The Jackson Laboratory

Chief Information Security Officer

Pay$185516.00 - $300000.00 / year
LocationBar Harbor/Maine
Employment typeFull-Time

This job is now closed

Apply to similar jobs

  • Job Description

      Req#: JR004104

      The Jackson Laboratory (JAX ) seeks nominations and confidential expressions of interest in the search for the Chief Information Security Officer (CISO) . Reporting to the Chief Information Officer, this individual will join the Information Technology department to implement and run the enterprise information security program.

      The Jackson Laboratory

      JAX is a non-profit world leader in mammalian genetics and human genomics research. Founded in 1929 in Bar Harbor, Maine, JAX is an independent, non-profit research institution with locations in Maine, Connecticut, California, and Japan.

      Renowned for its mice and data resources used for biomedical research around the globe, JAX provides a

      unique bridge across experimental, translational, and clinical contexts. JAX’s faculty collaborates to integrate mouse genetics and human genomics to understand the underlying causes of human health and disease. There are no individual departments within JAX, facilitating an environment of intra- institutional

      collaborative and team-based science. Since 1983, JAX has had a National Cancer Institute-designated Cancer Center, one of only seven institutes in the United States that have received this designation for its

      contributions to basic cancer research.

      The Opportunity and Position

      The Chief Information Security Officer will report to the C hief I nformation O fficer, Brendan Arbuckle . Brendan, with nearly 30 years of experience in IT and operations in the private sector, joined JAX in 2019 and was appointed CIO in 2023. Arbuckle oversees a team of 149, excluding contractors, and an annual IT budget of $48 million with an additional $15 million spent this past year on capital projects.

      The Chief Information Security Officer will lead the enterprise information security program and is responsible for maintaining and improving the security posture at JAX across a broad range of infrastructure and global research and commercial services . The CISO position requires a visionary leader with sound knowledge of business management practices and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. The CISO is responsible for establishing and maintaining the information security program, including interactions with federal, state, and local authorities a nd agencies in addition to private organizations with a goal of improving JAX’s security and improving business and research outcomes .

      A key element of the CISO's role is working with leadership to determine acceptable levels of risk for the organization. The individual will proactively work with business units, customers, and partners to develop and implement policies and standards for information security. The CISO should understand and

      articulate the impact of cybersecurity on (digital) business and research, being able to communicate this to the board of trustees and other senior stakeholders. This person should be able to achieve necessary goals and objectives by influence and relationship building at all levels of the organization. They should be comfortable at the board level one day and in a functional meeting troubleshooting a data breach with the security operations team the next.

      Key Responsibilities Include:

      • Leads the information security function across the company to ensure a consistent and high-quality information security strategy in support of research and business goals with senior and executive leadership at JAX and outside companies.

      • Creates and manages a unified and flexible, risk-based control framework to integrate and adapt to requirements resulting from international, federal, and state laws, standards and regulations in JAX operating areas based on the National Institute of Standards and Technology (NIST)Cybersecurity Framework.

      • Develops, implements, and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, data privacy and recovery of information assets (data) owned, controlled or/and processed by the organization and its partners.

      • Develops, socializes and coordinates approval and implementation of appropriate security policies with legal, IT, and other necessary business partners.

      • Works with purchasing and legal to develop and ensure that information security requirements are included in contracts by liaising with legal experts, vendor management, and procurement organizations.

      • Directs the creation of a targeted information security awareness training program for all employees, contractors and authorized users, and establishes metrics to measure the effectiveness of this security training program for the different audiences.

      • Engages with the Enterprise Risk Management team and subordinate groups such as the business and research continuity and disaster recovery teams to develop and implement consistent systems between IT and cooperating teams such as Global Security, Legal, and Finance around disaster recovery and preparedness.

      • Works effectively with business units to facilitate information security risk assessment and risk management processes and empowers them to own, remediate, and accept the level of risk implied by their business strategy and implementations.

      • Manages the budget for the information security function efficiently and effectively including partnering with other departments and teams as required to implement the security strategy.

      • Effectively plans for, manages and contains information security incidents and events in collaboration with the Security Operations (SOC) team to protect corporate IT assets, intellectual property, regulated data and the company's reputation including effective training and preparation of IT and JAX .

      Knowledge, Skills & Abilities Include:

      • Bachelor’s degree in the field of computer science or another technology field, and 10 years of equivalent work experience.

      • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.

      • Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security .

      • Experienced in common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework .

      • Strategic leader and relationship manager, able to energize the appropriate teams in the organization without formal reporting structures to reach critical goals .

      • Project management skills: financial/budget management, scheduling and resource management .

      • Ability to work onsite at our Farmington, Connecticut or Bar Harbor, Maine campus a minimum of 2x per week

      • Ability to travel as required

      The budgeted salary range is $185,516 - $300,000. Salary will be determined based on qualifications and experience.

      #LI-Hybrid

      About JAX:

      The Jackson Laboratory is an independent, nonprofit biomedical research institution with a National Cancer Institute-designated Cancer Center and nearly 3,000 employees in locations across the United States (Maine, Connecticut, California), Japan and China. Its mission is to discover precise genomic solutions for disease and empower the global biomedical community in the shared quest to improve human health.

      Founded in 1929, JAX applies over nine decades of expertise in genetics to increase understanding of human disease, advancing treatments and cures for cancer, neurological and immune disorders, diabetes, aging and heart disease. It models and interprets genomic complexity, integrates basic research with clinical application, educates current and future scientists, and provides critical data, tools and services to the global biomedical community. For more information, please visit www.jax.org .

      EEO Statement:

      The Jackson Laboratory provides equal employment opportunities to all employees and applicants for employment in all job classifications without regard to race, color, religion, age, mental disability, physical disability, medical condition, gender, sexual orientation, genetic information, ancestry, marital status, national origin, veteran status, and other classifications protected by applicable state and local non-discrimination laws.

  • About the company

      The Jackson Laboratory is an independent, nonprofit biomedical research institution. It employs more than 2,100 employees in Bar Harbor, Maine; Sacramento, California; and at a genomic medicine institute in Farmington, Connecticut. Leads the search to cure diseases rooted in our DNA.

Other job opportunities

chief information security officer remote jobs
chief development remote jobs
remote foundation program officer jobs
medical information remote
medical information specialist remote
Security Officer remote jobs
More information about The Jackson Laboratory