University of Utah Looking for Chief Information Security Officer (PRN35157B) Full Time

Chief Information Security Officer (PRN35157B)

The University of Utah and University of Utah Health seek an
accomplished and forward-thinking Chief Information Security Officer (CISO) to join our dedicated team. This position is a unique
opportunity to collaborate and coordinate with university entities in shaping and enhancing the security posture of a world-class academic
institution and healthcare system. The University of Utah CISO is crucial in ensuring the security and privacy of sensitive
information across both organizations. This position reports directly to the CIO of the University of Utah, the CIO of
University Health and encompasses comprehensive responsibilities in designing, implementing, and managing information security programs for
both campus and University Health.

The University of Utah is the flagship institution of the State of Utah’s System of Higher
Education, with 18 schools and colleges, more than 100 undergraduate and 90 graduate degree programs, 39,000 employees and an enrollment of
more than 32,000 students. At the University of Utah, you’ll find world-class research and education complemented by a lively social,
cultural, and athletic campus experience. An unparalleled spirit of entrepreneurship, collaboration, and community service has enabled the
University to innovate across fields, pioneer new programs with social impact, generate path-breaking discoveries, fuel critical research,
and inspire innovative approaches to education.

University of Utah Health is the only academic medical center in Utah and provides
patient care for the people of Utah, Idaho, Wyoming, Montana, Western Colorado, and much of Nevada. It also serves as the training ground
for scientists and most of the state’s physicians, nurses, pharmacists, dentists, therapists, and other healthcare professionals.
University of Utah Health comprises five hospitals and 12 community healthcare centers. It is recognized nationally for its world-class
research and as a transformative healthcare system, and regionally as a provider of outstanding healthcare.

Salt Lake City combines
the amenities of a major metropolitan area of more than one million people with the friendliness and ease of living of a small, Western
city. Seven major ski resorts are within an hour’s drive from campus, and opportunities to pursue activities from biking to hiking to
fishing abound. Salt Lake is also home to the Utah Symphony and Opera, the Utah Ballet, the Utah Opera Company, several professional sports
teams, and a wide range of other cultural and recreational activities.

University of Utah Job ID# PRN35157B 00332 –
University Infor. Techn. UIT

COMPENSATION: $103,700/yr. to $202,300/yr. DOE

WORK SCHEDULE: Monday
– Friday 8am to 5pm

RESPONSIBILITIES:

– Develop and implement an enterprise-wide information security
strategy that aligns with the university’s and healthcare system’s mission, vision, and goals.

– Oversee the development
and execution of information security policies, rules, and guidelines to protect the confidentiality, integrity, and availability of
sensitive data and information systems.

– Provide strategic guidance and recommendations to senior leadership on information security
matters, risk management, and compliance with applicable laws, regulations, and industry best practices.

– Evaluate and report on the
maturity of information security programs and risk mitigations as measured against industry standard security frameworks.

–
Collaborate with key stakeholders, including academic departments, healthcare units, and administrative divisions, to identify and
prioritize security initiatives, ensuring the appropriate allocation of resources.

– Lead a team of information security
professionals, providing mentoring, training, and guidance to develop their skills and capabilities.

– Manage relationships with
external partners, vendors, and regulatory agencies to ensure effective security controls are in place and maintained.

– Conduct
regular security assessments, penetration testing, and risk assessments to identify vulnerabilities, mitigate risks, and recommend
remediation strategies.

– Monitor and respond to security incidents, coordinating incident response activities and conducting
post-incident analysis and reporting.

– Stay abreast of the latest trends, threats, and technologies in the information security
field, and recommend innovative solutions to address emerging risks.

This job description is not designed to contain or be
interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job.

QUALIFICATIONS:

– A four-year degree in a related technical, audit, law, or security field is required. An advanced
degree is preferred. A combination of work experience and specialized technical training may be substituted for a college degree.

–
Minimum of 10 years of progressive experience in a business environment, preferably in healthcare or higher education, with at least four
years in a management capacity.

– Strong knowledge of privacy and security regulations, including FERPA, HIPAA, FISMA, and
PCI-DDS.

– Excellent written and oral communication skills, including the ability to present complex information to diverse
audiences.

– Demonstrated ability to mediate conflicts, build consensus, and communicate effectively with both technical and
non-technical stakeholders.

– Strong leadership skills, high integrity, and the ability to build trusted relationships

Applicants must demonstrate the potential ability to perform the essential functions of the job as outlined in the position
description.

PREFERENCES:

– Industry certifications such as Certified Information Systems Security Professional
(CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are highly desirable.

–
Knowledge of security frameworks such as CIS Controls, NIST Cybersecurity Framework, Cybersecurity Maturity Model Certification (CMMC), and
Health Information Trust Alliance (HITRUST) and their commonalities and differences.

– Understanding research environments,
government grants, and agency reviews and audits is advantageous.

– Proven experience creating and implementing successful multi-year
information security programs in complex environments.

TO APPLY, VISIT: https://utah.peopleadmin.com/postings/149087