Required Qualifications (As evidenced by an attached resume) :
Bachelor's degree (foreign equivalent or higher degree). One or more active cyber security certifications (e.g. CISSP, CISM, HCISPP, GSEC, etc.). Seven years of full-time, increasingly complex information security/cybersecurity experience. Management experience. Experience mentoring information technology professionals. Demonstrated experience working, collaborating, and establishing credibility and relationships with senior leadership, colleagues and customers. Demonstrated experience evaluating and managing cyber risk, and working within industry-standard frameworks (e.g. NIST Cybersecurity Framework, CIS Top 20, NIST 800-XX, etc.)
Advanced degree (foreign equivalent or higher degree). Information security/cyber security experience in a healthcare organization, or a complex, distributed Higher Education/Academic environment with an associated Medical Center. Demonstrated experience with developing enterprise-level information security policy. Experience presenting information security/cybersecurity information and concepts to senior-level executives. Experience coordinating with key stakeholder groups, such as legal counsel, internal audit, and law enforcement.
Brief Description of Duties :
The ACISO & HIPAA Security Officer reports to the University Chief Information Security Officer & Assistant Vice President (CISO/AVP) and is charged with providing strategic direction and setting priorities for Stony Brook Medicine's cybersecurity efforts. The incumbent has the authority to cover, and act on behalf of the Assistant Vice President, as needed, and sits, at the highest level, as a member of the executive team. Incumbent works collaboratively with technical, non-technical and clinical colleagues to protect Stony Brook Medicine's information assets and provide relevant services to the Stony Brook University community. The incumbent approaches information security in a holistic, risk-based manner, giving priority to efforts with the greatest impact across the University. The incumbent is responsible for leading the development, implementation, and maintenance of cybersecurity strategy for Stony Brook Medicine, and will also work closely with the CISO/AVP in support of the overarching Information Security Program.
Incumbent will serve as the lead for SBM Information Security Program initiatives and oversight, and take the lead in developing and implementing a risk management framework, with an emphasis on PHI (Protected Health Information) data security. Additionally, the incumbent directs information security team members.
The successful incumbent will have excellent interpersonal and customer service skills, exercising strong organizational skills with an exceptional attention to detail. Essential for this role is the adeptness to work independently as well as part of a team with a collaborative approach to problem solving. It is also noted that having experience successfully building consensus among a large number of diverse colleagues, senior leadership and outside agencies to address and resolve issues is a major aspect to the success of this position as is having strategic and analytical thinking skills with an ability to solve problems and make effective decisions.
Strategic Initiatives: Incumbent provides vision and strategic direction in the areas within this position's portfolio. Participates in strategic planning and development of annual goals and objectives for the Information Security Program, with special attention to providing leadership for those related to the areas within this position's portfolio. Serves as a backup and partner to the CISO/AVP to work toward the achievement of division goals and objectives. Incumbent is authorized to act on AVP's behalf, for West Campus, HSC, and Hospital matters and the authority to cover for AVP, if they are unavailable. Incumbent will participate in meetings, at the highest level and is an integral part of the executive team in DoIT. Incumbent ensures delivery of a suite of highly aligned services including superior customer experience and support for external and internal customers
Information Security and Cybersecurity Oversight:
Policies : Determine, formulate and administer information security policies and procedures to mitigate risks and ensure the security and privacy of the Stony Brook Medicine's data assets. Ensure compliance with SUNY policy; federal and state requirements such as HIPAA. Serves as the University's designated HIPAA Security Officer.
Program Leadership : Lead the development, implementation, and maintenance of elements associated with the University's formal campus-wide information security program to protect Stony Brook Medicine's information assets. Coordinate responses to cybersecurity incidents and data breaches. Work closely with the offices of University Counsel, Internal Audit, and University Police on matters involving confidential/sensitive data. Serve as a liaison to federal, state, local, and professional organizations for information security/cybersecurity matters. Collaborates with all members of the Information Security team and IT staff across campus to achieve information security goals without duplicating efforts.
