• Director, IS Security Deputy BISO

    Rush University Medical Center (Chicago, IL)


    Job Description

    Business Unit: Rush Medical Center

     

    Hospital: Rush University Medical Center

    Department: Digital & Information Services

    **Work Type:** Full Time (Total FTE between 0.9 and 1.0)

    **Shift:** Shift 1

    **Work Schedule:** 8 Hr (8:00:00 AM - 5:00:00 PM)

     

    Rush offers exceptional rewards and benefits learn more at our Rush benefits page (https://www.rush.edu/rush-careers/employee-benefits).

     

    **Pay Range:** $69.41 - $103.42 per hour

     

    Rush salaries are determined by many factors including, but not limited to, education, job-related experience and skills, as well as internal equity and industry specific market data. The pay range for each role reflects Rush’s anticipated wage or salary reasonably expected to be offered for the position. Offers may vary depending on the circumstances of each case.

    Summary:

    The Information Security Director of Programming and Deputy BISO is responsible for using strong leadership and problem-solving skills to assist with program operations and advancing the mission, vision, and values of the Information Security Department at Rush. This position will lead various teams and oversee multiple cybersecurity functions, including cybersecurity education and awareness, information security program management, and BISO outreach. This role will act as cybersecurity leadership’s proxy in strategic and operational initiatives, including representing Rush Information Security in internal and external meetings, industry events, conferences, etc. The Information Security Director of Programming and Deputy BISO will have a highly visible role and will be responsible for connecting with and educating all technology users at Rush.

    Responsibilities:

    Cybersecurity Education and Awareness

    + Develop and implement a strategy, goals, and objectives for the cybersecurity training, education, and awareness program. This program addresses current and emerging technologies and risks affecting all RUSH employees, students, faculty, and contingent workers.

    + Identifies the human and cultural behaviors Rush needs to change to mitigate the top cybersecurity risks to our organization.

    + Manages the team responsible for tailoring information security training, education, and awareness programs to reduce institutional risk related to lack of training that includes applicable compliance objectives (e.g., HIPAA, FERPA, PCI).

    + Ensure that RUSH’s information security awareness program communicates RUSH’s security policies and requirements through a central repository available to RUSH stakeholders.

    + Develop and track metrics framework (including KPIs/KRIs) that effectively measures employee engagement, behaviors, and impact. This framework should show progress towards effectively changing employee behaviors to act more securely, thus reducing risk to RUSH.

    + Establishes and manages relationships with external vendors and agency partners as needed to establish quotes, production schedules, delivery, and implementation of cyber education and awareness materials.

    + Oversees the corporate phishing program, including maintaining the IT systems, tools, and technology needed to run a phishing campaign successfully.

    + Provide guidance and oversight for cybersecurity communication memos, emails, user guides, etc.

    + Establishes strong relationships with RUSH Marketing and Communication, collaborates on important cybersecurity initiatives, and disseminates awareness materials.

    + Accountable for coordinating systemwide, departmental, and team events, including lunch and learns, all-hands meetings, holiday parties, etc.

    + Attends RUSH system-wide presentations, workshops, and trainings to best represent the Information Security Department and its key initiatives that protect RUSH stakeholders.

    Cybersecurity Programming, Vendor, and Budget Management

    + Acts as a thought leader in the development and implementation of Cyber initiatives, programs, and projects to efficiently and effectively address the changing needs of Rush Cyber landscape and its stakeholders.

    + Oversees Cybersecurity program management functions, including vendor management and cybersecurity budget tracking processes.

    + Manages the team responsible for maintaining the cybersecurity program roadmap, ensuring that all cybersecurity projects and initiatives are appropriately tracked and mapped to key cybersecurity value drivers.

    + Coordinate cybersecurity vendor management activities, including vendor evaluations, vendor selection, vendor negotiations, contract lifecycle management, and renewal or termination notices.

    + Oversees process for actively capturing and reporting on all cybersecurity contracts, purchase orders, and invoices, including developing regular reports to cybersecurity senior leadership to advise on the status of Operational and Capital budgets and expenses.

    + Coordinates with cross-functional leadership to plan for and document the annual cybersecurity operating and capital budgets and ensures they align with the cybersecurity program strategy and roadmap.

    + Determines key performance indicators for cost savings, cost avoidance, vendor and contract lifecycles, etc., and measures performance against these metrics.

    + Measures continuous improvement opportunities to mature current processes and optimize organizational procedures for efficiency and productivity.

    Deputy BISO

    + Manages a team of BISO Leads responsible for serving as liaisons for Information Security regarding IT security risk, IT compliance, adopting security policy/stands/processes, project updates, proposals, and planning

    + Guides BISO Leads in easing communications and uniting people across the Department and organization to advance cybersecurity initiatives.

    + Develop and build relationships with all departments for increased efficiency and responsiveness of existing cybersecurity operations and help define new cyber operational strategies.

    + Responsible for developing presentations for the Audit Committee Board and other executive leadership updates as requested by the CISO, BISO, and information security leadership.

    + Provides guidance and input to CISO, BISO, and information security leadership regarding developing and implementing information security programs and initiatives to ensure the perspectives and impact on our key stakeholders are understood and addressed.

    + Identifying and helping solve core problems or opportunities within cybersecurity and business processes.

    + Assist cybersecurity leadership in developing presentation materials and content for industry conferences. Presents at industry conferences on behalf of the Rush Information Security Department.

    Required Job Qualifications:

    + Bachelor’s degree in computer science or related field.

    + CISM or other applicable certification (e.g., CISSP).

    + 12+ years of relevant computer systems experience focusing on Information Security, project management, and/or cybersecurity education and awareness.

    + 5+ years of experience in managing cross-functional teams and project management for successful delivery of projects.

    + 5+ years of experience in vendor management.

    + 5+ years of experience in information security GRC, DR, or education and awareness activities.

    + Must have excellent teamwork and interpersonal skills to effectively communicate with all levels of hospital personnel, vendors, and IT personnel.

    + Must possess the ability to deliver clear, concise communications and presentations. Must be able to train others quickly and thoroughly on key cybersecurity concepts.

    + Excellent organizational and leadership skills.

    + Excellent problem-solving and analytical skills.

    + Experience organizing and directing teams and departments outside your sphere of influence.

    + Experience in planning and leading strategic initiatives.

    + Ability to lead and handle multiple projects in a fast-paced environment.

    + Experience as a technology security leader building and executing world-class security strategies.

    + Experience building effective internal and external relationships and interacting effectively with individuals at all levels.

    + Experience influencing and collaborating to get work done through others.

    Preferred Job Qualifications:

    + Consulting experience, with a focus on operations management.

    + Nimble business mind, focused on developing creative solutions.

    + Strong project-reporting skills, with a focus on interdepartmental communications.

     

    Rush is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.

     

    **Position** Director, IS Security Deputy BISO

    **Location** US:IL:Chicago

    **Req ID** 18926