Sr. Director & Chief Information Security Officer

About The Position

Requirements

• BS in Cyber Security, Information Assurance, Information Technology, Computer Science, Computer Networking, Computer Information Systems, Information Management, or related field.
• 10+ years of experience with Information Systems Security or a combination of Information Systems experience including 5+ years in a dedicated Information Security Management or Security Operations role.
• 5+ years of knowledge and experience in the healthcare industry and in-depth knowledge of HIPAA Privacy & Security regulations, HITECH, NIST cybersecurity framework, and compliance with applicable regulations.
• Demonstrated organization, facilitation, communication, documentation, and presentation skills.
• Experience in creating and managing a departmental budget.
• Experience and effectiveness in leading initiatives and projects.
• Outstanding interpersonal and communication skills.
• High degree of integrity and trust with the ability to work independently.
• Ability to assess and weigh current and evolving business risks and enforce appropriate information security measures.
• Strong technical computing and networking skills.
• Experience in managing both physical and logical information security systems.

Nice To Haves

• Masters of Science Degree in Cyber Security, Information Assurance, Information Technology, Computer Science, Computer Networking, Computer Information Systems, Information Management, or related field.
• One or more Information Security Certification(s) or similar Industry security certifications (ISC2 CISSP, ISACA CISM, SANS GIAC GSEC) preferred, but not required.

Responsibilities

• Ensure the planning, implementation, compliance, and ongoing activities across the Health System related to information security.
• Promote a corporate-wide information security philosophy supporting a comprehensive set of privacy and security policies.
• Maintain knowledge of and ensure compliance with relevant laws, regulations, and standards.
• Implement, manage, and enforce information security directives mandated by the organization and regulatory requirements.
• Provide leadership and oversight for all information security-related activities of the Health System.
• Communicate and work with Senior Management and Compliance Officer to establish and maintain the Information Security Council.
• Coordinate the development, implementation, and maintenance of corporate information security policies and procedures.
• Create, implement, and monitor policies to prevent loss and inappropriate distribution of sensitive information.
• Work with Compliance, public relations, and marketing to increase public awareness of information security efforts.
• Analyze and assess information flows across business units and address security implications.
• Investigate and handle information security-related incidents and consumer complaints.
• Lead the Incident Response Team and coordinate with the Chief Privacy Officer to manage security incidents.
• Ensure regular information security risk assessments and compliance-monitoring activities occur.
• Develop, implement, and monitor a comprehensive strategic enterprise information systems security risk management program.
• Partner with business leadership to raise awareness of risk management concerns.
• Assist with overall business technology planning related to information security.
• Coordinate with the Chief Privacy Officer to develop ongoing corporate information security training and awareness activities.
• Contribute to a review process ensuring all agreements include information security requirements.
• Ensure procedures and technology are implemented to monitor access to information systems.
• Coordinate with the Chief Privacy Officer to ensure compliance with corporate privacy policies.
• Advise corporate personnel on access to sensitive data.
• Ensure ongoing oversight and integration of information security with business operations.
• Address access control, disaster recovery, business continuity, and incident response needs.
• Perform ongoing information risk analysis and risk management activities.
• Work with vendors and third parties to evaluate and improve information security.
• Hold everyone accountable for established information security policies.
• Organize and lead an Information Security Oversight Council.
• Consistently review the organization's information security practices.
• Update information security policies as needed.