Chief Information Security Officer
Job posting number: #7075957 (Ref:JAX28410)
Posted: March 12, 2021
Application Deadline: Open Until Filled
Reporting to the CIO, the Chief Information Security Officer has top line responsibility for the development and delivery of an institution-wide information security program. The incumbent provides vision and leadership, and directs the planning, implementation and sustainability of security defenses for enterprise systems, business operations, and IT facilities defenses. This individual is responsible for auditing existing systems and directing the administration of security policies, activities, and standards. Holds top line responsibility for responding to information security incidences and breaches.
The Chief Information Security Officer coordinates information security efforts across Jackson Labs, including Human Resources, Legal, Fiscal Services, Communications, and Facilities. The incumbent interfaces with mid- and senior management and faculty members to ensure the ongoing integration of information security with business strategies and requirements, and to address requests and concerns impacting information security. The Officer operates integrally with the Information Technologies (IT) infrastructure team, applications team and IT business office. The incumbent supervises and directs the work of a team of two or three information security systems administrators. Externally, the Officer serves as the institution contact point for information security matters. Is responsible for interfacing with vendors, auditors and compliance officers, bank officials and government officials.
This individual is accountable as the Chief Information Security Officer for the Payment Card Industry (PCI) and the Health Insurance Portability and Accountability Act (HIPAA). The HIPAA scope pertains to any activities at The Jackson Laboratory involving HIPAA compliance. The incumbent directs the HIPAA security operations in Human Resources with respect to the Jackson Laboratory health care plan and benefits. The incumbent ensures compliance with documented regulatory and industry privacy and security standards for information systems and technology. This is accomplished by leading cross-departmental teams; developing appropriate protocols; leading implementations and improvements for compliant practices; supporting and monitoring vulnerabilities and compliance; and responding to and reporting on breaches as required by such standards and regulations.
Strategy & Planning
- Defines the program and takes responsibility for governance processes of the Laboratory’s security strategies.
- Leads strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies.
- Develops and communicates security strategies and plans to executive team, staff, partners, customers, and stakeholders.
- Makes decisions in consideration of institutional and departmental business strategic imperatives.
- Provides security requirements for the design and implementation of systems under regulatory control.
- Provides requirements for the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
- Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices.
Acquisition & Deployment
- Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies.
- Perform contract review for adherence to security policies and for resolution of issues
- Define standards for vendor access to systems and data and perform ongoing vendor security audits.
- Holds ultimate responsibility for communicating Jax’s security vision via regular written and in-person communications with the Laboratory’s executives, department heads, and end users.
- Work closely with IT staff to secure information, computer, network, and processing systems.
- Define and lead the design and oversight of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
- Define and lead the design and oversight of the IT facility’s security systems and their corresponding equipment or software, including fire alarms, locks, intruder detection systems, sprinkler systems, and anti-theft measures.
- Develop, track, and control the security services annual operating and capital budgets for purchasing, staffing, and operations.
- Develop security systems and processes to ensure that facilities, premises, and equipment adhere to all applicable laws and regulations.
- Manages direct reports. Promotes their training and development in information security and regulations. Ensures creation of a team knowledge base.
- With the Legal department, craft, recommend and implement changes in security policies and practices in accordance with changes in local or federal law. Audit for compliance.
- Creatively and independently provide resolution to security problems in a cost-effective manner.
- Assess and communicate any and all security risks associated with any and all purchases or practices performed by the Laboratory.
- Collaborate with IT staff and human resources to establish and maintain a system for ensuring that security and privacy policies are met.
- Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations.
- Remain informed on trends, regulations and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.
PCI and HIPAA Security Officer
- Establish required policies and procedures for PCI and HIPAA technology and systems security that are compliant with standards and regulations
- Document compliant policies and procedures for systems and technology
- Establish and maintain a record of required actions, activities, and assessments of the security standards
- Create security awareness training programs and conduct such training.
- Ensure that plan operations and actual practice conform to the security regulation requirements
- Monitor internal control systems to ensure that the appropriate information access levels and security clearances are maintained.
- Investigate and respond to incidences and breaches of HIPPA and PCI technology and systems security. Report breaches as required by regulations.
- Performs information security risk analysis and periodic information systems review for security
- Manages security incident response activities and serves as primary contact person.
