The Broad institute seeks an experienced, energetic, engaging and visionary leader who wants to become part of an exciting, vibrant community of information technology professionals supporting the institute's call to Act Nimbly, Work Boldly, Share Openly, Reach Globally.
Watch: Career Advice
This role reports to the CIO, is a member of the IT leadership team and works closely with senior administration, academic leaders, and technical professionals throughout the organization. The Director is an advocate for the Institute's total information security needs and is responsible for the development and delivery of a comprehensive information security & compliance strategy. The Director leads the development and implementation of a security program that leverages collaborations across the institute, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risk and compliance requirements. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders.
REQUIREMENTS
DUTIES AND RESPONSIBILITIES:
Institutional Leadership
Define and lead a comprehensive information security program that includes priorities, budgets, staffing levels, timelines. Etc.
Articulate and execute on a plan to build a world class security and compliance function and program within the institute.
Provide guidance and counsel to the CIO and members of the institute's leadership team.
Establish and manage information security and compliance governance processes.
Lead information security and compliance planning processes to establish an inclusive and comprehensive program in support of research and administrative information systems and technology.
Establish annual and long-range security and compliance goals, define strategies, metrics, reporting mechanisms and program services.
Participate in relevant policy and practice discussions, and communicate appropriately within the institute.
Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Mentor the security and compliance team members and implement professional development plans for all members of the team.
Examine impact of new technologies on the Institute's overall information security posture. Establish processes to review implementation of new technologies.
Perform special projects and other duties as assigned.
Policy, Compliance and Audit
Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the controls.
Coordinate and track all information technology security and compliance related audits including scope, timelines and outcomes. Manage audit responses.
Develop a strategy for dealing with all relevant regulations and audits including HIPAA, PHI, FISMA and other relevant compliance protocols.
Outreach, Education and Training
Work closely with administrative leaders on security issues that require an in-depth understanding of the security, compliance and regulatory environment.
Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
Lead the development of education and support programs for IT staff, software development teams and lab based personnel distributed throughout the institute.
Risk Management and Incident Response
Keep abreast of security incidents and act as primary control point during significant information security incidents.
Convene incident and breach response team(s) as appropriate and provide leadership for response and notification actions.
Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
Send To A Friend
Posts
