Department Description: The Chief Information Security Officer (CISO) reports to the Chief Information Officer (CIO) and has overall responsibility and accountability for BIDMC electronic data security, privacy, policies, architecture, and procedures.
Job Location: Boston, MA
Req ID: 7139BR
Job Summary: The Chief Information Security Officer (CISO) reports to the Chief Information Officer (CIO) and has overall responsibility and accountability for BIDMC electronic data security, privacy, policies, architecture, and procedures. The CISO has an extended role throughout CareGroup insofar as security and disaster planning matters impact the data network, email and other IT services rendered to non-BIDMC entities by BIDMC.
The CISO is the process owner of all ongoing activities related to the availability, integrity and confidentiality of customers, business partners, employees and business information, in compliance with information security policies.
Works with executive leadership, determines acceptable levels of risk and compatible IT security policies and procedures, and works in close alignment with IT and enterprise leadership teams to implement technology vision and strategy related to IT security, disaster prevention/recovery, incident response, and IT risk management.
Serves as primary liaison to the Office of Business Conduct in matters related to privacy and security policies, risk assessment and incident management. Provides computer forensic support for internal investigations and educates first-responder elements of the organization on proper handling of IT assets for evidence preservation.
Develops implements and monitors a strategic, comprehensive enterprise information security disaster management and risk management program (including strategy, policies, standards, processes, and guidelines) to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.
Works with constituent groups to create, document, implement, and manage policies, procedures, and practices that ensure the availability, integrity, and privacy of information assets on centrally managed computer systems.
Has the authority to direct and support employees daily work activities. Has the direct responsibility to undertake the following employment actions: hiring, termination, corrective action and performance reviews. Direct Reports: 4-6 Indirect Reports: None
Has full responsibility for planning, monitoring and managing department budget. Required Qualifications:
Bachelor's degree required .
8-10 years related work experience required and 3-5 years supervisory/management experience required
Position requires a strong understanding of computer forensics, IT security threats and preventative measures, disaster management and recovery techniques and technologies, and IT security-related laws, regulations, and guidelines.
Ability to review and evaluate terms and conditions in software, hardware and IT services contracts as well as negotiate appropriate agreements as they require input on IT security and disaster planning.
Sufficient familiarity with Federal and State laws and regulations affecting IT security and disaster prevention/recovery management that would permit the incumbent to serve as the local authoritative source to others in BIDMC.
Advanced technical computer skills as required for technical support specific to functional area and related systems. Preferred Qualifications:
8-10 years of experience in a healthcare setting.
An awareness of societies and authoritative bodies such as NIST, SANS, and others that can be tapped from time-to-time for expert advice and best practices. Competencies:
Written Communications: Ability to communicate complex information in English effectively in writing to all levels of staff, management and external customers across functional areas.
Oral Communications: Ability to verbally communicate complex concepts in English and address sensitive situations, resolve conflicts, negotiate, motivate and persuade others.
Knowledge: Ability to demonstrate broad and comprehensive knowledge of theories, concepts, practices and policies with the ability to use them in complex and/or unprecedented situations across multiple functional areas.
Team Work: Ability to lead collaborative teams for larger projects or groups both internal and external to the Medical Center and across functional areas. Results have implications for the management and operations of multiple areas of the organization.
Customer Service: Ability to lead operational initiatives to meet or exceed customer service standards and expectations in assigned unit(s) and/or across multiple areas in a timely and respectful manner.
Physical Nature of the Job:
Sedentary work: Exerting up to 10 pounds of force occasionally in carrying, lifting, pushing, pulling objects. Sitting most of the time, with walking and standing required only occasionally
Beth Israel Deaconess Medical Center - 15 months ago
Beth Israel Deaconess Medical Center (BIDMC) is a patient care, teaching and research affiliate of Harvard Medical School, and currently...