Budget Management: Manage applicable budgets, with responsibility for projecting, developing, administering, and reconciling the budgets consistent with University and organizational goals.
Risk Management: Establish a repeatable method for measuring and communicating risk to senior leadership, and effectively communicate that risk to the appropriate risk owners. Identify risks to sensitive data, and establish methods for mitigation and reduction of risk-items that are deemed unacceptable. Identify applicable administrative and technical controls. Serves as an advisor to the business regarding cybersecurity practices and controls.
Supervision : Develop and implement appropriate professional development and training programs for direct reports. Ensure all employees in this position's portfolio have development and training plans. Measures the success of program efforts and makes adjustments when appropriate. Serves as a second point of contact for the Information Security team in the event that the CISO/AVP is unavailable.
Outreach and Professional Development : Participate, as appropriate, in internal and external professional activities, such as an author, committee member, search chair, meeting or conference presenter, staying abreast of emerging developments within the field, and educating the SBM community.
Other duties or projects as assigned as appropriate to rank and department mission.
Special Notes: This is a Management Confidential position. This is a full time appointment. FLSA Exempt position, not eligible for the overtime provisions of the FLSA. Minimum salary threshold must be met to maintain FLSA exemption.
Due to U.S. Export Control laws and regulations, the candidate hired will need to be a U.S. citizen, lawful permanent resident, or other "protected individual" (as defined by 8 U.S.C. Sec. 1324b(a)(3).
Pursuant to Executive Order 161, no State entity, as defined by the Executive Order, is permitted to ask, or mandate, in any form, that an applicant for employment provide his or her current compensation, or any prior compensation history, until such time as the applicant is extended a conditional offer of employment with compensation. If such information has been requested from you before such time, please contact the Governor's Office of Employee Relations at (518) 474-6988 or via email at
About Stony Brook:
Long Island's premier academic medical center, Stony Brook Medicine represents Stony Brook University's entire medical enterprise and integrates all of Stony Brook's health-related initiatives: education, research and patient care. It encompasses Stony Brook University Hospital, Stony Brook Children's Hospital, the five Health Sciences schools — Dental Medicine, Health Technology and Management, Renaissance School of Medicine, Nursing and Social Welfare — as well as the major centers and institutes, programs and more than 50 community-based healthcare settings throughout Suffolk County. With 603 beds, Stony Brook University Hospital serves as Suffolk County's only tertiary care center and Regional Trauma Center. Stony Brook Children's, with more than 180 pediatric specialists in 30 specialties, offers the most advanced pediatric specialty care in the region.
Stony Brook University is an Affirmative Action/Equal Opportunity employer. We encourage protected veterans, individuals with disabilities, women and minorities to apply.
If you need a disability related accommodation, please call the University Human Resource Services Department at (631) 632- 6161 or the University Hospital Human Resources Department at (631) 444-4700. In accordance with the Title II Crime Awareness and Security Act, a copy of our crime statistics is available upon request by calling (631) 632- 6350. It can also be viewed on line at the University Police website at http://www.stonybrook.edu/police .
Department/Hiring Area: Division of Information Technology - Information Security-Stony Brook University
Schedule: Full-time Shift: Day Shift Shift Hours: 8:30AM - 5:00PM Pass Days: Sat, Sun
Posting Start Date: Apr 8, 2019
Posting End Date: May 9, 2019, 3:59:00 AM
Salary: Commensurate with experience
Salary Grade: MP3
Appointment Type: Term
Internal Number: 1901120
About Stony Brook University
FROM ITS BEGINNINGS A HALF-CENTURY AGO, STONY BROOK UNIVERSITY HAS BEEN CHARACTERIZED by innovation, energy and progress, transforming the lives of people who earn degrees, work and make groundbreaking discoveries here. A dramatic trajectory of growth has turned what was once a small teacher preparation college into an internationally recognized research institution that is changing the world.