The University of Wisconsin-Madison School of Medicine and Public Health (SMPH) seeks an experienced data and cyber security leader to provide strategic vision and coordination for cybersecurity and data security services, facilities, and technology initiatives within the SMPH. The Chief Information Security Officer, SMPH, will be a member of the SMPH Informatics and IT leadership team and will represent the school in campus level discussions. They will report to the SMPH Associate Dean of Informatics and Information Technology.

The successful candidate will have experience working in an academic medicine setting. They will possess a leadership toolkit that enables them to nurture positive, inclusive work environments; think strategically; communicate with diverse stakeholders; develop effective partnerships; and deliver results. They will also understand the unique importance of security in supporting the research, teaching, outreach, advising, and administration mission of a public research university, including the impact of IT infrastructure on diversity, equity, inclusion, and accessibility in higher education.

NOTE: The job responsibilities listed below are generalized and align with the UW standard job description. Please note that though this language includes references to institutional responsibility, this position's scope is within the School of Medicine and Public Health and the span of authority or responsibility is not across UW-Madison's information security functions.

• 20% Develops and implements an ongoing risk assessment program targeting enterprise information security and privacy matters. Recommends methods for vulnerability detection and remediation and oversees vulnerability testing
• 10% Coordinates the enterprise development of information security policies, standards, and procedures
• 10% Serves as the institution's compliance officer with respect to campus, state, and federal information security policies and regulations such as FERPA, HIPAA, Gramm-Leach-Bliley, DMCA, Wisconsin Statutes, Cyber Security Policy, USA Patriot Act, PCI, and other relevant policies and regulations
• 20% Develops and implements an incident reporting and response system to address institution security incidents (breaches). Responds to alleged policy violations or complaints from external parties or internal reporting
• 10% Serves as the official campus contact for information security, privacy, and copyright infringement incidents, including relationships with law enforcement entities
• 10% Serves as the campus contact for internal and external auditors and agencies, survey requests, and other relevant parties or requests on security/privacy matters
• 10% Develops, plans, and implements long- and short-term campus security goals, projects, and initiatives
• 10% Exercises supervisory authority, including hiring, transferring, suspending, promoting, managing conduct and performance, discharging, assigning, rewarding, disciplining, and/or approving hours worked of at least 2.0 full-time equivalent (FTE) employees

Diversity is a source of strength, creativity, and innovation for UW-Madison. We value the contributions of each person and respect the profound ways their identity, culture, background, experience, status, abilities, and opinion enrich the university community. We commit ourselves to the pursuit of excellence in teaching, research, outreach, and diversity as inextricably linked goals.

The University of Wisconsin-Madison fulfills its public mission by creating a welcoming and inclusive community for people from every background - people who as students, faculty, and staff serve Wisconsin and the world.

For more information on diversity and inclusion on campus, please visit:

Required
Bachelor's Degree
Computer Science or related field

Preferred
Master's Degree
Computer Science or related field

Required Qualifications:
-At least five years experience with information security and regulatory compliance in an academic environment.
-At least five years experience managing and motivating teams.
-Demonstrated leadership in data and cyber security.
-Experience in risk management.
-Experience with HIPAA data, IRB, and human subjects' research.
-Experience with incident management.
-Practical knowledge of common data and cyber security management frameworks.
-Experience in establishing cyber security and risk metrics.
-Strong verbal, presentation, and written communication skills.
-Highly organized, able to multi-task, and meet deadlines.
-Work successfully with different teams and co-workers.
-Demonstrated problem solving, conflict resolution, and negotiation skills.
-Excellent working knowledge of current IT risks and experience implementing cybersecurity best practices.

Preferred Qualifications:
-CISSP, CISM, GIAC, PMP or related certifications
-Experience managing teams in a matrixed environment.
-Experience with securing cloud computing environments.
-Experience with data and cyber security management in an academic medical center.
-Experience in data de-identification as it pertains to HIPAA and honest brokering.
-Experience in evaluation, procurement, and secure deployment of software and hardware.
-Proven experience in establishing Data Use/Sharing Agreements.
-Working knowledge in the 7-layer OSI model.

Full Time: 100%

This position may require some work to be performed in-person, onsite, at a designated campus work location. Some work may be performed remotely, at an offsite, non-campus work location.

Ongoing/Renewable

Minimum $150,000 ANNUAL (12 months)
Depending on Qualifications
The starting salary for the position is $150,000 but is negotiable based on experience and qualifications.

Employees in this position can expect to receive benefits such as generous vacation, holidays, and sick leave; competitive insurances and savings accounts; retirement benefits. Benefits information can be found at ().

University sponsorship is not available for this position. The selected applicant will be responsible for ensuring their continuous eligibility for employment in the United States on or before the effective date of the appointment. UW-Madison is not an E-Verify employer, and therefore, is not eligible to employ F1-OPT STEM Extension participants.

The department will not be able to support a request for a J-1 waiver. If you chose to pursue a waiver and apply for our position, neither the UW nor UWMF will reimburse you for your legal or waiver fees.

To apply for this position, please click on the "Apply Now" button. You will be asked to upload a current resume/CV and a cover letter briefly describing your qualifications and experience. You will also be asked to provide contact information for three (3) references, including your current/most recent supervisor during the application process. References will not be contacted without prior notice.

Cody Roekle

608-263-7676
Relay Access (WTRS): 7-1-1. See for further information.

Chief Info Security Off (Inst)(IT079)

A53-MEDICAL SCHOOL/Informatics and IT

Limited

294313-LI