Associate CISO for Health / Information Technology Associate Dir
Position Summary
The Associate Chief Information Security Officer (CISO) for Health is a critical leadership role within Michigan State University (MSU) Information Technology, responsible for ensuring the security and compliance of all health-related information, technology, and systems across the university. This role is responsible for identifying, evaluating, and responding on health information security risks in a manner that safeguards health information, adheres to regulatory requirements such as HIPAA, and maintains the integrity of all related data and systems. This role establishes annual and long-range health information security strategies, programs, plans, and metrics for continual program improvement.
The individual will serve as the Health Information Security Officer, overseeing the health information security domain and collaborating with key IT offices, Health Sciences, multiple university colleges and business units, governance groups, and stakeholders to protect and safeguard sensitive health data in support of MSU’s goals for Research, Education, and Clinical Care.
Some key projects which the Associate CISO of Health will lead include:
- Helping to improve and streamline Identity and Access Management processes for health systems.
- Improving Health Information Privacy and Security Awareness training.
- Reviewing systems that manage, process, and store health information, including third-party software systems for contract and liability issues.
- Updating and maintaining relevant contingency plans.
- Developing and maintaining robust and sustainable health privacy and information security governance with the Health Information Privacy Officer.
Primary Responsibilities:
- Ensure the security and compliance of health-related data, information, and systems across MSU.
- Oversee the Information Security Program and related plans based on NIST standards.
- In coordination with Privacy Officers support compliance and response regarding HIPAA, HITECH, and PHI-related matters.
- Develop and implement health IT security governance, strategies, policies, standards, programs, and plans.
- Conduct risk assessments and mitigation plans.
- Manage incident responses and breach investigations.
- Provide leadership and guidance on best practices for health data security.
- Collaborate with multiple key stakeholders including:
- MSU IT
- Office of Health Sciences
- MSU Healthcare
- College of Human Medicine
- College of Osteopathic Medicine
- College of Nursing
- College of Veterinary Medicine
- University Health and Wellbeing
- University Physicians
- Student Athletics
- Agriculture and Natural Resources, and other relevant units
Position Complexities:
- Defining, directing, and managing the security of diverse and complex health-related data and information across multiple university units and systems in a federated IT model.
- Ensuring compliance with stringent regulatory requirements such as HIPAA and HITECH.
- Coordinating security efforts across a broad range of stakeholders with varying levels of technical expertise.
- Balancing the need for robust security measures with the operational requirements of healthcare providers, educators, and researchers.
- Staying current with evolving threats and advancements in health information security.
Michigan State University (MSU) is a top 100 global university located in East Lansing, three miles east of the state’s capitol. The MSU community includes more than 12,000 faculty, academic and support staff, as well as over 52,000 students. MSU offers an extensive benefits package to its employees including health care, prescription, and dental coverage, and a base retirement program with a University matching contribution, as well as basic life insurance. In addition, MSU offers educational benefits including a course fee courtesy program and educational assistance.
MSU Information Technology provides the primary leadership for strategic, financial, and policy initiatives affecting information technology (IT) across MSU. MSU IT offers technology resources that support MSU’s mission of providing education, conducting research, and advancing engagement.
Diversity, Equity and Inclusion (DEI) are essential elements, vital to the culture MSU Information Technology endeavors to cultivate. This includes providing opportunities and access for all people which incorporate differences of race, age, color, ethnicity, gender, sexual orientation, gender identity, gender expression, religion, national origin, migratory status, disability/abilities, political affiliation, veteran status and socioeconomic background.
Minimum Requirements
Knowledge equivalent to that which normally would be acquired by completing one or two year post-bachelor degree program; more than eight years of related and progressively more responsible or expansive work experience including at least four of the following: project management, applications design and programming, data center operations, systems programming, database administration, office automation, production analysis, client computing, consulting services, financial management, long range planning and data security; and management; or an equivalent combination of education and experience.
Desired Qualifications
- A degree in information security, Health Informatics, or a related field. Advanced degree preferred.
- Extensive experience in health IT security, including a deep understanding of HIPAA, PHI, and medical systems.
- Proven track record in implementing security frameworks and controls such as NIST CSF, 800-53, 800-66 or 800-171.
- Strong leadership and collaboration skills.
- Excellent communication and interpersonal abilities.
- Certifications such as CISSP, CISM, or HCISPP are highly desirable.
Equal Employment Opportunity Statement
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, age, disability or protected veteran status.
Required Application Materials
Resume and Cover Letter.
Special Instructions
Please provide three professional references who are knowledgeable of your work.
Work Hours
STANDARD 8-5
Website
https://tech.msu.edu
Remote Work Statement
MSU strives to provide a flexible work environment and this position has been designated as remote-friendly. Remote-friendly means some or all of the duties can be performed remotely as mutually agreed upon.