Director Information Security - Governance, Risk, and Compliance

About The Position

Requirements

• Bachelor's degree in information security, computer science, or a related field required.
• 10 years of experience in information technology within a related area, with at least five years of progressive responsibility in a technology leadership role managing information security teams, healthcare preferred.
• Strong understanding of information security concepts, protocols, industry best practices and regulatory requirements with knowledge of networking, enterprise applications, cloud computing, and information risk management and compliance frameworks preferred.
• Ability to communicate via written and verbal communication in both formal and casual situations.
• Strong analytical and problem-solving skills.
• Ability to work under pressure and handle multiple priorities.
• One or more of the following professional certifications or equivalent is required: Certified Information System Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Global Information Assurance Certifications (SANS/GIAC) Offensive Security Certified Professional (OSCP)

Nice To Haves

• Master's Degree is preferred.
• Academic healthcare security operations, risk management, or access management preferred.

Responsibilities

• Lead the strategy development and execution of multiple elements of a comprehensive enterprise-wide Information Security Program aligned with organizational goals and regulatory requirements.
• Design and execute multi-year road maps to transform information security capabilities and collaborate with health system entities to align critical security measures with key business initiatives.
• Drive innovation and lead organizational change initiatives to enhance security posture and operational resilience. Acts as a change agent for new technologies and processes that reduce risk and enhance security within Health IT.
• Develop and manage the information security budget, ensuring optimal allocation of resources to meet strategic objectives.
• Develop and maintain a culture of security that emphasizes the responsibilities of all health system employees to help protect sensitive information, systems, and networks.
• Provide visionary leadership to the Information Security team, fostering a culture of accountability, innovation, and continuous improvement.
• Apply deep expertise in cybersecurity operations, regulatory compliance, and risk management to guide enterprise operations and decision-making.
• Directs and manages Information Security Department actions and operations. Leads multiple teams through the prioritization and implementation of service improvement projects.
• Directs the design and implementation of solutions that are secure, scalable, reliable, and cost-effective and aligned with the Information Security mission to reduce risk while enhancing productivity.
• Determine the value and ROI of security projects, and prioritizes scheduling and implementation to ensure the efficient utilization of resources.
• Develop staff as needed to ensure current and future team skills and capabilities are aligned with the planned departmental growth and transformation.
• Serve as a senior authority and strategic advisor on information security, influencing executive leadership and cross-functional stakeholders.
• Champion effective communication and collaboration across departments to embed security into business processes and technology initiatives.
• Tracks implementations to ensure service and financial targets are met according to agreed timelines.
• Oversees and negotiates service level agreements (SLAs) with internal and external stakeholders.
• Directs relationships with vendors to ensure that vendors meet agreed performance objectives, SLAs, and deliverables in a timely manner and within budget guidelines.
• Interacts with major suppliers, overseeing RFPs, contracts, and service agreements.
• Oversees the creation and maintenance of policies, procedures, and guidelines to ensure efficient service operation and protect the organization's computing infrastructure and data.
• Collaborates with Legal, Privacy, and Compliance teams to ensure compliance with relevant laws, regulations, and policies.
• Advocates for changes in other Health IT departments to ensure compliance with security policies.
• Cultivate and mentor high-performing security professionals, building leadership capacity and technical expertise across the team.
• Perform other director-level duties as assigned to support the mission and strategic direction of the organization.
• Apply deep expertise in cybersecurity operations, regulatory compliance, and risk management to guide enterprise operations and decision-making.
• Keep abreast of emerging technologies, risks, and industry trends.
• Assists in the recruitment, hiring, training, and development of Information Security staff, ensuring the team possesses the necessary skills and knowledge to fulfill the department's mission.