Northeast Ohio Medical University — Director of Information Security

The Director is responsible for NEOMED’s overall information security and risk management requirements and for working closely with the Chief Information Technology Officer (CITO), senior administration, and the university community on the development and delivery of a comprehensive information security strategy to optimize the security posture of the university. The Director leads the development and implementation of a security program that leverages collaborations and university resources, facilitates information security governance, makes recommendations for IT security investments, and designs appropriate policies to manage information security risk. The Director is also expected to oversee and manage the University’s casualty and property insurance program. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other strategic goals of the University.

Northeast Ohio Medical University is an AA/EEO Employer. The university has a strong commitment to the principles of diversity and inclusion and to maintaining working and learning environments that are free from all forms of discrimination. Women, individuals with disabilities, veterans and minorities are strongly encouraged to apply.

Pay Grade: 13
Starting Salary Range: $87,409 – $98,000
Location: Rootstown, OH

Benefits Offerings Include:

  • Hybrid Workplace
  • Competitive Health, Vision, Dental
  • Flexible Spending Account
  • State Retirement with 14% matching
  • Excellent Vacation and Sick Time
  • 12 Paid Holiday Days
  • Wellness Offerings
  • Short and Long Term Disability Coverage
  • Life Insurance

For additional details visit:

Principal Functional Responsibilities

1) Information Security Program Leadership:
Responsible for the strategic leadership of the University’s information security and risk management programs in support of the University’s mission and strategic plan; Develop and administer an institutional information security strategic plan, inclusive of annual and long-range security and compliance goals, security strategies, metrics, and reporting mechanisms; Develop and communicate business cases for security initiatives; Create maturity models and a roadmap for continual program improvements; Recommend and implement strategies and controls to ensure information security; Apprise university leadership and other stakeholders on existing and emerging information security risks and opportunities as well as progress on the information security strategic plan; Manage University-wide information security governance processes; Participate as a member of the Technology Advisory Council to provide pertinent security information and input; Assist with strategic and tactical planning, budget preparation, initiatives, project planning and coordinate the development and execution of effective security programs with the CITO; Review hardware, software and services being considering for procurement and implementation to assess security strengths, risks, and assure proper information security controls are utilized to support university business needs; Provide security requirements to be included in RFPs for technology procurement; Maintain awareness of information security issues, best practices and regulatory changes affecting higher education at the state and national level and communicate to the University campus on a regular basis about such topics.

2) Risk Management and Incident Response:
Lead the annual IT Risk Management process and maintain the efficacy of the IT Business Continuity and Disaster Recovery Plans; Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies; Develop, implement and administer technical security standards and tools to address and mitigate security risks; Oversee incident response planning and security breach investigations and notifications; Act as primary control point during significant information security incidents; Convene the NEOMED Information Security Incident Response Team (NISIRT) as needed or requested, in addressing and investigating security incidents that arise; Work with IT and other University stakeholders to ensure security issues are addressed; Examine impacts of new technologies on NEOMED’s overall information security; Establish processes to review implementation of new technologies to ensure security compliance.

3) Policy, Compliance, and Audit:
Develop and implement appropriate policies, procedures, standards and guidelines in coordination with University leadership and other stakeholders to ensure the security of NEOMED’s information security and information technology environments as well as compliance with relevant regulations and law; Lead efforts to internally assess, evaluate and make recommendations to University leadership regarding the adequacy of the security controls for the University’s information and technology systems; Work with Offices of Accounting & Budget, Financial Aid, and the General Counsel as well as outside consultants as appropriate on required security assessments and audits; Coordinate and track all information technology and security related audits including scope of audits, departments/divisions involved, timelines, auditing agencies and outcomes; Work with auditors as appropriate to keep audit focus in scope and maintain excellent relationships with audit entities; Provide guidance, evaluation, and advocacy on audit responses; Contribute to the overall development of IT’s strategic goals, performance metrics, communication practices, and culture; Develop and implement strategies for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI, GLBA, and FERPA, among others.

4) Outreach, Education, and Training:
Develop and lead education and training programs for all university stakeholders on institutional policy, guidelines, federal and state laws and regulations, and best practices regarding information security and risk management; Collaborate with other government, higher education, and private sector security officers on security-related initiatives; Serve on state and national information security organizations and participate in related discussions; Work closely with University leadership and stakeholders on education related to a wide variety of security issues that require an in-depth understanding of the IT environment in their units, as well as the best practices, vulnerabilities, and federal regulations that pertain to their unit’s areas.

5) Insurance Program Management:
Provide ongoing management of the University’s risk exposure by working with the Inter-University Council Risk Management and Insurance Consortium (IUC-RMIC), submitting claims, and responding to all University insurance-related needs; Complete annual insurance renewal process in coordination with University stakeholders and leadership.

6) Performs other duties as assigned

Education/Degrees: Bachelor’s degree in computer science or other related technology field required; Master’s degree in business administration or related field preferred. Certified Information Systems Security Professional (CISSP) or equivalent information security certification is required.

Experience: Minimum of 10 years of experience with evidence of increasing levels of responsibility working in either information technology, information security, audit, risk management, and/or regulatory compliance. Experience with business continuity, disaster recovery, auditing, training and education, property/casualty insurance programs, vulnerability assessments, contract/vendor negotiations, cybersecurity, and incident management. Experience with PCI DSS, FERPA, HIPAA, and the Gramm-Leach-Bliley Act.

Key Skills, Personal Characteristics, and Key Competencies

  • Excellent interpersonal skills
  • Strong analytical and problem-solving skills with attention to detail
  • Working knowledge of security systems (i.e., vulnerability scanners, XDR) and information security program frameworks (i.e., NIST, ISO, CIS)
  • Ability to work in a team or group environment
  • Strong professional administrative skills in managing time, projects, and deadlines
  • Ability to build consensus within groups
  • Ability to negotiate with a broad range of University constituents and third parties
  • Excellent written and oral communication skills, including public presentation skills
  • Proficiency in the use of all Microsoft Office products.
  • Ability to work with a minimum of supervision

Core Competencies

Leadership: NEOMED creates positive change by educating and training Ohio’s next generation of health professionals, educators, and researchers through experiential learning, high-impact research, strategic partnerships, and innovation. By designing an environment where ideas and connections can flourish, NEOMED is transforming health care.

Exceptional Experience: By creating a welcoming, supportive and well-resourced environment, NEOMED sets the stage for meaningful interactions among its students, faculty, staff, alumni, partners, and community members. The University empowers every individual to participate fully in the campus experience and the community that NEOMED serves.

Diversity, Equity, and Inclusion: NEOMED recognizes, appreciates, and celebrates all of the ways-from backgrounds to viewpoints-that people are different. The University’s culture is grounded in respect and thrives on the uniqueness of each individual. NEOMED encourages everyone’s participation by fostering policies and practices that ensure fair and just access, treatment, and opportunities for all.

People: Talent is NEOMED’s most valuable asset. The University invests in developing its faculty and staff to realize their fullest potential. As it works to attract and retain a diverse workforce and student body, NEOMED embraces opportunity and growth across all levels of the institution

Applicants should apply here: