Information Security Director

Information Security Director

Gainesville, GA

Onsite

Job Summary

Serves the organization, patients, and other customers by providing a wide range of Information Security, Cyber Security & related technical services. Assists in the formulation of strategic planning for both short- and long-term activities, and performing all other duties as assigned by the Chief Technology Officer. Operationally skilled, willing and eager to dive into deep technical challenges to provide direction, support and assistance to enhance health system outcomes. Strong knowledge of the OSI model to understand issues from physical to application layer. Disaster recovery planning and testing for highly available infrastructure. Deep skills and experience in managing complex large-scale projects required. Serve as the focal point of contact for the information security team and ITS organization in continual alignment with the Chief Technology Officer and Chief Information Officer as required.

Minimum Job Qualifications

• Licensure or other certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.
• Educational Requirements: Bachelors Degree in Information Systems, Information Technology Management or related field required.
• Minimum Experience: Minimum of ten (10) years of advanced IT Security experience with an emphasis in Cyber Security, Risk Management and Data Governance is required.
• Hospital backgroud preferred

Job Specific and Unique Knowledge, Skills and Abilities

• Accomplished team-oriented leader with demonstrated results in leading a high-performing team and mentoring and developing staff
• Proven ability to take individual initiative and responsibility for assignments; high attention to detail; outstanding follow through; problem solver
• Demonstrates ability to engage in and complete multiple concurrent assignments, on-time and within budget
• Excellent verbal, written, analytical, problem solving and organizational skills. Customer-focused and service-oriented
• Proven ability to maintain a positive attitude in a team environment
• Proactive in bringing issues to the senior management team and other leaders, building consensus and delivering practical solutions
• Demonstrated skills in critical thinking, negotiation, meeting facilitation and relationship building
• Must be a skilled decision-maker who works efficiently in a high stress environment
• Fiscally responsible, experienced in managing budgets
• Demonstrates strong understanding of leading telecommunications technologies and methodologies implemented in 24x7 mission-critical environments
• ​

Essential Tasks and Responsibilities

• Develops an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate
• Provides regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes
• Minimum ten (10) years relevant IT and Cyber Security experience in key technical security and leadership roles. Understands and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
• Facilitates an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board as required.
• Develops, socializes and coordinates approval and implementation of security policies. Manages operational and capital budgets for the information security function, monitoring and reporting on opportunities and discrepancies
• Creates and manages a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations
• Leads the strategic alignment for Third- Party Risk Management organization-wide to assess, educate, mitigate and reduce risk throughout the healthcare system.
• Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.
• Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
• Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action.
• Manages and contains information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.
• Oversees technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.
• Develops and oversees effective disaster recovery (DR) policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter.
• Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas
• Assists in the formulation of strategic planning for both short- and long-term activities, and performing all others duties as assigned by the Chief Technology Officer.