Duke Health has retained Kirby Partners to conduct a nationwide executive search for candidates for their Chief Information Security Officer position.
Duke Health conceptually integrates the Duke University School of Medicine, Duke-NUS Medical School, Duke University School of Nursing, Duke University Health System, their physician practice, and the Duke Health Integrated Practice. It incorporates the health and health research programs within the Duke Global Health Institute, as well as those in schools and centers across Duke University, including the Duke Robert J. Margolis Center for Health Policy.
Duke Health is committed to:
- Conducting innovative basic and clinical research
- Rapidly translating breakthrough discoveries to patient care and population health
- Providing a unique educational experience to future clinical and scientific leaders
- Improving the health of populations
- Actively seeking policy and intervention-based solutions to complex global health challenges
Underlying these ambitions is a belief that Duke Health is a destination for outstanding people and is dedicated to continually exploring new ways to help people grow, collaborate, and succeed.
According to U.S. News & World Report, Duke University Hospital was ranked #1 in North Carolina, and #1 in the Raleigh-Durham region.
Facts and Figures
Facts and figures based on FY 2023.
Chief Information Security Officer Position Overview
Duke Health is a comprehensive organization encompassing a major university hospital, a large faculty practice, a major research institute, and a school of medicine and nursing.
The Chief Information Security Officer (CISO) is Duke Health’s senior leader responsible for establishing the information security strategy and direction for the enterprise. The CISO oversees and coordinates all information security efforts across Duke Health and is accountable and responsible for enterprise-wide results.
The CISO provides leadership for Duke Health’s information security program through strong working relationships and collaboration across Duke Health. The CISO is responsible for leading and managing Duke Health’s information security program; risk management framework; information security policy development and maintenance; design of security policy education, training, and awareness activities; monitoring compliance with Duke Health security policy and applicable regulations; and coordinating investigation and reporting of security incidents.
Additionally, the CISO is responsible for developing and maintaining a security operations group that is responsible for operational cyber security, enterprise security architecture, institutional governance, risk and compliance (GRC), identity management (IAM), and the overall security initiatives of Duke Health. The CISO works in close partnership with the Duke University’s Office of Information Technology (OIT) with several shared services, the Duke University Health System’s (DUHS) Chief Compliance and Privacy Officer and the Duke University Office of Audit, Risk, and Compliance to ensure alignment between information security and privacy policies, training, and practices across Duke Health.
The Chief Information Security Officer will be part of the Duke Health Technology Solutions (DHTS) leadership team.
Reporting to the SVP/Chief Digital Officer, Dr. Jeff Ferranti, the CISO will be responsible for technology security across the entire continuum and will partner closely with the Duke University CISO. The IT department has approximately 1,000 employees. Duke Health also achieved HIMSS stage 9 in Inpatient and Ambulatory, and was the first in the country to be HIMSS stage 7 in Analytics. They are also consistently ranked a “Most Wired” healthcare system. A key responsibility will be collaborating with key business and IT leaders to develop security policies, standards, guidelines and procedures to ensure the confidentiality, integrity, and availability of Duke Health systems and data.
Qualifications
Education:
- Bachelor’s degree required
- Master’s degree strongly preferred
Professional experience & credentials:
- 15+ years IT experience
- 5+ years managing large, cross-functional teams
- 5+ years managing security for a healthcare provider
- 5+ years of practical experience designing and implementing enterprise IT security in healthcare
- Strong demonstrated knowledge of technologies including network, server, desktop, storage, cloud, and containerization as it relates to IT security
- 5+ years working with HIPAA
- Minimum of five years of practical experience working with information privacy and security laws (such as FISMA, PCI-DSS, GDPR, and data breach reporting laws), accepted information security principles, and other related IT best practices (e.g. ITIL, Lean IT, Agile, DevOps)
- CISSP certification
The position requires that the CISO live within the region and be open to a hybrid work schedule with every Thursday on-site.
About the Research Triangle
Residing in North Carolina’s esteemed Research Triangle, which encompasses the vibrant cities of Raleigh, Durham, and Chapel Hill, offers an unparalleled blend of cultural richness, innovative spirit, and scenic beauty. Raleigh, the state’s bustling capital, serves as a cornerstone of governmental and cultural activities. A mere 24 miles away, Durham distinguishes itself with its progressive ethos and thriving creative scene, making it a magnet for those who cherish diversity and innovation.
Dubbed the “triangle,” this region offers its residents the best of both worlds. It is conveniently situated a two-hour drive from North Carolina’s pristine beaches, offering a perfect escape to the coast. Conversely, the majestic Blue Ridge Mountains are just a 3.5-hour drive away, providing breathtaking landscapes and outdoor adventures, from hiking to scenic drives, catering to nature enthusiasts and adventure seekers alike.
The Research Triangle Park stands as a testament to the area’s commitment to education and technological advancement, sprawling across 6,800 acres. It serves as a dynamic hub for over 50 high-tech companies and enterprises, including tech giants such as Amazon, Google, and IBM. This concentration of innovative firms not only fosters a culture of creativity and advancement but also positions the Triangle as an ideal locale for career growth and opportunities in the technology and research sectors.
Raleigh boasts a cost of living that is notably lower than the U.S. national average, making it an attractive option for professionals and families alike who are seeking a high quality of life without the hefty price tag. The combination of affordable living, access to high-quality education, and the abundance of career opportunities in cutting-edge industries makes living in the Research Triangle an exceptionally rewarding experience. Here, residents can enjoy a rich cultural life, access to top-tier educational institutions, and the tranquility of natural beauty, all while being at the forefront of technological innovation and research.
Durham, NC
Procedure for Candidacy
Final candidates should expect two interviews with Kirby Partners recruiters (including a video conference interview). You may be asked to complete our “Executive Profile” and submit references to be considered for presentation to the search committee.
Bryan Kirby
Vice President, CPC