Job Description:

Job no: 1002410

Work type: Support Staff

Pay Grade: 17

Major Administrative Unit / College: Information Technology Services

Department: It Services Security 40000819

Sub Area: APSA- Pro Supervisory

Salary: Salary Commensurate with Experience

Location: East Lansing

Categories: Information Technology, Professional Supervisory- APSA, Full Time (90-100%), Union, Remote-Friendly
Working/Functional Title

Associate CISO for Health

Position Summary

The Associate Chief Information Security Officer (CISO) for Health is a critical leadership role within Michigan State University (MSU) Information Technology, responsible for ensuring the security and compliance of all health-related information, technology, and systems across the university. This role is responsible for identifying, evaluating, and responding on health information security risks in a manner that safeguards health information, adheres to regulatory requirements such as HIPAA, and maintains the integrity of all related data and systems. This role establishes annual and long-range health information security strategies, programs, plans, and metrics for continual program improvement.

The individual will serve as the Health Information Security Officer, overseeing the health information security domain and collaborating with key IT offices, Health Sciences, multiple university colleges and business units, governance groups, and stakeholders to protect and safeguard sensitive health data in support of MSU's goals for Research, Education, and Clinical Care.

Some key projects which the Associate CISO of Health will lead include:

• Helping to improve and streamline Identity and Access Management processes for health systems.


• Improving Health Information Privacy and Security Awareness training.


• Reviewing systems that manage, process, and store health information, including third-party software systems for contract and liability issues.


• Updating and maintaining relevant contingency plans.


• Developing and maintaining robust and sustainable health privacy and information security governance with the Health Information Privacy Officer.

Primary Responsibilities:

Ensure the security and compliance of health-related data, information, and systems across MSU.

Oversee the Information Security Program and related plans based on NIST standards.

In coordination with Privacy Officers support compliance and response regarding HIPAA, HITECH, and PHI-related matters.

Develop and implement health IT security governance, strategies, policies, standards, programs, and plans.

Conduct risk assessments and mitigation plans.

Manage incident responses and breach investigations.

Provide leadership and guidance on best practices for health data security.

Collaborate with multiple key stakeholders including:

MSU IT

Office of Health Sciences

MSU Healthcare

College of Human Medicine

College of Osteopathic Medicine

College of Nursing

College of Veterinary Medicine

University Health and Wellbeing

University Physicians

Student Athletics

Agriculture and Natural Resources, and other relevant units

Position Complexities:

Defining, directing, and managing the security of diverse and complex health-related data and information across multiple university units and systems in a federated IT model.

Ensuring compliance with stringent regulatory requirements such as HIPAA and HITECH.

Coordinating security efforts across a broad range of stakeholders with varying levels of technical expertise.

Balancing the need for robust security measures with the operational requirements of healthcare providers, educators, and researchers.

Staying current with evolving threats and advancements in health information security.

Michigan State University (MSU) is a top 100 global university located in East Lansing, three miles east of the state's capitol. The MSU community includes more than 12,000 faculty, academic and support staff, as well as over 52,000 students. MSU offers an extensive benefits package to its employees including health care, prescription, and dental coverage, and a base retirement program with a University matching contribution, as well as basic life insurance. In addition, MSU offers educational benefits including a course fee courtesy program and educational assistance.

MSU Information Technology provides the primary leadership for strategic, financial, and policy initiatives affecting information technology (IT) across MSU. MSU IT offers technology resources that support MSU's mission of providing education, conducting research, and advancing engagement.

Diversity, Equity and Inclusion (DEI) are essential elements, vital to the culture MSU Information Technology endeavors to cultivate. This includes providing opportunities and access for all people which incorporate differences of race, age, color, ethnicity, gender, sexual orientation, gender identity, gender expression, religion, national origin, migratory status, disability/abilities, political affiliation, veteran status and socioeconomic background.

Minimum Requirements

Knowledge equivalent to that which normally would be acquired by completing one or two year post-bachelor degree program; more than eight years of related and progressively more responsible or expansive work experience including at least four of the following: project management, applications design and programming, data center operations, systems programming, database administration, office automation, production analysis, client computing, consulting services, financial management, long range planning and data security; and management; or an equivalent combination of education and experience.

Desired Qualifications

A degree in information security, Health Informatics, or a related field. Advanced degree preferred.

Extensive experience in health IT security, including a deep understanding of HIPAA, PHI, and medical systems.

Proven track record in implementing security frameworks and controls such as NIST CSF, 800-53, 800-66 or 800-171.

Strong leadership and collaboration skills.

Excellent communication and interpersonal abilities.

Certifications such as CISSP, CISM, or HCISPP are highly desirable.

Equal Employment Opportunity Statement

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, age, disability or protected veteran status.

Required Application Materials

Resume and Cover Letter.

Special Instructions

Please provide three professional references who are knowledgeable of your work.

Work Hours

STANDARD 8-5

Website

https://tech.msu.edu

Remote Work Statement

MSU strives to provide a flexible work environment and this position has been designated as remote-friendly. Remote-friendly means some or all of the duties can be performed remotely as mutually agreed upon.

Bidding eligibility ends November 19, 2024 at 11:55 P.M.

Advertised: Nov 13, 2024 Eastern Standard Time

Applications close: Nov 26, 2024 Eastern Standard Time

Apply Now