Chief Info Security Officer – Penn Medicine, University of Pennsylvania Health System Philadelphia, PA
Note: We are reader supported and may earn a small commission when you click on links in posts
About the job
Penn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines.
Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life’s work?
Reporting to the Senior Vice President and Chief Information Officer, the Chief Information Security Officer (CISO) provides leadership, strategic direction and oversight for the Penn Medicine information security function across the health system and school of medicine environments. With the customer experience in mind, establishes and maintains an enterprise-wide information security program that protects all personally sensitive and protected data against internal and external threats. In partnership with the CIO, IS leadership, senior leaders and other key executives, the CISO will ensure that enterprise-wide information security strategy, planning and delivery aligns the organizations business and strategic objectives.
Provides leadership in planning, developing, communicating, implementing and managing information technology strategy for enterprise IS security functions.
Serves as trusted advisor to IS and organizational leadership to ensure systems are acquired, constructed, integrated and operated in accordance with information security and institutional requirements.
Oversees a data security team comprised of infrastructure engineering, security operations and information assurance in order to provide ongoing day-to-day enterprise protections.
Participates in defining the strategic direction of the department through short and long-term goal setting, assessment of information technology needs and information systems integration, IS business operations, risk analyses, security and related operations.
Works with representatives of Information Services and third party partners to coordinate the delivery of technology solutions to the Penn Medicine enterprise.
Operates as an integral member of the Corporate Information Services leadership team and collaborates with peers to introduce data security advancements across the enterprise.
Leads the overall management and strategic oversight of enterprise information security and IS risk and compliance policies, principles, procedures and practices. Proactively interact with senior leaders to understand the business objectives and strategies. Provide the vision and leadership for the effective integration of the Enterprise Information Security program with other related processes in the organization. Responsible for building, implementing, and transforming information security.
Provide day-to-day management of financial and human resources, primarily focusing on employee coaching and mentoring, development, performance management and improvement, coordination and budgeting for staff, and department specific functions/services. Ensure succession plan is in place for key positions.
Strategically monitors and communicates to senior leadership worldwide security trends, threats, vulnerabilities and potential impacts to Penn Medicine’s business. Stays current with emerging information security tools, techniques and technologies within a changing threat landscape for potential Penn Medicine applications. Builds and nurtures productive relationships within the security ecosystem to ensure comprehensive, best in class programs and responses to internal and external threats. Identifies, assesses, evaluates and recommends threat mitigation techniques and monitors risks from a strategic, financial, operational and external perspective.
Drives selection and use of security tools and technology to ensure that Penn Medicine ‘s security processes are effective, cost-efficient and can be deployed and managed in a timely manner. Ensures the security management life-cycle is followed. Partners with Internal Audit and Privacy stakeholders as needed to ensure expected controls are defined and consistently met.
Leads any related committees or working groups and inform the topics and agendas these groups consider, address and operationalize.
Works closely with the Chief Audit Executive to build stronger cohesion between risks identified in information security assessments (and threat landscape) and the overall IT audit work plan endorsed by the Board Audit Committee.
Bachelors’ degree required; Masters’ degree preferred.
Seven or more years’ progressive information security management, and/or risk management in a healthcare or related industry required.
Preferred Certifications (one Or More Of The Following)
Certified Information System Security Professional (CISSP)
Certified Information Security Manager (CISM)
NIST Cybersecurity Framework (NCSF)
Certified Ethical Hacker (CEH)
Certified Information Systems Auditor (CISA)
Certified Cloud Security Professional (CCSP)
Computer Hacking Forensic Investigator (CHFI)
Cisco Certified Network Associate (CCNA) Security
Need Security training? Try these online top certifications
- IBM Cybersecurity Analyst Professional Certificate
- IT Fundamentals for Cybersecurity Specialization
- Google IT Support Professional Certificate
We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.
Live Your Life’s Work
We are an Equal Opportunity and Affirmative Action employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.