Threat Modeling Jobs in Rochester, MN (NOW HIRING)

The Office of Information Security's Transformation Office seeks a Principal Cybersecurity Strategist to lead the Data Security Posture Management (DSPM) related initiatives within the Information Security Modernization (ISM) Program for the enterprise. This role will embed, be a critical thought leader, drive the strategy and coordinate all aspects of information security within a high visibility AI ready secure data architecture.  The role coordinates cross-project dependencies, ensures alignment, and accelerates enterprise implementation. The position supports secure AI-driven advancements by integrating safeguards across the AI-ready data architecture, supporting the advancement of data protection controls and management as innovation grows. The Principal Digital Strategist must assess delivery, integration, and operational risks and develop strategies that protect Mayo Clinic Data and patient trust.

Participate in and lead components of Mayo Clinic's enterprise-wide cybersecurity strategy, cyber innovation and associated services. Partner with leadership to align security with business goals, drive adoption of emerging technologies, and strengthen the organization's security posture. Lead and drive innovative security projects while collaborating cross functionally. Initial assignments will include leading and embedding within the development of a critical Mayo Clinic initiative and drive DSPM implementation and partner with dependent efforts, including critical partnership with the Privacy office. This role will coordinate cross-project dependencies, ensure alignment to program outcomes, and accelerate implementation. This will support AI-driven advancement by embedding safeguards throughout the AI data architecture and management practices as innovation grows and proactively assessing risk to protect Mayo Clinic Data. Must be technically skilled and experienced with modern data management, DSPM, database activity monitoring, data protection controls, PKI, API security, AI Security, S-SDLC, IAM, cloud security, threat modeling, etc. in a hybrid multi-cloud environment.
Key Responsibilities:
    Develop and manage multi-year cybersecurity strategy and roadmaps
    Advise leadership on cyber priorities, risk, and investment
    Lead innovation in securing novel and emerging technology.  
    Guide and partner with strategic programs such as DSPM, database activity monitoring, AI security, API security, identity modernization, OT/IoT security, application protection, etc.
    Foster cross-functional collaboration and mentor security professionals
    Represent the organization in appropriate industry forums and contribute thought leadership
Core Competencies:
    Executive communication and strategic vision
    Technical breadth across modern security and IT domains
    Promote a culture of innovation and change, ensuring continuous improvement in quality, cost-effectiveness, and service excellence.
    Ability to translate technical risk for business leaders.  
This is a hybrid position.  Incumbent must live within a reasonable driving distance of a Mayo Clinic campus.
Mayo Clinic will not sponsor or transfer visas for this position including F1 OPT STEM.

Bachelor's degree and 7+ years of experience with digital strategy, digital product strategy, experience strategy, healthcare administration, business administration, strategic development experience, or related field; or Master's degree and 5+ years of related experience in the preceding or related fields. 
Experience must include several of the following areas of expertise: digital product strategy and/or management, strategic planning, business plan development, consulting, customer experience or experience design, project management, stakeholder engagement, process change management, scorecard and dashboard development, financial analysis, new service/product planning and development, market research, and data management, analysis, and statistics. Management experience and experience with value-driven digital product management is preferred; experience navigating transformation in highly regulated industries is a plus. 
Strong analytical skills with the ability to synthesize and capture the essence of complex information in order to discern meaning, trends, and the big picture quickly. Experience in consulting or advisory functions; demonstrated success in analyzing situations and using various methodologies to develop high-value strategies and plans methodically. Working knowledge of Design Thinking, experience design, and digital analytics as inputs to digital strategy processes and artifacts; able to bridge digital disciplines to develop novel strategy solutions that balance the needs of multiple stakeholders. Experience in successfully managing stakeholders in complex, matrixed, and strategic initiatives. Demonstrated success in effective decision-making that drives progress toward ambitious goals while managing complexity, ambiguity, risk, and uncertainty. Demonstrated ability to lead, influence and collaborate across disciplines, including business strategy, experience design, analytics, and technology. Expert story-telling skills. Strong written and verbal communication and persuasion skills. Strong interpersonal and active listening skills; ability to quickly establish high-trust relationships and facilitate group/team activities. Professional approach that reflects Mayo Clinic values. Strong planning, organizational, and problem-solving skills; attention to detail; ability to self-direct with minimal supervision, demonstrate judgement in delegating responsibilities, and work well under pressure. Servant leader; gifted collaborator with demonstrated cultural competence and strong skills in negotiation, change, and conflict management.
Preferred Qualifications:
Working knowledge of the Mayo technical environment and core business operations is strongly preferred. Advanced professional and culturally astute communication skills (both written and verbal) are required including ability to generate and deliver executive-level presentations. Must possess interpersonal skills to interact effectively with both technical and non-technical personnel at all levels of the organization, including proven ability to confidently lead discussion and negotiate on high risk and high-pressure issues while simultaneously building credibility & rapport. Demonstrated ability to tolerate & deal effectively with ambiguous situations and the varying political/cultural environments within the institution, department, divisions. Proven ability to offer guidance on business processes, technology capability and vulnerability assessments, and control enhancements or mitigation approaches. Solid knowledge of information security concepts and trends, project management methodologies, and relevant healthcare security regulatory requirements is required.
Certified as CISSP, GSEC, CISM, or security equivalent; or will obtain certification within 2 years of hire.

