• Business Information Security Officer (BISO) Lead

    Rush University Medical Center (Chicago, IL)


    Job Description

    Business Unit: Rush Medical Center

     

    Hospital: Rush University Medical Center

    Department: Digital & Information Services

    **Work Type:** Full Time (Total FTE between 0.9 and 1.0)

    **Shift:** Shift 1

    **Work Schedule:** 8 Hr (8:00:00 AM - 5:00:00 PM)

     

    Rush offers exceptional rewards and benefits learn more at our Rush benefits page (https://www.rush.edu/rush-careers/employee-benefits).

     

    **Pay Range:** $50.68 - $75.51 per hour

     

    Rush salaries are determined by many factors including, but not limited to, education, job-related experience and skills, as well as internal equity and industry specific market data. The pay range for each role reflects Rush’s anticipated wage or salary reasonably expected to be offered for the position. Offers may vary depending on the circumstances of each case.

    Summary:

    At **Rush University Medical Center** , we’re building a culture where cybersecurity is everyone’s responsibility — and we’re looking for a **BISO Lead** to help make it happen.

     

    In this highly visible and strategic role, you’ll serve as a trusted advisor and operational partner to business and clinical leaders, embedding cybersecurity into everyday operations across your assigned domain — whether **Clinical** , **Corporate** , or **University** . You’ll translate enterprise security strategy into real-world action, driving awareness, training, and risk management initiatives that protect both people and data.

     

    As the **bridge between technology and business** , you’ll lead education efforts, guide compliance with frameworks like NIST, HIPAA, or FERPA, and influence how teams adopt secure, sustainable practices. This is an opportunity to shape how cybersecurity supports Rush’s mission in healthcare, research, and education — all while collaborating with leadership to advance a security-first culture.

     

    If you’re a relationship builder with strong leadership, communication, and technical acumen — and you’re passionate about connecting cybersecurity strategy to meaningful outcomes — we want to hear from you.

    Responsibilities:

    Cybersecurity Awareness & Training Support

    + Lead the awareness around the cybersecurity education and awareness programs designed by the office of the CISO, tailoring delivery for the assigned domain (clinical, corporate, or university).

    + Lead training sessions, workshops, and campaigns to address information security risks specific to the domain.

    + Develop and deliver communications (guides, FAQs, presentations, intranet updates) with the Communications team.

    + Promote a culture of security-first behaviors by engaging directly with employees, clinicians, faculty, or staff.

    + Represent the organization in internal and external meetings, industry events, and conferences.

    Risk Engagement & Compliance Support

    + Act as the frontline cybersecurity liaison for business leaders, department managers, and IT teams within the domain.

    + Identify and escalate domain-specific cybersecurity risks and coordinate with the Deputy BISO on mitigation plans.

    + Monitor compliance with security policies, regulatory frameworks (HIPAA for clinical, FERPA for university, etc.), and organizational standards (NIST CSF, CIS).

    + Facilitate tabletop exercises, after-action reviews, and department-level incident response coordination.

    Program Execution & Reporting

    + Manage operational tasks for security awareness and risk engagement programs within the domain.

    + Provide feedback and recommendations from the business area to continuously improve security programs.

    + Support executive presentations and updates specific to the assigned domain.

    + Understand domain business goals and operational processes to develop and lead a roadmap of security initiatives.

    + Embed security into domain operations and systems, influencing processes, operations, and teams to adopt practical and sustainable cybersecurity controls.

    Assist with change management for key cybersecurity initiatives, including:

    + **Develop Change Management Strategies:** Create and implement strategies that maximize employee adoption and minimize resistance to changes in business processes, systems, and organizational structures.

    + **Conduct Impact Analyses:** Assess how changes will affect employees and identify key stakeholders involved in the change process.

    + **Monitor Change Progress:** Track the effectiveness of change initiatives and adjust as necessary to ensure objectives are met.

    + **Communicate Effectively:** Provide updates and gather feedback from stakeholders throughout the change process to ensure transparency and engagement.

    Job Requirements

    + Bachelor’s degree in computer science or related field.

    + 5-7 years of relevant computer systems experience focusing on Information Security, project management, and/or cybersecurity education and awareness.

    + 3+ years of experience in managing cross-functional teams and project management for the successful delivery of projects

    + 3+ years of experience in information security, GRC, DR, or education and awareness activities.

    + Must have excellent teamwork and interpersonal skills to effectively communicate with all levels of personnel, vendors, and IT personnel.

    + Must possess the ability to deliver clear, concise communications and presentations. Must be able to train others quickly and thoroughly on key cybersecurity concepts.

    + Excellent organizational and leadership skills.

    + Excellent problem-solving and analytical skills.

    + Experience organizing and directing teams and departments outside your sphere of influence.

    + Experience in planning and leading strategic initiatives.

    + Ability to lead and handle multiple projects in a fast-paced environment.

    + Broad, interdisciplinary background in cybersecurity, including experience as a technology security leader building and executing world-class security strategies.

    + Experience building effective internal and external relationships and interacting effectively with individuals at all levels.

    + Experience in influencing and collaborating to get work done through others.

    Preferred Job Qualifications:

    + Consulting experience, with a focus on operations management

    + Nimble business mind, focused on developing creative solutions

    + Strong project-reporting skills, with a focus on interdepartmental communications

    + Experience in a healthcare provider, academic medical center, or university/research setting

    + Security related (CISSP, CISM etc.) or project management certifications (PMP).

     

    Rush is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.

     

    **Position** Business Information Security Officer (BISO) Lead

    **Location** US:IL:Chicago

    **Req ID** 22631