The CISO reports to the Chief Information Officer (CIO), Mayo Clinic. The CISO is expected to interact and communicate at the Board of Trustee level and have the executive presence necessary to inspire confidence and trust among Physician Leaders, Business Executives, and Technology Leaders. The CISO is ultimately responsible for creating a culture within the information security team where information security is ingrained into the fabric of Mayo Clinic's standard business operations. The Chief Information Security Officer (CISO) is responsible for leading all elements of Mayo Clinic's enterprise wide information security program, including the enterprise-wide information security policy, information security strategy, information security architecture, information security operations, and information security risk management. The CISO is accountable for the security and protection of all information shared and accessed by its global employees located both domestically and abroad. The CISO must have enough flexibility, creativity, and intellectual aptitude to design an information security program that will address the specific business challenges in Mayo Clinic's four core operations: Integrated Patient Care, Research, Education and Administration. The CISO oversees and coordinates security initiatives working with executive, business and functional leaders and staff including human resources, audit and compliance, corporate and financial investigations, legal, physical security, systems operations and systems development. The CISO will provide vision and leadership necessary to manage risk to the organization to ensure business alignment, effective governance, operational efficiency and performance monitoring and measurement. The CISO will provide executive level decision support through both informal and formal means, including but not limited to executive level metrics, dashboards, risk analysis and mitigation, acceptance and reporting. Qualifications: * Bachelor's Degree in Information Technology, Health Informatics, Business Administration or related field is required. * Experience as either a Chief Information Security Officer of an enterprise organization or as a direct report to a Chief Information Security Officer of a large international organization is required. Additional Qualifications: * Experience in the attraction, recruitment, hiring, retention, and professional development of a diverse team of dedicated information security professionals. * Experience in the successful evolution of an information security program. This will include garnering executive support and budget for information security initiatives, building consensus with functional leaders by demonstrating value and measurable results and creating a culture of information security awareness amongst the company's core ecosystem - patients, employees, partners, and vendors - while maintaining efficiency. * Experience in the evaluation and implementation of industry standard enterprise wide information security technologies and concepts, including but not limited to: Data Loss Prevention, Security Event Management, GRC Tools, Threat and Vulnerability Management, Identity and Access Management, Application Security, Computer Forensics. * A demonstrated understanding of the complex and diverse threats that an internationally renowned organization with sensitive data can be exposed to. * Experience in managing the relationships with external information security technology vendors, and specialized information security professional services firms, including management of the evaluation process of their capabilities, and the eventual negotiation of fair service level agreements and contracts between their company and these entities.