You are viewing a preview of this job. Log in or register to view more details about this job.

Chief Information Risk Officer

The Oregon Health Authority is modernizing and expanding their IT infrastructure and currently has a fantastic opportunity for an IT Executive with a strong background in Information Security, Risk and Privacy to join an excellent team and work to advance their IT safeguards and operations. 

The Oregon Health Authority promotes health equity by developing policies and programs to eliminate health disparities and reach health equity for all Oregonians. 
 
 
What you will do!
As the Chief Information Risk Officer (CIRO), you will identify information security and privacy risks and provide advice and leadership in managing them. You will report to the Chief Information Officer (CIO) within the Office of Information Services (OIS) – the shared technology provider for the Department of Human Services (DHS) and Oregon Health Authority (OHA). You will also collaborate closely with the State Chief Information Security Officer (SCISO) and the Enterprise Security Office (ESO). You will be involved in planning, advising and directing information security risk and privacy activities for OHA/DHS and the clients they serve.
 
In this role, you will serve in a strategic capacity and participate in setting the strategic direction for the use of technology to support OHA and DHS programmatic and administrative functions.  You will create tactical plans and project plans and may be involved in statewide planning efforts.
 
Additionally, you will initiate, develop, and implement information security risk and privacy programs, policies, and procedures. As a member of the OIS executive staff, you will be the primary contact for information security risk and privacy functions. You will be required to work with all levels of staff and management in DHS/OHA and other state agencies to help ensure the information security risk and privacy of the agency's information assets. You will work as the manager of the OIS Information Security and Privacy Office (ISPO) and oversee all activities related to the development, implementation, maintenance of, and adherence to DHS/OHA policies and procedures covering the security risk and privacy of, and access to, client information in compliance with federal and state laws and DHS/OHA information security risk and privacy practices.
 
Finally, you will represent the Office of Information Services (OIS) and DHS/OHA in statewide and central/shared services groups which may include governance committees, steering committees or other decision-making bodies.


What's in it for you?
Collaboration in an open office with a team of bright individuals to work with and learn from. We offer full medical, vision and dental with paid sick leave, vacation, personal leave and ten paid holidays per year. If you are an IT Executive with a strong background in Information Security, Risk and Privacy, don't delay, apply today!
 
This is a full-time, permanent position that is classified as executive services, supervisory and is not represented by a union. 

This recruitment announcement will be used to establish a list of qualified candidates to fill the current vacancy and may be used to fill future vacancies as they occur.

The Oregon Health Authority is an equal opportunity, affirmative action employer committed to work force diversity.
 
 
WHAT WE ARE LOOKING FOR:
  • Four (4) years of management experience in a public or private organization which included responsibility for each of the following: a) development of program rules and policies, b) development of long- and short-range goals and plans, c) program evaluation, and d) budget preparation. OR Three (3) years of management experience in a public or private organization which included responsibility for each of the following: a) development of program rules and policies, b) development of long- and short-range goals and plans, c) program evaluation, and d) budget preparation; AND 45-48 quarter hours (30-32 semester hours) of graduate level coursework in management.
  • 4-6 years of management experience leading and supervising IT security, risk and privacy functions and 8-10 years of experience in information technology management with executive level management experience.  4-6 years of experience supporting security, risk and privacy functions within a Health and Human Services organization is preferred.
  • Strong customer service orientation and a high degree of responsiveness to customer requirements, and demonstrated experience successfully leading high performing teams.
  • Expertise in information security and privacy, IT security, networking, IT services, project/program management, information security risk management, and/or incident management.
  • Experience working in a heavily regulated environment.
  • Information security risk and privacy program management and leadership experience.
  • Up-to-date technical expertise and knowledge in security risk and privacy
  • Ability to “translate” technical issues and ideas into non-technical language understandable by all levels of management and customers throughout state government.
  • A Bachelor’s degree or higher in computer science, public administration, business management or other relevant fields.
  • Knowledge of information technology services and project management methodologies.
  • Either a Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or equivalent certification is required at the time of employment.
  • Strong facilitation skills with various groups of technical and non-technical participants.
  • Ability to set clear guidelines, model expected office professional behaviors, and establish and maintain clear methods for reporting inappropriate actions
  • Excellent written and verbal communication and presentation skills.
  • Ability to consistently treat customers, stakeholders, partners, vendors and co-workers with dignity and respect, and create and maintain a work environment that is respectful and accepting of diversity.