System Director IT Security

About The Position

Requirements

• Bachelor's Degree Required
• 5 years Working in information systems security in a complex environment managing firewalls and other security tools. Required
• 2 years Experience in a management role in a complex organization. Required
• Demonstrated expertise in information security infrastructure, architecture, and controls, including network security, firewalls, endpoint protection, identity and access management, logging, and threat detection technologies. (Required proficiency)
• Ability to independently lead and prioritize multiple complex initiatives simultaneously, balancing operational demands, strategic objectives, and risk considerations across different stages of execution (Required proficiency)
• Proven ability to apply critical thinking and sound judgment to translate business, clinical, and operational needs into effective security strategies and technology solutions, while appropriately managing risk and regulatory considerations. (Required proficiency)
• Strong financial acumen with the ability to develop, manage, and justify security budgets, evaluate return on investment, and ensure spending aligns with enterprise risk priorities and organizational goals. (Required proficiency)
• Ability to communicate cybersecurity risks, priorities, and incidents effectively to technical and non ‑ technical audiences, including executive leadership
• Strong understanding of cybersecurity governance, risk management frameworks, and regulatory requirements applicable to healthcare environments.
• Certified Information System Security Professional - CISSP - IISSCC Required

Nice To Haves

• equivalent senior-level security certification (e.g., CISM) Preferred

Responsibilities

• Strategic Planning – Develop and execute a strategic approach to information security investments, ensuring the protection of PHI and other sensitive data while strengthening system resilience against phishing, malware, ransomware, and related threats.
• Personnel Management – Lead the IT Security Team and collaborate closely with the CIO, Director of IS, IS Engineering Manager, and Helpdesk Manager to ensure Stormont Vail staff effectively manage risk and continuously improve the organization’s security posture.
• Risk Management & Governance – Oversee cybersecurity operations and enterprise risk management, including risk assessments, security exception management, and the development and enforcement of enterprise information security policies.
• Fiscal Responsibility – Provide budget guidance during the annual planning process and manage security-related CapEx and OpEx budgets.
• Security Operations & Monitoring – Ensure appropriate vendor relationships and tools are in place to monitor SVH security infrastructure 24x7.
• Incident Response Planning – Establish and maintain robust incident-response processes to ensure rapid, coordinated action during security events
• Develop & manage IS Quality of Service measures for IS security to provide transparency on current security risks.
• Develop strong partnership with IS Applications, IT Security, and all other technology teams.
• Responsible for 24x7x365 IS Security Team.
• Monitor industry data to be prepared for new security threats.
• Provide education to all organization levels or security risks and appropriate actions to take to prevent SVH from being impacted by the potential threats.
• This position will assist the Project Management team with typical PMO activities such as system security assessment
• Ensure that the IS Security Exception process is in place and effectively manages the security risks SVH leadership is willing to accept.
• Coordinate with Compliance and Legal on HIPAA/HITECH requirements