Business Information Security Officer (BISO) Lead

Rush University Medical Center•Chicago, IL

50d•$51 - $76•Hybrid

About The Position

At Rush University Medical Center, we're building a culture where cybersecurity is everyone's responsibility - and we're looking for a BISO Lead to help make it happen. In this highly visible and strategic role, you'll serve as a trusted advisor and operational partner to business and clinical leaders, embedding cybersecurity into everyday operations across your assigned domain - whether Clinical, Corporate, or University. You'll translate enterprise security strategy into real-world action, driving awareness, training, and risk management initiatives that protect both people and data. As the bridge between technology and business, you'll lead education efforts, guide compliance with frameworks like NIST, HIPAA, or FERPA, and influence how teams adopt secure, sustainable practices. This is an opportunity to shape how cybersecurity supports Rush's mission in healthcare, research, and education - all while collaborating with leadership to advance a security-first culture. If you're a relationship builder with strong leadership, communication, and technical acumen - and you're passionate about connecting cybersecurity strategy to meaningful outcomes - we want to hear from you.

Requirements

Bachelor's degree in computer science or related field.
5-7 years of relevant computer systems experience focusing on Information Security, project management, and/or cybersecurity education and awareness.
3+ years of experience in managing cross-functional teams and project management for the successful delivery of projects
3+ years of experience in information security, GRC, DR, or education and awareness activities.
Must have excellent teamwork and interpersonal skills to effectively communicate with all levels of personnel, vendors, and IT personnel.
Must possess the ability to deliver clear, concise communications and presentations. Must be able to train others quickly and thoroughly on key cybersecurity concepts.
Excellent organizational and leadership skills.
Excellent problem-solving and analytical skills.
Experience organizing and directing teams and departments outside your sphere of influence.
Experience in planning and leading strategic initiatives.
Ability to lead and handle multiple projects in a fast-paced environment.
Broad, interdisciplinary background in cybersecurity, including experience as a technology security leader building and executing world-class security strategies.
Experience building effective internal and external relationships and interacting effectively with individuals at all levels.
Experience in influencing and collaborating to get work done through others.

Nice To Haves

Consulting experience, with a focus on operations management
Nimble business mind, focused on developing creative solutions
Strong project-reporting skills, with a focus on interdepartmental communications
Experience in a healthcare provider, academic medical center, or university/research setting
Security related (CISSP, CISM etc.) or project management certifications (PMP).

Responsibilities

Lead the awareness around the cybersecurity education and awareness programs designed by the office of the CISO, tailoring delivery for the assigned domain (clinical, corporate, or university).
Lead training sessions, workshops, and campaigns to address information security risks specific to the domain.
Develop and deliver communications (guides, FAQs, presentations, intranet updates) with the Communications team.
Promote a culture of security-first behaviors by engaging directly with employees, clinicians, faculty, or staff.
Represent the organization in internal and external meetings, industry events, and conferences.
Act as the frontline cybersecurity liaison for business leaders, department managers, and IT teams within the domain.
Identify and escalate domain-specific cybersecurity risks and coordinate with the Deputy BISO on mitigation plans.
Monitor compliance with security policies, regulatory frameworks (HIPAA for clinical, FERPA for university, etc.), and organizational standards (NIST CSF, CIS).
Facilitate tabletop exercises, after-action reviews, and department-level incident response coordination.
Manage operational tasks for security awareness and risk engagement programs within the domain.
Provide feedback and recommendations from the business area to continuously improve security programs.
Support executive presentations and updates specific to the assigned domain.
Understand domain business goals and operational processes to develop and lead a roadmap of security initiatives.
Embed security into domain operations and systems, influencing processes, operations, and teams to adopt practical and sustainable cybersecurity controls.
Develop Change Management Strategies: Create and implement strategies that maximize employee adoption and minimize resistance to changes in business processes, systems, and organizational structures.
Conduct Impact Analyses: Assess how changes will affect employees and identify key stakeholders involved in the change process.
Monitor Change Progress: Track the effectiveness of change initiatives and adjust as necessary to ensure objectives are met.
Communicate Effectively: Provide updates and gather feedback from stakeholders throughout the change process to ensure transparency and engagement.