The University of Utah and University of Utah Health seek an accomplished and forward-thinking Chief Information Security Officer (CISO) to join our dedicated team. This position is a unique opportunity to collaborate and coordinate with university entities in shaping and enhancing the security posture of a world-class academic institution and healthcare system. The University of Utah CISO is crucial in ensuring the security and privacy of sensitive information across both organizations. This position reports directly to the CIO of the University of Utah, the CIO of University Health and encompasses comprehensive responsibilities in designing, implementing, and managing information security programs for both campus and University Health.
The University of Utah is the flagship institution of the State of Utah’s System of Higher Education, with 18 schools and colleges, more than 100 undergraduate and 90 graduate degree programs, 39,000 employees and an enrollment of more than 32,000 students. At the University of Utah, you’ll find world-class research and education complemented by a lively social, cultural, and athletic campus experience. An unparalleled spirit of entrepreneurship, collaboration, and community service has enabled the University to innovate across fields, pioneer new programs with social impact, generate path-breaking discoveries, fuel critical research, and inspire innovative approaches to education.
University of Utah Health is the only academic medical center in Utah and provides patient care for the people of Utah, Idaho, Wyoming, Montana, Western Colorado, and much of Nevada. It also serves as the training ground for scientists and most of the state’s physicians, nurses, pharmacists, dentists, therapists, and other healthcare professionals. University of Utah Health comprises five hospitals and 12 community healthcare centers. It is recognized nationally for its world-class research and as a transformative healthcare system, and regionally as a provider of outstanding healthcare.
Salt Lake City combines the amenities of a major metropolitan area of more than one million people with the friendliness and ease of living of a small, Western city. Seven major ski resorts are within an hour’s drive from campus, and opportunities to pursue activities from biking to hiking to fishing abound. Salt Lake is also home to the Utah Symphony and Opera, the Utah Ballet, the Utah Opera Company, several professional sports teams, and a wide range of other cultural and recreational activities.
University of Utah Job ID# PRN35157B 00332 - University Infor. Techn. UIT
COMPENSATION: $103,700/yr. to $202,300/yr. DOE
WORK SCHEDULE: Monday – Friday 8am to 5pm
RESPONSIBILITIES:
- Develop and implement an enterprise-wide information security strategy that aligns with the university’s and healthcare system’s mission, vision, and goals.
- Oversee the development and execution of information security policies, rules, and guidelines to protect the confidentiality, integrity, and availability of sensitive data and information systems.
- Provide strategic guidance and recommendations to senior leadership on information security matters, risk management, and compliance with applicable laws, regulations, and industry best practices.
- Evaluate and report on the maturity of information security programs and risk mitigations as measured against industry standard security frameworks.
- Collaborate with key stakeholders, including academic departments, healthcare units, and administrative divisions, to identify and prioritize security initiatives, ensuring the appropriate allocation of resources.
- Lead a team of information security professionals, providing mentoring, training, and guidance to develop their skills and capabilities.
- Manage relationships with external partners, vendors, and regulatory agencies to ensure effective security controls are in place and maintained.
- Conduct regular security assessments, penetration testing, and risk assessments to identify vulnerabilities, mitigate risks, and recommend remediation strategies.
- Monitor and respond to security incidents, coordinating incident response activities and conducting post-incident analysis and reporting.
- Stay abreast of the latest trends, threats, and technologies in the information security field, and recommend innovative solutions to address emerging risks.
This job description is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job.
QUALIFICATIONS:
- A four-year degree in a related technical, audit, law, or security field is required. An advanced degree is preferred. A combination of work experience and specialized technical training may be substituted for a college degree.
- Minimum of 10 years of progressive experience in a business environment, preferably in healthcare or higher education, with at least four years in a management capacity.
- Strong knowledge of privacy and security regulations, including FERPA, HIPAA, FISMA, and PCI-DDS.
- Excellent written and oral communication skills, including the ability to present complex information to diverse audiences.
- Demonstrated ability to mediate conflicts, build consensus, and communicate effectively with both technical and non-technical stakeholders.
- Strong leadership skills, high integrity, and the ability to build trusted relationships
Applicants must demonstrate the potential ability to perform the essential functions of the job as outlined in the position description.
PREFERENCES:
- Industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are highly desirable.
- Knowledge of security frameworks such as CIS Controls, NIST Cybersecurity Framework, Cybersecurity Maturity Model Certification (CMMC), and Health Information Trust Alliance (HITRUST) and their commonalities and differences.
- Understanding research environments, government grants, and agency reviews and audits is advantageous.
- Proven experience creating and implementing successful multi-year information security programs in complex environments.
TO APPLY, VISIT: https://utah.peopleadmin.com/postings/149087
EQUAL EMPLOYMENT OPPORTUNITY
The University of Utah values candidates who have experience working in settings with students from diverse backgrounds and possess a strong commitment to improving access to higher education for historically underrepresented students.
Individuals from historically underrepresented groups, such as minorities, women, qualified persons with disabilities and protected veterans are encouraged to apply. Veterans’ preference is extended to qualified applicants, upon request and consistent with University policy and Utah state law. Upon request, reasonable accommodations in the application process will be provided to individuals with disabilities.
The University of Utah is an Affirmative Action/Equal Opportunity employer and does not discriminate based upon race, ethnicity, color, religion, national origin, age, disability, sex, sexual orientation, gender, gender identity, gender expression, pregnancy, pregnancy-related conditions, genetic information, or protected veteran’s status. The University does not discriminate on the basis of sex in the education program or activity that it operates, as required by Title IX and 34 CFR part 106. The requirement not to discriminate in education programs or activities extends to admission and employment. Inquiries about the application of Title IX and its regulations may be referred to the Title IX Coordinator, to the Department of Education, Office for Civil Rights, or both. oeo@utah.edu
