-
Chief Information Security Officer
- Mayo Clinic (Rochester, MN)
-
Why Mayo Clinic
Mayo Clinic is top-ranked in more specialties than any other care provider according to U.S. News & World Report. As we work together to put the needs of the patient first, we are also dedicated to our employees, investing in competitive compensation and comprehensive benefit plans (https://jobs.mayoclinic.org/benefits/) – to take care of you and your family, now and in the future. And with continuing education and advancement opportunities at every turn, you can build a long, successful career with Mayo Clinic.
Benefits Highlights
+ Medical: Multiple plan options.
+ Dental: Delta Dental or reimbursement account for flexible coverage.
+ Vision: Affordable plan with national network.
+ Pre-Tax Savings: HSA and FSAs for eligible expenses.
+ Retirement: Competitive retirement package to secure your future.
Responsibilities
The Chief Information Security Officer (CISO) provides strategic leadership for Mayo Clinic’s global information security program by balancing the preservation of trust by securing the privacy and security of patients, staff and other third parties with the need for simplification, convenience and frictionless use of technology and digital solutions for end users. Mayo Clinic’s CISO is responsible for safeguarding sensitive data and digital assets across all of Mayo Clinic and our related partnerships and affiliations. This executive role champions a proactive, adaptive security posture, leveraging emerging technologies and fostering a culture of shared responsibility for cybersecurity. The CISO works closely with leaders in the Digital Technology Organization (DTO) across Mayo Clinic to ensure security is seamlessly integrated into all technology initiatives. Additionally, the CISO partners with executive and functional leaders to embed security into business processes, digital transformation initiatives and innovation projects, ensuring alignment with Mayo Clinic’s mission and values, again in a manner that enables solutions not delays or serves as a barrier.
This is an on-site position based in Rochester, MN.
Key Responsibilities
1. Enterprise Information Security Leadership
+ Refresh and execute a comprehensive, forward-looking information security strategy that protects Mayo Clinic’s data, systems and intellectual property across all operations and geographies.
+ Oversee all elements of Mayo Clinic’s enterprise-wide information security program, including policy, strategy, architecture and operations, threat intelligence, incident response, AI and automation, security testing, identity management, ERIS and ERP, ensuring alignment to regulatory requirements and industry standards.
+ Champion adoption of advanced security technologies, such as AI-driven threat detection, zero trust architecture, cloud security and identity management platforms in a manner that supports operations.
+ Continuously assess and adapt the security program to address emerging threats, digital transformation and the needs of a remote and hybrid workforce.
2. Business Alignment & Collaboration
+ Serve as a strategic partner to executive leadership and cross-functional teams, integrating security into business processes, technology initiatives and organizational change efforts.
+ Foster a culture of cybersecurity awareness and shared accountability among employees, patients, partners and vendors.
+ Collaborate with the DTO, internal audit, compliance, risk operations, legal, physical security, systems operations and development teams to coordinate security initiatives and drive enterprise-wide resilience while fostering and maintaining a positive user experience.
+ Engage with external partners, industry groups and regulatory bodies to benchmark practices and ensure Mayo Clinic remains at the forefront of security innovation.
3. Vision, Governance & Risk Management
+ Provide visionary leadership in risk management, governance and performance measurement, utilizing automation, advanced analytics, real-time dashboards and executive reporting.
+ Guide the organization in balancing security, privacy and operational agility, ensuring business alignment and effective governance to safely enable emerging technology
+ Lead the development and monitoring of executive-level metrics, risk analysis, mitigation strategies and reporting mechanisms.
+ Provide executive leadership for enterprise cyber incident and crisis management, ensuring decisive, coordinated response and recovery for security events impacting the organization at any time.
+ Advise senior leadership on security risks, trends and investment priorities, supporting informed decision-making and continuous improvement.
+ Ensure security objectives are continually evaluated and sufficient to address evolving risks and aligned to organizational risk tolerance.
4. Team Leadership & Program Evolution
+ Build, mentor and retain a diverse, high-performing team of information security professionals, promoting continuous learning and professional development.
