. Pre-employment drug testing applies to all selected candidates, including new or additional faculty and staff appointments, as well as transfers from other U-M campuses.

Application Deadline

Job openings are posted for a minimum of seven calendar days. The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.

U-M EEO Statement

The University of Michigan is an equal employment opportunity employer.

Source ⇲