- This position is security-sensitive and subject to Texas Education Code 51.215, which authorizes UT Southwestern to obtain criminal history record information
This position is responsible for establishing the enterprise Information Security strategy and program that ensures the universities critical information resources are protected. Consistent with UT System practice, the CISO reports directly to the UT Southwestern President
Master's degree in related field and 10 years progressive experience with at least two (2) years in an executive capacity.
Designated by the University’s Chief Administrative Officer to fulfill the responsibilities of the Chief Information Security Officer as defined by TAC 202 and UTS 165. Leading the day to day operations of the information security function including incident response, workforce education, vulnerability management, risk assessments, intrusion prevention, regulatory compliance (HIPAA, PCI, and GDPR), procedure development, and forensic investigations. Provides information security for all centralized and decentralized IT.
Responsible for the design, execution and effectiveness of a system of internal controls which provides reasonable assurance that operations are effective and efficient, assets are safeguarded, financial information is reliable, and compliance with applicable laws, regulations, policies and procedures.
- Reporting emerging issues, provide status reports, and championing overall strategy and budget needs periodically to the UT Southwestern president and executive staff.
- Maintain a current understanding of the information security threat landscape within an academic healthcare environment.
- Coordinating secure design and configuration of systems with IT management.
- Communicating risks and best practices to all areas of the University, both inside and outside of IT.
- Creating organization level information security policies and procedures based on the NIST framework and state security legislation.
- Leads the investigation and remediation of security breaches (Computer Incident Response Team), initiates appropriate action to protect information assets, and assists with disciplinary and legal matters associated with such breaches.
- Planning, initiating and managing department budget for various aspects of IT operations.
- Participate in organization governance committees to guide security posture.
- Documents and maintains an up to date institutional information security program.
- Manage the IT Recovery Program, ensuring disaster recovery and business continuity plans are in place and tested.
- Monitor the UT Southwestern network for security breaches.
- Reports to Texas Department of Information Resources and UT System Information Security office as needed for matters concerning information security.
- Coordinates compliance with internal and external information security requirements via proactive assessment and audits.
- Provide mentoring and training to information security team members.
- Develops and maintains a cost effective information technology security program including development and implementation of security standards, policies and procedures, awareness and training plan, and overall information security infrastructure.
- Serves as the information security liaison with external entities including U.T. System, peer institutions, and other universities, along with State and Federal agencies. Responds to security surveys and audits from U.T. System, State Auditor’s Office, and DIR.
- Works closely with the Offices of Legal Affairs and Institutional Compliance to endure conformity with federal and state laws and regulations as well as IT security standards, policies, and procedures of U.T. System information security conferences.
- **Other Duties: Performs other duties as assigned.
CERTIFICATION/KNOWLEDGE, SKILLS, & ABILITIES
Work requires ability to ensure adherence to all policies and procedures of University.
Work requires ability to effectively interpret and apply organizational policies, procedures, and systems.
Work requires proven supervisory, customer service, and written and verbal communication skills.
Work requires ability to plan, organize, coordinate, and supervise work of employees as necessary to ensure desired results are achieved.
Work requires telephone and personal contact with all levels of internal and external personnel and organizations.
Work requires ability to monitor and maintain budget. Certified Information Systems Auditor and/or Certified Information Systems Security Professional preferred.
Expert knowledge of current information security laws and accepted industry practice.
Expert understanding of TCP/IP networking.
Knowledge of the network and server hardware, software, and security tools that UT Southwestern has deployed.
UTSouthwestern Medical Center is committed to an educational and working environment that provides equal opportunity to all members of the University community. In accordance with federal and state law, the University prohibits unlawful discrimination, including harassment, on the basis of: race; color; religion; national origin; sex; including sexual harassment; age; disability; genetic information; citizenship status; and protected veteran status. In addition, it is UTSouthwestern policy to prohibit discrimination on the basis of sexual orientation, gender identity, or gender expression.