Reporting to the Chief Information Officer, the Chief Information Security Officer (CISO) will be responsible for institution-wide information security and compliance in support of the University's teaching, research and administrative missions. CISO also acts as the University's HIPAA Security Officer. The CISO works collaboratively with University leadership, legal and compliance teams, information technology partners, health affairs, clinical practices, and faculty to understand information uses and guide balanced security measures that respect the diverse needs of faculty, staff, students, and patients.
This position leads development of the University's information security strategy, policies, and practices. The successful candidate will demonstrate a distinguished track record of understanding and attention to the application of information security in a world-class institution of teaching, learning, clinical care, and research.
The position requires a combination of strategic leadership, relationship building skills to develop and implement security programs, broad technical knowledge and subject-matter expertise (threat landscape, security, legal, policy, compliance, and identity and access management). This position leads outreach, communication and education efforts to raise campus-wide awareness of information security risk, requirements and solutions; provides strategic and technical guidance and assistance in the design and implementation of appropriate security processes for campus-wide information systems.
Posting Position Title: Chief Information Security Officer
University Job Title: Chief Information Security Officer
Work Week: Standard (M-F equal number of hours per day)
Required Skill/ability 1: Proven ability to be a consensus builder, collaborative and persuasive leader who can serve as an effective member of the senior leadership team. Demonstrated understanding of the needs of faculty, researchers, and administrators with highly sensitive data.
Required Skill/ability 2: Proven ability to communicate complex information/issues & security-related concepts/risks in an effective, clear and to the point manner to a broad range of technical & non-technical faculty, researchers, staff & students.
Required Skill/ability 3: Demonstrated thorough understanding of current compliance and risk management standards and practices. Proven ability with disaster recovery planning, business resumption planning, and contingency planning, auditing, risk assessment.
Required Skill/ability 4: Demonstrated application of creative solutions that advance institutional objectives while maintaining appropriate controls & risk management. Demonstrated sound judgment, with an open and collaborative style of leadership that encourages teamwork & cooperation and a strong role model, manager & coach.
Required Skill/ability 5: Demonstrated collegial approach to work through interpersonal skills, teamwork & partnership skills. Demonstrated ability to work with a broad variety of diverse people individually and across organizations. Demonstrated a passion for excellent service & commitment to exceptional quality.
Preferred Education, Experience and Skills: Applied experience in a large academic research and health care setting strongly preferred.
Required Licenses Or Certifications:
Bachelor's Degree and CISA, CISSP or other security certification/accreditation required. A minimum of ten years progressively responsible information technology security/information security audit management experience in a complex environment required; or an equivalent combination of education and experience.
Yale University is an American private Ivy League research university located in New Haven, Connecticut. Founded in 1701 in the Colony of Connecticut, the university is the third-oldest institution of higher education in the United States.