|
Assist Director Information Technology Security to implement information security plan and maintain application accesses for Information Systems supported by UVa Health System Computing Services.
Enterprise Security Awareness & Training Program Leadership
- With guidance from the GRC Director, lead the UVA Health cybersecurity awareness and training program, including annual planning, execution, and continuous improvement.
- Develop and deliver roleappropriate training for workforce members, including onboarding, annual refresher training, and targeted campaigns based on risk trends.
- Design, run, and continuously refine phishing simulation campaigns; analyze results, identify systemic risk patterns, and recommend corrective actions.
- Maintain program metrics and dashboards to demonstrate effectiveness, maturity, and risk reduction over time.
- Ensure documentation and evidence of training completion and program effectiveness are maintained to support audits and regulatory reviews.
Phishing & Social Engineering Risk Management
- Monitor and assess emerging phishing and social engineering techniques affecting healthcare organizations.
- Develop awareness content addressing realworld attack scenarios (e.g., phishing, spearphishing, business email compromise, vishing, smishing).
- Partner with IT Security Operations and Incident Response teams to incorporate lessons learned from security incidents into training and awareness activities.
Compliance Assessments & Governance Support
- Serve as a senior contributor to cybersecurity and regulatory compliance assessments by coordinating evidence collection, validating control effectiveness, and supporting remediation tracking.
- Participate in periodic security risk assessments and governance activities aligned with UVA Health's cybersecurity risk management practices.
- Collaborate with Internal Audit, Compliance, and Privacy stakeholders to support internal and external audits and readiness activities.
Policy Development & Lifecycle Management
- Lead or colead development, review, maintenance, and communication of IT security policies, standards, and procedures.
- Ensure policies reflect UVA Health governance expectations and are aligned with healthcare regulatory requirements and recognized cybersecurity frameworks.
- Coordinate policy lifecycle activities, including scheduled reviews, updates, approvals, and workforce communication.
Data Governance & Privacy Controls
- Apply and support cybersecurity controls related to data governance, data classification, and privacy protection for sensitive health and business information.
- Work closely with Privacy and Compliance teams to support appropriate handling of PHI and other regulated data across systems and workflows.
- Assist in identifying risks related to data access, use, and disclosure, and support mitigation strategies consistent with UVA Health standards.
Leadership & Collaboration
- Act as a subject matter expert and trusted advisor for security awareness, humancentric risk, and governance topics across the health system.
- Influence without authority by partnering with clinical, operational, academic, and administrative stakeholders.
- Mentor junior staff or contribute expert guidance within crossfunctional initiatives as assigned.
MINIMUM REQUIREMENTS Education: Bachelor's degree Experience: 5-7 years relevant experience. Relevant experience may be considered in lieu of a degree. Licensure: CISSP or HCISPP required or actively working on and can demonstrate a plan to achieve
Preferred Qualifications
- Experience leading healthcare cybersecurity programs or academic health systems.
- Experience with phishing simulation platforms and awareness maturity metrics.
- Familiarity with NIST CSF, HIPAA security principles, and healthcare compliance expectations.
- Certifications such as CISSP, HCISP, CISM, CISA, Security + is preferred.
PHYSICAL DEMANDS This is primarily a sedentary job involving extensive use of desktop computers. The job does occasionally require traveling some distance to attend meetings, and programs.
The pay range for this role is $91,312.00 - $168,748.00 annually. Individual compensation will be determined by the selected candidate's qualifications, previous work experience, and/or education.
Benefits
Comprehensive Benefits Package: Medical, Dental, and Vision Insurance Paid Time Off, Long-term and Short-term Disability, Retirement Savings Health Saving Plans, and Flexible Spending Accounts Certification and education support Generous Paid Time Off
UVA Health is a world-class Magnet Recognized academic medical center and health system with a level 1 trauma center. 2023-2024 U.S. News & World Report "Best Hospitals" guide rates UVA Health University Medical Center as "High Performing" in 5 adult specialties and 14 conditions/procedures. We are one of 70 National Cancer Institute designated cancer centers. UVA Health Children's is named by 2023-2024 U.S. News & World Report as the best children's hospital in Virginia with 9 specialties ranked among the best in the nation. Our footprint also encompasses 3 community hospitals and an integrated network of primary and specialty care clinics throughout Charlottesville, Culpeper, Northern Virginia, and beyond. The University of Virginia is an equal opportunity employer. All interested persons are encouraged to apply, including veterans and individuals with disabilities. Learn more about UVA's commitment to non-discrimination and equal opportunity employment.
|