Req Number 146243Job DescriptionThe Senior Director of Research Security develops, implements, and oversees a comprehensive research security program, including policies, procedures, and training to protect sensitive research data, intellectual property, and infrastructure. Collaborating with key stakeholders, this role ensures regulatory compliance (including NSPM-33), investigates security incidents, and fosters a security-aware research culture. This leader also stays current on emerging threats and best practices to continuously improve the program.Job Responsibility
The Senior Director of Research Security is responsible for developing, implementing, and overseeing a comprehensive research security program across the health system. This includes establishing policies, procedures, and training programs to protect sensitive research data, intellectual property, and research infrastructure from unauthorized access, theft, loss, or misuse.
This role will collaborate with research leadership, Enterprise Digital Services, legal, compliance, and other stakeholders to identify and mitigate risks, ensure regulatory compliance (e.g., HIPAA, export controls,), investigate security incidents, and promote a culture of security awareness within the research community.
The Senior Director will also be responsible for ensuring compliance with the NSPM-33 federal guidelines that require research institutions which meet certain funding requirements to standardized requirements related to (1) cybersecurity; (2) foreign travel security; (3) research security training; and (4) export control training.
In addition, the incumbent will be expected to stay abreast of emerging threats and best practices in research security to continuously enhance the program and safeguard the organization's research endeavors.
Plans, organizes, and directs the staff and activities for applicable information security design, engineering and operational support activities.
Develops and articulates a short and long-term strategic vision for areas of responsibility.
Leads the Information Security Team in the development, documentation and maintenance of security policies, guidelines, standards and baselines and procedures.
Interprets legislation or pending legislation related to the storage, retrieval, and protection of information assets or technology systems, and develops strategies for ensuring organizational compliance with regulations.
Oversees performance of IT risk assessments, reviews security architectures, identifies vulnerabilities, and oversees remediation activities.
Plans, organizes, and directs the staff and activities for applicable information security design within all health system computing environments.
Ensures compliance with HIPAA and other applicable regulatory and standards-based requirements.
Develops and oversees Information Security Programs (e.g. Emergency Patch Management, Incident Response, Vulnerability Management, Security Operations Center, Disaster Recovery).
Prepares recommendations for security enhancements and upgrades to Information Security tools, technologies and services portfolio.
Selects, develops, manages, and evaluates direct reports and oversees the development, selection, and evaluation of indirect reports.
Ensures performance appraisals are completed in a timely fashion.
Develops and enforces security protocols for application and infrastructure configurations.
Provides oversight to prioritizing risk remediation activities.
Assists company units to determine critical business processes, identify acceptable recovery time periods and establish resources required for the successful resumption of business operations in the event of a disaster.
Job Qualification∙Bachelor's degree in Computer Science, Cyber Security or related field, required.∙8-12 years of relevant experience and 7+ years of leadership / management experience, required.Highly Preferred Skills
Deep understanding of research security principles : This includes knowledge of data security, intellectual property protection, export controls, cybersecurity threats, and risk management within a research environment. Familiarity with NSPM-33, federal funding agency security requirements, and NIST research security and cybersecurity frameworks is crucial.
Healthcare industry expertise : Understanding the unique regulatory landscape of healthcare research, including HIPAA, HITECH, FDA, IRB requirements, and other relevant regulations.
Leadership and communication : Ability to lead and influence cross-functional teams, communicate effectively with researchers, EDS staff, legal counsel, and senior leadership. Building consensus and fostering a security-conscious culture is essential.
Policy development and implementation : Experience creating and implementing research security policies, procedures, and training programs.
Risk assessment and mitigation : Ability to identify and assess research security risks, develop mitigation strategies, and implement appropriate controls.
Compliance management : Ensuring compliance with relevant regulations and internal policies, including NSPM-33 requirements.
Technical proficiency : Familiarity with relevant security technologies, including access control systems, data loss prevention tools, intrusion detection/prevention systems, and encryption technologies.
Collaboration and relationship building : Ability to build strong relationships with key stakeholders, including researchers, EDS staff, legal counsel, compliance officers, and external partners.
Continuous learning: Staying abreast of emerging threats, best practices, and evolving regulations in research security.
Certifications: Relevant certifications such as CISSP, CISM, CISA, or CRISC are highly preferred.
It's also beneficial to have experience with specific research areas within healthcare (e.g., basic science, clinical trials, genomics research) and emerging technologies relevant to research security.Additional Salary DetailThe salary range and/or hourly rate listed is a good faith determination of potential base compensation that may be offered to a successful applicant for this position at the time of this job advertisement and may be modified in the future.When determining a team member's base salary and/or rate, several factors may be considered as applicable (e.g., location, specialty, service line, years of relevant experience, education, credentials, negotiated contracts, budget and internal equity).The salary range for this position is $152,000-$266,000/yearIt is Northwell Health’s policy to provide equal employment opportunity and treat all applicants and employees equally regardless of their age, race, creed/religion, color, national origin, immigration status or citizenship status, sexual orientation, military or veteran status, sex/gender, gender identity, gender expression, disability, pregnancy, genetic information or genetic predisposition or carrier status, marital or familial status, partnership status, victim of domestic violence, sexual or other reproductive health decisions, or other characteristics protected by applicable law.