The Chief Information Security Officer (CISO) collaborates with the Chief Privacy Officer (CPO) and organizational leadership for the development, coordination, implementation, maintenance, and oversight of an integrated Information Security Integrity program. This position facilitates integrity at OHSU by providing leadership related to strengthening information security and collaborating with a broad spectrum of organizational partners, including but not limited to: clinical enterprise providers; hospital leadership and administration; Faculty Practice Plan and School of Medicine leadership; directors and managers; School of Nursing; School of Dentistry; Legal; Human Resources; Risk Management; Public Safety; Contracts; the Information Technology Group; research administration; various committees; and various integrity leadership and programs throughout OHSU and various groups in the community.
Leadership related to strengthening Information Security and related areas as follows:
1. Implementing, revising, and maintaining applicable policies and procedures (program-specific and OHSU-wide) to maximize integrity, compliance, effectiveness, efficiency, and reflect current trends;
2. Investigating violations and enforcement of applicable policies and procedures (program-specific and OHSU-wide) to ensure compliance;
3. Developing, implementing, and maintaining training and communication programs for the OHSU community;
4. Serving as an expert resource for Information Security issues to the OHSU community;
5. Continuous process improvement related to Information Security integrity; and,
6. Serving as a management representative on assignments for both internal and external constituencies.
Specific areas of responsibility for the CISO include:
- The Information Security Officer is charged with overseeing the development and implementation of information security policies and procedures designed to manage the administrative, technical and physical safeguards appropriate for the different types of information and to the size and complexity of the organization.
- Responsible for the direction and oversight of the Information Security Integrity program.
- Responsible for the enforcement of Information Security policies and directives.
- Monitors the effectiveness of the Information Security Integrity program.
- Periodically revises the Information Security Integrity program due to changes in federal/state regulations and the needs of the organization.
- Collaborates with OHSU leadership to effectively incorporate the Information Security Integrity program within OHSU operations.
- Conducts or oversees Information Security and Privacy investigations (in conjunction with the Chief Privacy Officer), coordinates activities with ITG and other OHSU resources and oversees forensic analysis of OHSU devices or systems.
- Oversees the development and implementation of audit, monitoring, and training processes to ensure that areas of risk are identified and managed.
- Ensures timely and appropriate corrective action is taken when necessary.
Successful leadership attributes for this position include:
- A solid leader with exceptional interpersonal, verbal and written communication skills, who manages work groups by inspiring and advising team members, facilitating goal accomplishment. Has effective time management skills, the ability to prioritize projects for self and teams, Evaluates performance of self and others to ensure success.
- A collaborator and consensus builder capable of maintaining and cultivating successful working relationships with internal and external stakeholders. A person who proactively establishes/develops strong relationships with key stakeholders across the organization.
- A resourceful professional who stays current with information, technology, trends, and developments in the field and implements applicable and reasonable policy and process changes as a result of industry trends.
- A well-organized leader with the ability to manage a variety of complex projects while charting a course of action that effectively and efficiently assists the organization and department in fulfilling goals and objectives.