+ Cultivate a culture of inclusion, innovation and excellence within the security function.
+ Lead the evolution of the information security program, securing executive sponsorship and budget, demonstrating measurable value and driving consensus among functional leaders.
+ Manage relationships with external technology vendors and professional services firms, overseeing evaluation, negotiation and ongoing performance of service agreements.
Qualifications
Bachelor’s degree in information technology, Health Informatics, Business Administration or related field is required. Master’s degree of Science, Business Administration, Health Administration or related field is required. Qualified candidates must be a Certified Information Systems Security Professional (CISSP) with an active certification status. Experience as either a Chief Information Security Officer of an enterprise organization or as a direct report to a Chief Information Security Officer of a large international organization is required. Experience in the attraction, recruitment, hiring, retention and professional development of a diverse team of dedicated information security professionals. Experience in the successful evolution of an information security program. This will include garnering executive support and budget for information security initiatives, building consensus with functional leaders by demonstrating value and measurable results and creating a culture of information security awareness amongst the company’s core ecosystem, including patients, employees, partners and vendors, while maintaining efficiency.
Experience in the evaluation and implementation of industry standard enterprise-wide information security technologies and concepts, including but not limited to: Data Loss Prevention, Security Information and Event Management, Governance, Risk and Compliance Tools, Threat and Vulnerability Management, Identity and Access Management, Application Security, Cloud Security and Computer Forensics. A demonstrated understanding of the complex and diverse threats that an internationally renowned organization with sensitive data can be exposed to. Experience in managing relationships with external information security technology vendors, and specialized information security professional services firms, including management of the evaluation process of their capabilities, and the eventual negotiation of fair service level agreements and contracts between their company and these entities. Must be eligible to obtain security clearance if necessary.
Exemption Status
Exempt
Compensation Detail
The minimum starting salary for the position may range from $369,000 to $554,000. This range reflects full-time total base compensation prior to consideration of additional experience or duties. Pay for the selected candidate will vary based on experience, FTE, internal equity, or external market data.
Benefits Eligible
Yes
Schedule
Full Time
Hours/Pay Period
80
International Assignment
No
Site Description
Just as our reputation has spread beyond our Minnesota roots, so have our locations. Today, our employees are located at our three major campuses in Phoenix/Scottsdale, Arizona, Jacksonville, Florida, Rochester, Minnesota, and at Mayo Clinic Health System campuses throughout Midwestern communities, and at our international locations. Each Mayo Clinic location is a special place where our employees thrive in both their work and personal lives. Learn more about what each unique Mayo Clinic campus has to offer, and where your best fit is. (https://jobs.mayoclinic.org/alllocations)
Equal Opportunity
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, protected veteran status or disability status. Learn more about the "EOE is the Law" (https://www.eeoc.gov/poster) . Mayo Clinic participates in E-Verify (https://www.e-verify.gov/sites/default/files/everify/posters/EVerifyParticipationPoster.pdf) and may provide the Social Security Administration and, if necessary, the Department of Homeland Security with information from each new employee's Form I-9 to confirm work authorization.
Recruiter
Justin Kennedy
Equal opportunity
As an Affirmative Action and Equal Opportunity Employer Mayo Clinic is committed to creating an inclusive environment that values the diversity of its employees and does not discriminate against any employee or candidate. Women, minorities, veterans, people from the LGBTQ communities and people with disabilities are strongly encouraged to apply to join our teams. Reasonable accommodations to access job openings or to apply for a job are available.
-
Recent Jobs
-
Chief Information Security Officer
- Mayo Clinic (Rochester, MN)
-
Quantitative Analytics and Model Consultant - Anti Money Laundering (AML) and Fraud Model Validation
- PNC (Pittsburgh, PA)
-
Skillbridge, Distribution General Mgr (MIT)
- Navy Exchange Services (NEX) (Virginia Beach, VA)
-
Desktop Technician I (AK on-site)
- GCI Communication Corp (Anchorage, AK)