Job Information
University of Michigan Chief Information Security Officer - University of Michigan Academic Medical Center in Ann Arbor, Michigan
Chief Information Security Officer - University of Michigan Academic Medical Center
Apply Now
How to Apply
Applicants should provide a cover letter specifically and concisely outlining their experiences as relevant to the listed role requirements without exceeding an overall submission of 4 pages including resume.
Job Summary
The University of Michigan?s Information Assurance team at Michigan Medicine (IA:MM) believes in promoting a shared responsibility of security to enhance how we provide care, learning and protect the quality of healthcare. We implement balanced assurance solutions and focus on practical Information Assurance to protect the systems, data, and identities on which Michigan Medicine relies for its operations.
We are looking for a Chief Information Security Officer for the Academic Medical Center (AMC) which is comprised of the U-M Medical School (UMMS) and the U-M Health (UMH). You will report to the Michigan Medicine Chief Information Security Officer and will earnestly contribute as part of the IA:MM leadership team to the greater vision for assurance at Michigan Medicine and our communities.
You will oversee the alignment & integration of organizational, risk, and technology strategies, ensuring that the business requirements and protective services for the AMC are part of an integrated information assurance program for Michigan Medicine. Your direct reports will be the Lead for Cybersecurity Threat Intelligence, the Cybersecurity Risk Manager and the Director of Information Assurance Operations with a combined staff of 50 FTE and will work closely with the Regional Health Network and Academic Medical Center technology leadership to align and prioritize resources.
Additional objectives for this role are to centralize common information security capabilities with those of our regional health network information assurance department and differentiate specific capabilities as required.
You will be an advocate for the AMC information security program to protect the AMC workforce, patients, and their data across the state as well as contribute to the overall digital resiliency of the organization. You will have the opportunity to develop autonomy and mastery in navigating complex organizations and to coach our cybersecurity and risk management recruiting pipeline.
Opportunity and Benefits
Our team protects Michigan Medicine together - shielding patients, researchers, providers, students, data, systems, and identities from cybersecurity threats. We value diverse backgrounds and experiences, and we champion our staff. We offer a robust benefits package that includes comprehensive training and career development opportunities, generous retirement savings plans, ample paid time off, and a wealth of family care support: https://careers.umich.edu/benefits/ .
You will work at one of the best learning and research institutions in the world, and you will have the ability to negotiate alternative work schedules and remote or on-site options to suit your work-life balance.
This role is eligible for U-M Flexible First telecommuting agreements that fit into the expectations of the Michigan Medicine Chief Information Security Officer and the Michigan Medicine Human Resources definitions and guidance: Remote Working for Michigan Medicine Staff | Human Resources (https://hr.medicine.umich.edu/hr-services/hr-resources/remote-working-michigan-medicine-staff) . Specific conditions and expectations can be clarified for candidates.
Apply to be part of a strong team that partners with our institution, community, and each other.
Our Division?s Mission
We serve as a trusted partner and provide a best-in-class security program to uphold and protect the mission of Michigan Medicine.
Our Division?s Vision
We believe in cultivating a shared responsibility of security to enhance how we provide care, deliver education, and create innovation to protect the quality of healthcare.
Our Division?s Principles
Prioritize your self-care, family-care, team-care,thenthe work.
Implement balanced assurance solutions.
Strengthen our department?s capabilities.
Develop an assurance-minded workforce.
Focus on practical information assurance.
Responsibilities*
Partner engagement, business requirements gathering, and overall information security representation for the needs of University of Michigan Academic Medical Center.
Continuing in progress activities and strategies around identity assurance services and protections.
Differentiate as appropriate risk mitigation approaches for different major constituents of the AMC including faculty, students, clinical staff, and academic staff.
Co-develop technology, process, and practice integration plans across the Regional Health Network and AMC with a peer CISO in the U-M Regional Health Network.
Representation in improvement efforts for all aspects of Information Assurance programs in use at the AMC.
Develop and coordinate essential information assurance capabilities at the AMC using Michigan Medicine services including:
Vulnerability management
Controls assessment
Internal Audit remediation
Incident response
Cybersecurity threat intelligence
Identity assurance operations and solution engineering
Executive level reporting and presentations.
Required Qualifications*
The CISO-AMC will be an approachable, visible and servant leader, able to lead security investments and operations in the context of complex environments and drive change across the organization. You will have:
Bachelor?s degree
3+ years of prior experience as an IT related CxO role at a major healthcare company, academic medical center, government agency, or significant critical infrastructure industry (Chief Technology Officer, Chief Information Security Officer, Chief of Staff, Chief Information Officer).
Expert knowledge of infrastructure technology, cloud architectures, identity management, and relevant information security solutions.
Experience designing services and managing service level agreements with orientation toward the Information Technology Service Management (ITSM) frameworks or concepts.
5+ years? experience working in large matrixed, remote, or federated teams.
Experience with partner engagement, developing trust quickly, and supporting teams.
5+ years? experience leading successfully in a decentralized organization towards complex IT implementations or transformation.
Experienced executive with excellent communication skills capable of authoring and presenting to different levels of executives and leaders consistently.
Knowledge of legal and regulatory requirements relating to information security, including the HIPAA Security Rule, PCI-DSS, FISMA and the capability to understand emerging administrative rules and regulations from federal and state agencies.
Desired Qualifications*
Leadership experience in an academic medical center environment.
Prior experience as an information security leader in a complex organization or critical infrastructure sectors.
Certified Information Systems Security Professional (CISSP) or similar certification.
Modes of Work
Positions that are eligible for hybrid or mobile/remote work mode are at the discretion of the hiring department. Work agreements are reviewed annually at a minimum and are subject to change at any time, and for any reason, throughout the course of employment. Learn more about thework modes (https://hr.umich.edu/working-u-m/my-employment/ways-we-work-resource-center/ways-we-work-implementation-group/modes-work) .
Background Screening
Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings. Background screenings are performed in compliance with the Fair Credit Report Act. Pre-employment drug testing applies to all selected candidates, including new or additional faculty and staff appointments, as well as transfers from other U-M campuses.
Application Deadline
Job openings are posted for a minimum of seven calendar days. The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.
U-M EEO Statement
The University of Michigan is an equal employment opportunity employer.
Job Detail
Job Opening ID
262491
Working Title
Chief Information Security Officer - University of Michigan Academic Medical Center
Job Title
Information Systems Executive
Work Location
Michigan Medicine - Ann Arbor
Ann Arbor, MI
Modes of Work
Hybrid
Full/Part Time
Full-Time
Regular/Temporary
Regular
FLSA Status
Exempt
Organizational Group
Exec Vp Med Affairs
Department
MM HITS IA CISO Administration
Posting Begin/End Date
4/17/2025 - 5/08/2025
Career Interest
Information Technology
Apply Now