Campus Information Security Officer (CISO), HMS

Harvard Medical School

Boston, MA

ID: 7092596
Posted: January 20, 2022
Application Deadline: Open Until Filled

Job Description

Job-Specific Responsibilities

The HMS Campus Information Security Officer (CISO) guides the HMS Information Security and Privacy strategies and architectures that align with the broader vision of HMS technology plans to support the HMS mission and will develop and articulate the advancing the HMS Information Security and Privacy program to support that vision. The HMS CISO is a thought leader that brings industry advances into HMS and university-wide information security strategy development and assures close alignment and coordination with the HMS and Harvard Risk Management Program, and the Harvard University Information Security and Data Privacy program.

The HMS CISO is responsible for Information Security processes and provides independent validation that all HMS IT units understand and implement required security protections; overseeing information security and project management staff who lead and guide HMS IT Technology leaders to operationalize protections, minimize vulnerabilities to external threats, prevent additional risks from being introduced to the HMS network, and ensure data is gathered and analyzed for vulnerability management, reporting and incident response, and is reported to HMS and HU leadership in a timely manner.

The HMS IT Security, Privacy, and Compliance Program will provide expert advice, consulting, training, and risk evaluation to faculty, staff, trainees, and students at Harvard Medical School (HMS), for teaching and learning, research projects and proposals, and for federally regulated data environments. The incumbent will direct the development and delivery of information security and privacy standards, policies, best practices, processes, and systems to assure information system security protections are adopted and maintained across the school.

As the strategic leader for HMS Information Security, Privacy, and Compliance program development, the HMS CISO oversees the development of the technology strategy and roadmap and oversees the development of IT Security and data privacy standards, policies, practices, and architectures at HMS that leverage industry best practices.
Information security program oversight, ensuring that data-driven information security management is used across all HMS IT service providers and is well coordinated with HUIT CISDPO security and reporting requirements
Provide oversight and guidance to the HMS FISMA Information Systems Security Manager and staff resources to assure FISMA compliance for federally regulated data used in HMS research, and with appropriated data safety and privacy protections.
Lead the engagement with HMS and Longwood Medical Area/Affiliate IT and Information Security leaders to ensure required security and privacy policies, procedures, and best practices are in place, and data is used to drive continuous improvement.
Responsible for leveraging the HMS Information Security Governance program to operationalize and engage the HMS leadership and community in raising overall HMS information security posture
Provide information security awareness and training programs to ensure all units understand and implement required security and privacy protections for all systems, projects, and data, on-premises and in the cloud.
Foster change by building key partnerships and cultivating the role of a trusted advisor across the school, the Longwood Medical Area, and the University
Oversee IT Risk, Compliance, and Privacy assessments and needed actions to meet University requirements and to determine if best practices are being managed by IT leaders across HMS

Basic Qualifications

Bachelor’s degree in a related field or equivalent combination of training, education, and experience through which equivalent technical expertise can be developed
10+ years of experience as a senior leader in information technology
Solid knowledge of information security issues and technologies, an understanding of risk and assessment, and data privacy laws and accepted industry practices.

Additional Qualifications and Skills

Master’s degree preferred
Background and expertise in network and data security operational processes and analysis
Knowledge of advanced information security and privacy principles, software development, data analytics, and data privacy
Certifications such as cybersecurity, data analytics, and security frameworks e.g. CISSP, CISA/CISM, and or GIAC preferred
Demonstrated team performance skills, service mindset, and ability to lead through influence as a trusted advisor
Experience with managing federally regulated data environments, Data Use Agreements and IRB processes for research
Excellent communication, public speaking, and presentation skills; conformable presenting to executive audiences.

Additional Information

This Staff role may start as a remote position due to the COVID-19 pandemic and while restrictions are still in place. The current remote nature of this role is considered temporary and may change as the University continues to evaluate options. While we continue to monitor the evolving COVID-19 guidelines, local on-campus work may be expected for some roles. Harvard Medical School does support flexible schedules, subject to individual departments’ business needs.

Harvard requires COVID vaccination for all Harvard community members. Individuals may claim exemption from the vaccine requirement for medical or religious reasons. More information regarding the University’s COVID vaccination requirement, exemptions, and verification of vaccination status may be found at the University’s “COVID-19 Vaccine Information” webpage:

Please note that we are currently conducting a majority of interviews and onboarding remotely and virtually. We appreciate your understanding.

Harvard University offers an outstanding benefits package including:
Time Off: 3 - 4 weeks paid vacation, paid holiday break, 12 paid sick days, 12.5 paid holidays, and 3 paid personal days per year.
Medical/Dental/Vision: We offer a variety of excellent medical plans, dental & vision plans, all coverage begins as of your start date.
Retirement: University-funded retirement plan with full vesting after 3 years of service.
Tuition Assistance Program: Competitive tuition assistance program, incredibly affordable classes directly at the Harvard Extension School, and discounted options through participating Harvard grad schools.
Transportation: Harvard offers a 50% discounted MBTA pass as well as additional options to assist employees in their daily commute.
Wellness options: Harvard offers programs and classes at little or no cost, including stress management, massages, nutrition, meditation, and complementary health services.
Harvard access to athletic facilities, libraries, campus events, and many discounts throughout metro Boston.
The Harvard Medical School is not able to provide visa sponsorship for this position.

Harvard Medical School strives to cultivate an environment that promotes inclusiveness and collaboration among students, faculty and staff and to create new avenues for discussion that will advance our shared mission to improve the health of people throughout the world.