SEARCH CAREER OPPORTUNITIES

GENERAL SUMMARY OF POSITION: 

Under the general direction of the Information Security Officer or designee, the Information Security and Compliance Manager will work closely with sr. business stakeholders to proactively identify and address Information Security exposures and potential risks and work to drive security strategy and remediation activities. The Information Security and Compliance Manager will possess an advanced level of understanding around relevant state and federal regulatory requirements as well as a complete understanding of the Information Security Controls necessary to comply with those regulations.

The Information Security and Compliance Manager is a critical role in UMASS Medical Schools efforts to build a world class Information Security organization. This position is an outstanding opportunity and will play a leadership role in revitalizing the way that UMASS Medical School ensures that our information is protected against threats. We are seeking an innovative and critical thinker who thrives in an environment where their ideas and actions have an immediate and positive impact. You will be joining our Information Security Team, helping to align efficient and customer focused solutions with cutting edge security tools. You will work closely with key stakeholders within the medical school, leading the effort to ensure data security governance in ways that ensure best in class security protection while enabling our employees and students to excel. This individual should be comfortable with leading efforts that address existing information security challenges. You will play a critical role in revamping how we provide security services, with a focus on enabling our overall risk and compliance maturity.

MAJOR RESPONSIBILITIES:

• Work closely with Academic, Research and/or Business Management, including the Information Technology Council, in defining and implementing strategic security and compliance initiatives for UMass Medical School
• Lead the Information Security and Compliance team and provide management administration tasks (performance reviews, mentoring, budgets, etc), Information Security Policy Development and Security Awareness Programs, critical security and compliance initiatives, enforce control objectives, and  create and maintain an information security and compliance risk assessment framework
• Act as lead and subject matter expert for business related security and compliance matters across the medical school
• Manage the information security risk management program for the medical school, and ensure that plans integrate effectively with other aspects of business and IT strategy and roadmaps
• Work with technology procurement stakeholders to ensure that CWM, IT and Research third-parties are appropriately vetted before contracts are finalized
• Participate in external and internal audits to ensure that information security and compliance responses are accurate and consistent with UMMS IT controls
• Ensure appropriate internal and third-party information security risk assessments are conducted
• Increase collaboration and improve visibility into cross-functional dependencies, especially through strong partnerships with business and IT departments
• Ensure Information Security services address stated objectives and provide meaningful reporting on operational and security metrics
• Lead the development and maintenance of the Information Security Dashboard and assist in presenting data to sr. mgt stakeholders
• Provide direction to groups and individuals responsible for security remediation activities and assist in prioritization
• Identify IT compliance control gaps and oversee the documentation, implementation and testing of the IT compliance control portfolio
• Implement and maintain an IT compliance issue management tracking and resolution process that will address known issues, according to severity and potential impact to the medical school
• Report the levels of IT compliance risk and control effectiveness to key stakeholders such as CIO, ISO, legal management, Privacy Officer, regulators, internal/external auditors, etc.
• Collaborate with decision makers to provide actionable security and compliance insights and recommendations that will lead to better business decisions. Review at departmental and strategic medical school committees to articulate the medical schools information security risk posture
• Perform other duties as required

REQUIRED QUALIFICATIONS:

• Bachelors Degree in an Information Technology, Risk Management, Information Security, Privacy, or Compliance discipline or equivalent experience;
• 7 years of experience in Information Technology, Audit, Information Security, Risk Management or Compliance;
• Thorough understanding of HIPAA and Privacy regulations;
• Experience managing directly or indirectly Audit, Compliance or Information Security personnel;
• Experience in acting as a principle subject matter expert for Information Security and Regulatory Compliance matters;
• Experience influencing individuals and teams towards ensuring that Information Security risks are minimized;
• Experience in assessing information security and business risks;
• Strong strategic thinker with strong decision making, organization and project management skills;
• Understanding of relevant state and federal regulations that drive security requirements;
• Ability to develop a framework for ensuring an optimal operational model whereby security is measured, reported, and continuously improved upon;
• Ability to collaborate with IT management, and business stakeholders towards achieving business and security objectives;
• Excellent oral and written communication skills.

PREFERRED QUALIFICATIONS:

• Experience in a higher education environment or health care;
• Information Security or Information Technology, Privacy or Audit certification such as CISSP, CISM, CISA or HCISPP;
• Demonstrative knowledge of information security standards such as ISO/IEC 27000, NIST, HIPAA, FISMA, PCI, FERPA, etc.
• Masters Degree in a relevant field.