Bachelor's degree and 7+ years of experience with digital strategy, digital product strategy, experience strategy, healthcare administration, business administration, strategic development experience, or related field; or Master's degree and 5+ years of related experience in the preceding or related fields. 
Experience must include several of the following areas of expertise: digital product strategy and/or management, strategic planning, business plan development, consulting, customer experience or experience design, project management, stakeholder engagement, process change management, scorecard and dashboard development, financial analysis, new service/product planning and development, market research, and data management, analysis, and statistics. Management experience and experience with value-driven digital product management is preferred; experience navigating transformation in highly regulated industries is a plus. 
Strong analytical skills with the ability to synthesize and capture the essence of complex information in order to discern meaning, trends, and the big picture quickly. Experience in consulting or advisory functions; demonstrated success in analyzing situations and using various methodologies to develop high-value strategies and plans methodically. Working knowledge of Design Thinking, experience design, and digital analytics as inputs to digital strategy processes and artifacts; able to bridge digital disciplines to develop novel strategy solutions that balance the needs of multiple stakeholders. Experience in successfully managing stakeholders in complex, matrixed, and strategic initiatives. Demonstrated success in effective decision-making that drives progress toward ambitious goals while managing complexity, ambiguity, risk, and uncertainty. Demonstrated ability to lead, influence and collaborate across disciplines, including business strategy, experience design, analytics, and technology. Expert story-telling skills. Strong written and verbal communication and persuasion skills. Strong interpersonal and active listening skills; ability to quickly establish high-trust relationships and facilitate group/team activities. Professional approach that reflects Mayo Clinic values. Strong planning, organizational, and problem-solving skills; attention to detail; ability to self-direct with minimal supervision, demonstrate judgement in delegating responsibilities, and work well under pressure. Servant leader; gifted collaborator with demonstrated cultural competence and strong skills in negotiation, change, and conflict management.
Preferred Qualifications:
Working knowledge of the Mayo technical environment and core business operations is strongly preferred. Advanced professional and culturally astute communication skills (both written and verbal) are required including ability to generate and deliver executive-level presentations. Must possess interpersonal skills to interact effectively with both technical and non-technical personnel at all levels of the organization, including proven ability to confidently lead discussion and negotiate on high risk and high-pressure issues while simultaneously building credibility & rapport. Demonstrated ability to tolerate & deal effectively with ambiguous situations and the varying political/cultural environments within the institution, department, divisions. Proven ability to offer guidance on business processes, technology capability and vulnerability assessments, and control enhancements or mitigation approaches. Solid knowledge of information security concepts and trends, project management methodologies, and relevant healthcare security regulatory requirements is required.
Certified as CISSP, GSEC, CISM, or security equivalent; or will obtain certification within 2 years of hire.