HUIR – International University Hospital of Rabat operates within a predominantly collaborative culture, where people, trust, and teamwork are central to daily practices. The hospital promotes a close and supportive management style focused on empowerment, guidance, and collective commitment. This collaborative foundation is reinforced by a strong innovation dimension, encouraging initiative, experimentation, and continuous improvement. It is supported by structured processes ensuring reliability and efficiency, while competitive dynamics play a clearly secondary role. [+]

The Information Systems Security Manager (RSSI) is responsible for the protection, availability, integrity, and confidentiality of the UIR Hospital's information systems.

He/She ensures the security of medical and administrative data, compliance with current Moroccan regulations, and the resilience of the hospital information system in a highly digitalized hospital environment.

Responsibilities:

Security Governance and Policy

• Define, formalize, and implement the hospital's Information Systems Security Policy (PSSI)


• Develop the cybersecurity strategy aligned with the UIR Hospital's digital strategy


• Implement IS security governance (security committee, risk committees, General Management reporting)


• Define internal procedures, charters, and frameworks

Regulatory Compliance and Data Protection

• Ensure compliance with Law 09-08 and CNDP requirements


• Declare and oversee health data processing with the CNDP


• Ensure compliance with obligations related to hosting medical data


• Implement organizational, technical, and legal security measures


• Participate in audits and regulatory controls

Cyber Risk Management

• Map critical hospital assets (EHR, RIS, PACS, LIS, ERP, HRIS...)


• Conduct cyber risk analyses (EBIOS, ISO 27005)


• Implement risk treatment plans


• Oversee internal and external security audits

Securing Hospital Infrastructure and Applications

• Supervise the security of networks, servers, workstations, and connected biomedical devices


• Secure hospital business applications (EHR, PACS, RIS, laboratory, pharmacy...)


• Deploy and operate cybersecurity solutions (firewall, EDR, SIEM, IAM, secure backups)


• Manage system authorizations and access

Incident Management and Business Continuity

• Implement the security incident management system


• Lead the cyber crisis unit in coordination with General Management


• Define and maintain Business Continuity and Disaster Recovery Plans (BCP/DRP)


• Organize crisis exercises and resilience tests

Cybersecurity Awareness and Culture

• Deploy awareness programs for medical, nursing, and administrative staff


• Train users on good digital practices


• Implement IT charters and confidentiality agreements

IT Partner and Project Management

• Integrate security into all digital transformation projects


• Manage IT and cybersecurity providers


• Ensure contractual monitoring and compliance with security clauses


• Conduct technological and regulatory watch

Education:

• Master's degree (Bac +5) in Computer Science, information systems, cybersecurity, or equivalent.

Preferred Certifications:

• ISO 27001 Lead Implementer / Lead Auditor


• EBIOS Risk Manager


• CISM, CISSP, CEH


• ITIL, COBIT

Experience:

• 
  Minimum of 5 to 8 years of experience in information systems.


• Experience in hospital digitalization projects highly appreciated

Solid foundation in:

• Hospital IS architecture


• Networks, systems, virtualization, cloud


• Operational cybersecurity (SOC, SIEM, EDR, IAM)


• Data security and encryption


• Security frameworks (ISO 27001, NIST, EBIOS)

Required professional qualities:

• Leadership and sense of responsibility


• Rigor, discretion, and sense of confidentiality


• Ability to manage crisis situations


• Analytical and synthesis skills


• Excellent communication skills

Join us and contribute to the mission of the International University Hospital of Rabat!