The HMS Campus Information Security Officer (CISO) guides the HMS Information Security and Privacy strategies and architectures that align with the broader vision of HMS technology plans to support the HMS mission and will develop and articulate the advancing the HMS Information Security and Privacy program to support that vision. The HMS CISO is a thought leader that brings industry advances into HMS and university-wide information security strategy development and assures close alignment and coordination with the HMS and Harvard Risk Management Program, and the Harvard University Information Security and Data Privacy program.
The HMS CISO is responsible for Information Security processes and provides independent validation that all HMS IT units understand and implement required security protections; overseeing information security and project management staff who lead and guide HMS IT Technology leaders to operationalize protections, minimize vulnerabilities to external threats, prevent additional risks from being introduced to the HMS network, and ensure data is gathered and analyzed for vulnerability management, reporting and incident response, and is reported to HMS and HU leadership in a timely manner.
The HMS IT Security, Privacy, and Compliance Program will provide expert advice, consulting, training, and risk evaluation to faculty, staff, trainees, and students at Harvard Medical School (HMS), for teaching and learning, research projects and proposals, and for federally regulated data environments. The incumbent will direct the development and delivery of information security and privacy standards, policies, best practices, processes, and systems to assure information system security protections are adopted and maintained across the school.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
As the strategic leader for HMS Information Security, Privacy, and Compliance program development, the HMS CISO oversees the development of the technology strategy and roadmap and oversees the development of IT Security and data privacy standards, policies, practices, and architectures at HMS that leverage industry best practices.
Information security program oversight, ensuring that data-driven information security management is used across all HMS IT service providers and is well coordinated with HUIT CISDPO security and reporting requirements
Provide oversight and guidance to the HMS FISMA Information Systems Security Manager and staff resources to assure FISMA compliance for federally regulated data used in HMS research, and with appropriated data safety and privacy protections.
Lead the engagement with HMS and Longwood Medical Area/Affiliate IT and Information Security leaders to ensure required security and privacy policies, procedures, and best practices are in place, and data is used to drive continuous improvement.
Responsible for leveraging the HMS Information Security Governance program to operationalize and engage the HMS leadership and community in raising overall HMS information security posture
Provide information security awareness and training programs to ensure all units understand and implement required security and privacy protections for all systems, projects, and data, on-premises and in the cloud.
Foster change by building key partnerships and cultivating the role of a trusted advisor across the school, the Longwood Medical Area, and the University
Oversee IT Risk, Compliance, and Privacy assessments and needed actions to meet University requirements and to determine if best practices are being managed by IT leaders across HMS
This Staff role may start as a remote position due to the COVID-19 pandemic and while restrictions are still in place. The current remote nature of this role is considered temporary and may change as the University continues to evaluate options. While we continue to monitor the evolving COVID-19 guidelines, local on-campus work may be expected for some roles. Harvard Medical School does support flexible schedules, subject to individual departments' business needs.
Harvard requires COVID vaccination for all Harvard community members. Individuals may claim exemption from the vaccine requirement for medical or religious reasons. More information regarding the University's COVID vaccination requirement, exemptions, and verification of vaccination status may be found at the University's
Bachelor's degree in a related field or equivalent combination of training, education, and experience through which equivalent technical expertise can be developed
10+ years of experience as a senior leader in information technology
Solid knowledge of information security issues and technologies, an understanding of risk and assessment, and data privacy laws and accepted industry practices.
Master's degree preferred
Background and expertise in network and data security operational processes and analysis
Knowledge of advanced information security and privacy principles, software development, data analytics, and data privacy
Certifications such as cybersecurity, data analytics, and security frameworks e.g. CISSP, CISA/CISM, and or GIAC preferred
Demonstrated team performance skills, service mindset, and ability to lead through influence as a trusted advisor
Experience with managing federally regulated data environments, Data Use Agreements and IRB processes for research
Excellent communication, public speaking, and presentation skills; conformable presenting to executive audiences.
EQUAL OPPORTUNITY EMPLOYER: We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Internal Number: 56906BR
About Harvard University Medical School
Harvard University is devoted to excellence in teaching, learning, and research, and to developing leaders in many disciplines who make a difference globally. The University, which is based in Cambridge and Boston, Massachusetts, has an enrollment of over 20,000 degree candidates, including undergraduate, graduate, and professional students. Harvard has more than 360,000 alumni around the world. The University has twelve degree-granting Schools in addition to the Radcliffe Institute for Advanced Study, offering a truly global education. Established in 1636, Harvard is the oldest institution of higher education in the United States.