The Chief Information Security Officer (CISO) is a senior executive responsible for overseeing the information security and cybersecurity strategy of an organization. The CISO plays a critical role in safeguarding the organization's information assets, managing risks, and ensuring compliance with relevant regulations. The CISO is a position supporting all entities of the Health System, and is responsible for the effective execution of IT Security functions across the entire Health System.

Organizational Partnerships:

• Serves as a key member of the Health IT executive team.

• Builds collaborative relationships with operational and Health IT Leaders across the Health System.

• Develops well-designed operational and capital budgets in support of appropriate domain areas and aligned with customer expectations. Manages budget in an accountable and transparent manner. Creates long range financial plans that align with the system’s mission and strategic plan.

• Actively participates in policy and procedure development for the role’s domain areas.

• Actively cultivates and manages partnerships with key vendors.

• Invests in team members by cultivating a positive team culture that promotes exceptional employee engagement. Ensures that team members focus on the proper priorities in accordance with organizational, division, and team goals.

Domain Areas:

• Information Security Strategy

• Risk Management

• Policy and Compliance

• Security Awareness:

• Incident Response and Management

• Security Architecture

• Vendor and Third-Party Security

• Security Governance

• Security Technologies

• Security Audits and Assessments

​Advanced / Emerging Technologies:

• Stays current with emerging trends in domain areas; such as new monitoring and auditing tools, policy and risk management, software and hardware to protect data assets.

• Identifies and brings forward potential initiatives and solutions enabled by advanced and emerging technologies.

• Brings on board, in a staff or consulting role, experienced staff and leaders capable of designing and implementing advanced and emerging technologies.

Leadership and Administration:

• Has responsibility for hiring, training, motivating, and retaining top talent resulting in the development and maintenance of a high-performance team.

• Promotes a team concept reflecting the mission, vision and values of UVA Health.

• Drives rigor and operational maturity to create a high performing team.

• Models and encourages staff in professional development activities to keep abreast of industry changes while building, recruiting and retaining talent.

• Ensures ongoing staff training and competency to maintain a skilled workforce.

• Manages budget for department/projects associated with this domain, including forecasting needs, tracking costs, investigating variances, making corrections, etc.

• Directs and monitors work efforts on a regular basis supporting staff leadership and input into decision making, identifying resource needs, performing quality review; and escalating functional, quality, timeline issues appropriately.

• Manages, champions, and sustains a diverse work environment and culture in alignment with the mission of the organization.

• Creates and promotes an environment of leadership and direction, providing subject matter expertise in all areas related to information technology service delivery.

• In addition to the above job responsibilities, other duties may be assigned.

Position Compensation Range: $193,793.60 - $310,065.60 Annual

MINIMUM REQUIREMENTS

Education: Bachelor's degree required; Master Degree in Healthcare or Information Technology is preferred.

Experience: 10+ years of progressively responsible technology leadership roles with a minimum of 5 years in a leadership capacity.

Licensure: One or more of the following professional certifications required:

Certified Information System Security Professional (CISSP)

Certified Information Security Manager (CISM)

Global Information Assurance Certification (SANS/GIAC)

Systems Security Certified Practitioner (SSCP)

Certified Information Systems Auditor (CISA)

PHYSICAL DEMANDS

This is primarily a sedentary job involving extensive use of desktop computers. The job does occasionally require traveling some distance to attend meetings, and programs.

The University of Virginia, i ncluding the UVA Health System which represents the UVA Medical Center, Schools of Medicine and Nursing, UVA Physician’s Group and the Claude Moore Health Sciences Library, are fundamentally committed to the diversity of our faculty and staff. We believe diversity is excellence expressing itself through every person's perspectives and lived experiences. We are equal opportunity and affirmative action employers. All qualified applicants will receive consideration for employment without regard to age, color, disability, gender identity or expression, marital status, national or ethnic origin, political affiliation, race, religion, sex (including pregnancy), sexual orientation, veteran status, and family medical or genetic information.