Director - Data Protection - Risk

The Director Data Protection is a strategic leadership position that works collaboratively with the CISO, Deputy CISO, and Directors to achieve IS goals to serve our patients and business partners. This Director is accountable for objectives and key results including: 1). Report comprehensive metrics describing the state of protection across all Mayo enterprise data. 2). Scope, plan, architect, implement, and maintain data protection. 3). Report comprehensive metrics describing the state of data loss prevention.

The Office of Information Security (OIS) Director demonstrates the highest level of accountability and strategic alignment for achieving Mayo Clinic’s information security objectives. The Director is accountable for defining, building and sustaining program capabilities that align with Mayo’s information security strategy, enterprise risk management strategy, industry best practice, and regulatory requirements.  They work across organizational areas to ensure Mayo’s information security program is aligned with Mayo’s goals and is delivered with high quality and within budget.  They provide vision and strategic direction for enabling a comprehensive Information Security Program supporting a significant portion of the Information Security program portfolio. The Director is a security expert in their own right and maintains a high level of competence relative to the current state of information security practice. They lead their teams to establish, run and improve operational services, and they use metrics, SLAs, and dashboards to demonstrate performance and good stewardship of Mayo resources. The Director oversees managers and operational services for the first and second line of information security defense. They navigate complex organizational reporting relationships, ensuring a proper balance between enabling business processes and the security of Mayo’s data and operations. They participate in complex information security decisions, ensuring accurate and clear risk information is available.  They serve as information security change agents across Mayo Clinic and serve on institutional committees.

Recruits and retains an information security team that possesses the skills and aptitude to execute the information security program.  Acts as a facilitator, mediator, and conflict manager on difficult issues. Networks broadly internally, externally, with peer organizations and vendors to identify, benchmark, introduce and maintain best practices.

Builds a customer-aligned, service-focused team working collaboratively with physician and administrative colleagues across the enterprise.  Strong demonstrated ability to lead, motivate, develop, and coach a cross-section of information security and technology professionals and managers.  Demonstrated ability to convert the information security goals and objectives of the organization into practical, actionable and cost-effective projects that support the mission of Mayo Clinic.

Ability to gather, analyze and interpret data to assure effective and efficient management and execution of strategy. Demonstrated ability to build effective, cohesive, diverse and inclusive teams with strong commitment to mutual respect.

*This position is 100% remote work. Individual may live anywhere in the US.
**This vacancy is not eligible for sponsorship / we will not sponsor or transfer visas for this position.
During the selection process, you may participate in an OnDemand (pre-recorded) interview that you can complete at your convenience. During the OnDemand interview, a question will appear on your screen, and you will have time to consider each question before responding. You will have the opportunity to re-record your answer to each question - Mayo Clinic will only see the final recording. The complete interview will be reviewed by a Mayo Clinic staff member and you will be notified of next steps.

Bachelor's degree in computer science, information systems, engineering, business administration, medical or related field is required. Master's degree in computer science, information systems, engineering, business administration or a related field is required or will be completed within 3 years.

A minimum of 10 years of experience applying information security or risk management concepts in a business setting. Prefer experience in an integrated healthcare setting or regulated environment.  Minimum 10 years managerial experience required.

Licensure or Certification:

- Certified as CISSP, GSEC, CISM, or security equivalent.  
- Other related certifications such as ITIL, PMP, CIPP, CRISC, CFE, CGEIT, CPA/CA are preferred, but not required.   
 

Why Mayo Clinic
Mayo Clinic is top-ranked in more specialties than any other care provider according to U.S. News & World Report. As we work together to put the needs of the patient first, we are also dedicated to our employees, investing in competitive compensation and comprehensive benefit plans – to take care of you and your family, now and in the future. And with continuing education and advancement opportunities at every turn, you can build a long, successful career with Mayo Clinic. You’ll thrive in an environment that supports innovation, is committed to ending racism and supporting diversity, equity and inclusion, and provides the resources you need to succeed.
Benefits Highlights

• Medical: Multiple plan options.
• Dental: Delta Dental or reimbursement account for flexible coverage.
• Vision: Affordable plan with national network.
• Pre-Tax Savings: HSA and FSAs for eligible expenses.
• Retirement: Competitive retirement package to secure your future.