Senior Director, Information Security (Research Security) - Hybrid Onsite/Remote

Overview

Remote
On Site
USD 152,000.00 - 266,000.00 per year
Full Time

Skills

Security awareness
Design engineering
Documentation
Storage
IT risk
Patch Management
Incident management
Vulnerability management
Security operations
Disaster recovery
Information security
Evaluation
Business process
Recovery
Business operations
Management
Data security
Intellectual property
Risk management
Cyber security
HIPAA
HITECH
Communication
Leadership
Training
Risk assessment
Compliance management
Access control
Data loss prevention
Intrusion detection
Encryption
Collaboration
Relationship building
EDS
Legal
Regulatory Compliance
CISSP
CISM
CISA
ISACA
Health care
Science
Clinical trials
Genomics
Emerging technologies
Research
Budget

Job Details

Job Description

The Senior Director of Research Security develops, implements, and oversees a comprehensive research security program, including policies, procedures, and training to protect sensitive research data, intellectual property, and infrastructure. Collaborating with key stakeholders, this role ensures regulatory compliance (including NSPM-33), investigates security incidents, and fosters a security-aware research culture. This leader also stays current on emerging threats and best practices to continuously improve the program.

Job Responsibility

  • The Senior Director of Research Security is responsible for developing, implementing, and overseeing a comprehensive research security program across the health system. This includes establishing policies, procedures, and training programs to protect sensitive research data, intellectual property, and research infrastructure from unauthorized access, theft, loss, or misuse.
  • This role will collaborate with research leadership, Enterprise Digital Services, legal, compliance, and other stakeholders to identify and mitigate risks, ensure regulatory compliance (e.g., HIPAA, export controls,), investigate security incidents, and promote a culture of security awareness within the research community.
  • The Senior Director will also be responsible for ensuring compliance with the NSPM-33 federal guidelines that require research institutions which meet certain funding requirements to standardized requirements related to (1) cybersecurity; (2) foreign travel security; (3) research security training; and (4) export control training.
  • In addition, the incumbent will be expected to stay abreast of emerging threats and best practices in research security to continuously enhance the program and safeguard the organization's research endeavors.
  • Plans, organizes, and directs the staff and activities for applicable information security design, engineering and operational support activities.
  • Develops and articulates a short and long-term strategic vision for areas of responsibility.
  • Leads the Information Security Team in the development, documentation and maintenance of security policies, guidelines, standards and baselines and procedures.
  • Interprets legislation or pending legislation related to the storage, retrieval, and protection of information assets or technology systems, and develops strategies for ensuring organizational compliance with regulations.
  • Oversees performance of IT risk assessments, reviews security architectures, identifies vulnerabilities, and oversees remediation activities.
  • Plans, organizes, and directs the staff and activities for applicable information security design within all health system computing environments.
  • Ensures compliance with HIPAA and other applicable regulatory and standards-based requirements.
  • Develops and oversees Information Security Programs (e.g. Emergency Patch Management, Incident Response, Vulnerability Management, Security Operations Center, Disaster Recovery).
  • Prepares recommendations for security enhancements and upgrades to Information Security tools, technologies and services portfolio.
  • Selects, develops, manages, and evaluates direct reports and oversees the development, selection, and evaluation of indirect reports.
  • Ensures performance appraisals are completed in a timely fashion.
  • Develops and enforces security protocols for application and infrastructure configurations.
  • Provides oversight to prioritizing risk remediation activities.
  • Assists company units to determine critical business processes, identify acceptable recovery time periods and establish resources required for the successful resumption of business operations in the event of a disaster.


Job Qualification

?Bachelor's degree in Computer Science, Cyber Security or related field, required.
?8-12 years of relevant experience and 7+ years of leadership / management experience, required.

Highly Preferred Skills

  • Deep understanding of research security principles: This includes knowledge of data security, intellectual property protection, export controls, cybersecurity threats, and risk management within a research environment. Familiarity with NSPM-33, federal funding agency security requirements, and NIST research security and cybersecurity frameworks is crucial.
  • Healthcare industry expertise: Understanding the unique regulatory landscape of healthcare research, including HIPAA, HITECH, FDA, IRB requirements, and other relevant regulations.
  • Leadership and communication: Ability to lead and influence cross-functional teams, communicate effectively with researchers, EDS staff, legal counsel, and senior leadership. Building consensus and fostering a security-conscious culture is essential.
  • Policy development and implementation: Experience creating and implementing research security policies, procedures, and training programs.
  • Risk assessment and mitigation: Ability to identify and assess research security risks, develop mitigation strategies, and implement appropriate controls.
  • Compliance management: Ensuring compliance with relevant regulations and internal policies, including NSPM-33 requirements.
  • Technical proficiency: Familiarity with relevant security technologies, including access control systems, data loss prevention tools, intrusion detection/prevention systems, and encryption technologies.
  • Collaboration and relationship building: Ability to build strong relationships with key stakeholders, including researchers, EDS staff, legal counsel, compliance officers, and external partners.
  • Continuous learning: Staying abreast of emerging threats, best practices, and evolving regulations in research security.
  • Certifications: Relevant certifications such as CISSP, CISM, CISA, or CRISC are highly preferred.

It's also beneficial to have experience with specific research areas within healthcare (e.g., basic science, clinical trials, genomics research) and emerging technologies relevant to research security.

*Additional Salary Detail
The salary range and/or hourly rate listed is a good faith determination of potential base compensation that may be offered to a successful applicant for this position at the time of this job advertisement and may be modified in the future.When determining a team member's base salary and/or rate, several factors may be considered as applicable (e.g., location, specialty, service line, years of relevant experience, education, credentials, negotiated contracts, budget and internal equity).
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.