Sr Mgr-Information Security


Rochester, MN

Industry: Patient Care


8 - 10 years

Posted 362 days ago

Responsibilities: The Senior Manager is accountable for all aspects of their team’s strategy, delivery of services, maintaining quality, and stakeholder satisfaction. Job duties include assisting the Director in establishing the strategic direction of the work teams or service lines and overseeing the team’s design & maintenance of leading practice Information Security processes, tools and analytics. Also, accountable to consistently identify and understand security and solution implications across multiple Mayo Clinic business areas. Supervises the unit/section analysts, senior analysts, and managers, which includes managing and prioritizing the team’s work load; approving the scope, milestones, and objectives of assignments; facilitating removal of potential roadblocks; and providing challenging & meaningful work assignments that capitalize on team member strengths and bolster staff satisfaction/retention. Develops and maintains effective relationships with external vendors, auditors, regulators, and/or other business partners, as well as with management across all Mayo sites. Expected to serve as strategic resource and provide awareness of internal & external environment issues and trends, through continuous review/growth of the following knowledge: security aspects of the healthcare industry, technologies, regulations, and business practices; information security frameworks, best practices, and reporting methods in response to increasing demand for transparency and accountability; and the enterprise’s business strategy, information assets, changing technology, and security risks/controls. Responsible to provide written and/or verbal updates to the Mayo Clinic Security Council, as well as representing OIS on workgroups, taskforces, or committees, as requested by the CISO or Director. Responsible for unit/section recruitment, skill development, evaluations, and performance management. Maintains ongoing open dialogue with staff, sharing information & knowledge at appropriate times, including clarifying areas of concern & uncertainty. Routinely presents in front of internal or external groups, tailoring content to audience needs. Assists Director with execution of department management and administrative duties, as well as strategically assesses communication effectiveness within the department, suggesting improvements when necessary. Travel of 20 to 25% may be required, as work activities warrant.

We will not sponsor or transfer visas for this position.


Qualifications: Bachelor’s degree in Information Systems, Computer Science, Accounting, Business Administration, Engineering, or related field is required. Master’s Degree in associated field is preferred. Minimum of 10 years’ experience (8 years’ with relevant Master’s Degree) in one or more of the following areas is required: Information Security, Information Technology, project management, business or security informatics, audit & assurance, Enterprise Risk Management, Corporate Compliance, security architecture/design strategy, policy or controls development, compliance readiness assessments (i.e. PCI, SOX, HIPAA, etc.), system analysis and implementation, or related function. In addition, a minimum of 3 years of direct supervisory or management experience is required.

Additional Qualifications: Working knowledge of the Mayo technical environment and core business operations is strongly preferred. Advanced professional and culturally astute communication skills (both written and verbal) are required including ability to generate and deliver executive-level presentations. Must possess interpersonal skills to interact effectively with both technical and non-technical personnel at all levels of the organization, including proven ability to confidently lead discussion and negotiate on high risk and high pressure issues while simultaneously building credibility & rapport. Demonstrated ability to tolerate & deal effectively with ambiguous situations and the varying political/cultural environments within the institution, department, divisions. Proven ability to offer guidance on business processes, technology capability and vulnerability assessments, and control enhancements or mitigation approaches. Solid knowledge of information security concepts and trends, project management methodologies, and relevant healthcaresecurity regulatory requirements is required.

Job Posting Number: 89137BR