- Develops and conducts training on PCI and HIPAA security regulations and insures that all workforce members who perform functions related to such regulations and all business associates who we interact with that are subject to regulations are appropriately trained.
- Serves as internal and external liaison to parties required to comply with PCI and HIPAA security regulations and standards to insure they are implemented consistently
- Cooperates with the Office of Civil Rights, Department of Health and Human Services, or other legal entities. In compliance reviews and investigations.
- Four-year university degree or college diploma in the field of computer science or another technological field, and 10 years equivalent work experience.
- Strong IT technical skills- Knowledge of technology environments, including information security, building security, and defense solutions. Substantial exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems.
- Proven experience in planning, organizing, and developing IT security and facility security system technologies. Proven experience in developing and administering security programs, policies and compliance/incident response activities.
- Considerable knowledge of business processes. In-depth knowledge of applicable laws and regulations as they relate to security.
- In depth working knowledge of HIPAA and PCI regulations and best practices.
- Proven ability to lead IT teams and cross functional teams and make top line decisions that impact the institution.
- Excellent verbal and written communication skills.
- Proven ability to lead and develop direct reports to maximize their work performance, develop their skills and develop a knowledgeable security team.
The Jackson Laboratory (JAX) is an independent, nonprofit biomedical research institution with more than 2,300 employees. Headquartered in Bar Harbor, Maine, it has a National Cancer Institute-designated Cancer Center in Augusta, Maine, a genomic medicine institute in Farmington, Connecticut, and facilities in Ellsworth, Maine, Sacramento, California, and Shanghai, China. Its mission is to discover precise genomic solutions for disease and empower the global biomedical community in the shared quest to improve human health.
JAX Genomic Medicine is transforming medicine by improving patient care, lowering costs, and increasing life span and health span. JAX Genomic Medicine’s research focuses on the complex genetic causes of disease and on the development of genomic solutions tailored to each person's unique genetic makeup.
JAX Genomic Medicine sits on a 17-acre site on the campus of the University of Connecticut Health Center. The 183,500-square-foot facility opened in the fall of 2014. Now, it houses over 300 biomedical researchers, technicians, and support staff in state-of-the-art computing facilities and laboratories.
In Connecticut, JAX resides in the scenic town of Farmington, in the state’s capitol region. The Hartford region, which offers some of the best public schools in the country, is made up of both bigger cities and smaller, charming historic New England towns. JAX Genomic Medicine is also geographically located within 2 hours of Boston and New York and is close to multiple transportation systems, including bus lines, highways, railroads and international airports.
JAX employees work in a collaborative, value-driven, and team-based environment where the focus is on advancing science and improving patients’ lives. Researchers apply genetics to increase the understanding of human disease and advance treatments and cures for cancer, neurological and immune disorders, diabetes, aging, and heart disease. JAX was voted among the top 15 “Best Places to Work in Academia” in the United States in a poll conducted by The Scientist magazine!
INTEGRITY - Courage and commitment to do what is right
PEOPLE - Inspiring our people to enhance the health of all
ONE TEAM - Unified by our promise to transform medicine and science
EXCELLENCE - Achieving world-class results
INNOVATION - Leading with discovery and creative solutions
STEWARDSHIP - Caring for and enhancing the resources entrusted to us
What do we have to offer?
JAX offers a dynamic and supportive work environment, competitive salaries, and a comprehensive benefits package, including a medical plan, outstanding retirement plan, generous paid time off, and tuition reimbursement including an MBA program. Our campus offers a fitness center with an award-winning wellness program and an onsite full service cafeteria.
Most importantly, every position contributes to JAX’s mission of discovering precise genomic solutions for human disease and empowering the global biomedical community in our shared quest to improve human health.
Employment will require successful completion of references, background check, credit check, pre-employment physical, and an appropriate non-compete agreement.
The Jackson Laboratory provides equal employment opportunities to all employees and applicants for employment in all job classifications without regard to race, color, religion, age, mental disability, physical disability, medical condition, gender, sexual orientation, genetic information, ancestry, marital status, national origin, veteran status, and other classifications protected by applicable state and local non-discrimination laws.
Learn more about career opportunities at JAX: http://www.jax.org/careers.