Director Information Security and Risk Management

Shift:

Director Information Security and Risk Management

In an era where cyber threats evolve faster than ever, safeguarding patient lives, groundbreaking research, and educational excellence demands visionary leadership. As Director of Information Security & Risk Management at Nebraska Medicine and UNMC, you'll set the enterprise-wide cybersecurity strategy, owning the vision, reliability, and lifecycle of resilient defenses that protect our mission: transforming lives and creating a healthier future through extraordinary patient care, innovative research, and premier education. Lead high-impact teams in delivering secure, scalable solutions while influencing executives to champion innovation, operational excellence, and unbreakable trust in our academic health system.

Details: Director Information Security and Risk Management

• Candidates must reside in NE or IA
• This is a hybrid position - MUST BE ABLE TO WORK ON CAMPUS
• Preferred consideration will be given to applicants with Risk management and compliance expertise, including HIPAA, NIST CSF, PCI, and other regulatory framework
• Resume REQUIRED for consideration

Why Work at Nebraska Medicine?

• Together. Extraordinary. Join a team that values your skills, delivering exceptional care through collaboration.
• Leading Health Network Work with the region's top academic health network, partnering with UNMC to transform lives through education, research, and patient care.
• Dignity and Respect: We value all backgrounds and experiences, reflecting the communities we serve.
• Educational Support Enjoy up to $5,000/year in tuition assistance, a 35% discount at Clarkson College, and career advancement opportunities with covered educational costs. Enjoy support for your personal growth within the organization, from those just starting their healthcare careers to those who are years down the path.

Be part of something extraordinary at Nebraska Medicine!

The Director of Information Security & Risk Management sets the strategic direction for enterprise Cybersecurity & IT Risk across Nebraska Medicine and UNMC. This role oversees multiple teams and functions, ensuring alignment of IT strategy with organizational goals for patient care, education, and research. Owns the vision, reliability, and lifecycle of Cybersecurity & Risk Management, managing portfolios and investments to deliver secure, resilient, and scalable solutions. Acting as an enterprise leader, this position influences senior leadership and executives to drive innovation and operational excellence.

Required Qualifications: Director Information Security and Risk Management

* Minimum of 10 years progressive experience in Information Security & Risk engineering, including large, complex, multi-site environments required.

* Minimum of 5 years leading technical teams with 24x7 operational accountability required.

* Bachelor's degree in computer science, Information Systems, Engineering, or related field required.

* Hands-on expertise with enterprise Cybersecurity, Identity & Access Management, and Risk management required.

* Demonstrated mastery of ITIL processes (incident, change, problem) and service reporting required.

* Strong vendor management and budgeting experience required.

Preferred Qualifications: Director Information Security and Risk Management

* Healthcare delivery organization, & higher education/research experience and familiarity with clinical communications preferred.

* CISSP, CISM, CRISC, ITIL, PMP certifications preferred.

* Proven experience developing and executing enterprise security strategies, including identity and access management, GRC, and security engineering preferred.

* Hands-on leadership of SOC operations, incident response, and threat intelligence programs preferred.

* Risk management and compliance expertise, including HIPAA, NIST CSF, PCI, and other regulatory frameworks preferred.

* Cloud security and zero-trust architecture implementation experience preferred.

* Vendor risk management and third-party security assessments in complex ecosystems preferred.

* Security automation and DevSecOps integration within CI/CD pipelines preferred.