Job Description

Working/Functional Title

Associate CISO for Health

Position Summary

The Associate Chief Information Security Officer (CISO) for Health is a critical leadership role within Michigan State University (MSU) Information Technology, responsible for ensuring the security and compliance of all health-related information, technology, and systems across the university. This role is responsible for identifying, evaluating, and responding on health information security risks in a manner that safeguards health information, adheres to regulatory requirements such as HIPAA, and maintains the integrity of all related data and systems. This role establishes annual and long-range health information security strategies, programs, plans, and metrics for continual program improvement.

The individual will serve as the Health Information Security Officer, overseeing the health information security domain and collaborating with key IT offices, Health Sciences, multiple university colleges and business units, governance groups, and stakeholders to protect and safeguard sensitive health data in support of MSU’s goals for Research, Education, and Clinical Care.

Some key projects which the Associate CISO of Health will lead include:

• Helping to improve and streamline Identity and Access Management processes for health systems.
• Improving Health Information Privacy and Security Awareness training.
• Reviewing systems that manage, process, and store health information, including third-party software systems for contract and liability issues.
• Updating and maintaining relevant contingency plans.
• Developing and maintaining robust and sustainable health privacy and information security governance with the Health Information Privacy Officer.

Primary Responsibilities:

• Ensure the security and compliance of health-related data, information, and systems across MSU.
• Oversee the Information Security Program and related plans based on NIST standards.
• In coordination with Privacy Officers support compliance and response regarding HIPAA, HITECH, and PHI-related matters.
• Develop and implement health IT security governance, strategies, policies, standards, programs, and plans.
• Conduct risk assessments and mitigation plans.
• Manage incident responses and breach investigations.
• Provide leadership and guidance on best practices for health data security.
• Collaborate with multiple key stakeholders including:
• MSU IT
• Office of Health Sciences
• MSU Healthcare
• College of Human Medicine
• College of Osteopathic Medicine
• College of Nursing
• College of Veterinary Medicine
• University Health and Wellbeing
• University Physicians
• Student Athletics
• Agriculture and Natural Resources, and other relevant units

Position Complexities:

• Defining, directing, and managing the security of diverse and complex health-related data and information across multiple university units and systems in a federated IT model.
• Ensuring compliance with stringent regulatory requirements such as HIPAA and HITECH.
• Coordinating security efforts across a broad range of stakeholders with varying levels of technical expertise.
• Balancing the need for robust security measures with the operational requirements of healthcare providers, educators, and researchers.
• Staying current with evolving threats and advancements in health information security.

Michigan State University (MSU) is a top 100 global university located in East Lansing, three miles east of the state’s capitol. The MSU community includes more than 12,000 faculty, academic and support staff, as well as over 52,000 students. MSU offers an extensive benefits package to its employees including health care, prescription, and dental coverage, and a base retirement program with a University matching contribution, as well as basic life insurance. In addition, MSU offers educational benefits including a course fee courtesy program and educational assistance.  

MSU Information Technology provides the primary leadership for strategic, financial, and policy initiatives affecting information technology (IT) across MSU. MSU IT offers technology resources that support MSU’s mission of providing education, conducting research, and advancing engagement. 

Diversity, Equity and Inclusion (DEI) are essential elements, vital to the culture MSU Information Technology endeavors to cultivate.  This includes providing opportunities and access for all people which incorporate differences of race, age, color, ethnicity, gender, sexual orientation, gender identity, gender expression, religion, national origin, migratory status, disability/abilities, political affiliation, veteran status and socioeconomic background. 

Minimum Requirements

Knowledge equivalent to that which normally would be acquired by completing one or two year post-bachelor degree program; more than eight years of related and progressively more responsible or expansive work experience including at least four of the following: project management, applications design and programming, data center operations, systems programming, database administration, office automation, production analysis, client computing, consulting services, financial management, long range planning and data security; and management; or an equivalent combination of education and experience.

Desired Qualifications

• A degree in information security, Health Informatics, or a related field. Advanced degree preferred.
• Extensive experience in health IT security, including a deep understanding of HIPAA, PHI, and medical systems.
• Proven track record in implementing security frameworks and controls such as NIST CSF, 800-53, 800-66 or 800-171.
• Strong leadership and collaboration skills.
• Excellent communication and interpersonal abilities.
• Certifications such as CISSP, CISM, or HCISPP are highly desirable.

Equal Employment Opportunity Statement

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, age, disability or protected veteran status.

Required Application Materials

Resume and Cover Letter.

Special Instructions

Please provide three professional references who are knowledgeable of your work.

Work Hours

STANDARD 8-5

Website

Remote Work Statement

MSU strives to provide a flexible work environment and this position has been designated as remote-friendly. Remote-friendly means some or all of the duties can be performed remotely as mutually agreed upon.

Bidding eligibility ends November 19, 2024 at 11:55 P.M.

About Michigan State University

Spartans work every day to advance the common good in uncommon ways.Together, we tackle some of the world?s toughest problems to find solutions that make life better?from alternative energy to better food safety to breakthrough medical and environmental applications achieved through rare isotope research.We teach. We explore and we discover. We collaborate and lead. We innovate, inspire, and empower. We achieve our potential and create circumstances that help our students and others achieve theirs.We're good at it, and we've been at it for more than 150 years.The nation?s pioneer land-grant university, MSU began as a bold experiment that democratized higher education and helped bring science and innovation into everyday life. The revolutionary concept became a model for the nation.Today, MSU is one of the top research universities in the world?on one of the biggest, greenest campuses in the nation. Home to nationally ranked and recognized academic, residential college, and service-learning programs, we?re a diverse community of dedicated students and scholars, athletes and artists, scientists and leaders.In ways both practical and profound, we work to create a stronger, more sustainable, and more hopeful future for all.

Connections working at Michigan State University

Job Tags

Contract work, Work experience placement, Remote job, Flexible hours,

Similar Jobs