• Director, Cyber Security & Risk Management

    Location US-NY-New York
    Posted Date 3 months ago(3 months ago)
    Job ID
    2018-10129
    Category
    Information Technology - All Openings
    Emp Status
    Regular Full-Time
    Hours per Week
    35
    Shift
    Days
  • Overview

    The Director, Cyber Security & Risk Management is responsible for providing managing the “Engineering & Operations” unit within the Cyber Security & Risk Management (CSRM) department. The candidate will provide oversight, and direction to ensure corporate information protection polices, processes, and safeguards are consistently applied to protect patient, employee, and proprietary confidential data. This individual will act as a liaison and subject matter expert for the business units and management on matters regarding information security and compliance with HIPAA, Joint Commission and NIST Data Security Standards. The candidate will be responsible for hiring and maintaining top notch security talent and report directly to the Chief Information Security Officer.

     

    PRINCIPAL DUTIES AND RESPONSIBILITIES

     

    • Support the Chief Risk & Security Officer in the development and execution of security strategy and definition, management and communication of overall business cyber risk.
    • Align all activities with the HSS and department objectives, NIST Cyber Security Framework, HIPAA and organization’s risk profile.
    • Foster a working relationship with various departments within and outside IT for collaborative pursuit of security objectives
    • Work collaboratively with the other Directors, CMIO, CIO, Service Line Leads, Steering Committees and other key partners to determine technical information security requirements, planned remediation, and advocate for the program to gain resources/funding to implement appropriate protection technologies and processes.
    • Manage all aspects of budget, team, security projects, operations and vendors for ‘Security Engineering and Operations’ unit within the security department including management of all current and future security technologies both on premises and in public/private cloud.
    • Manage a team, various security technologies, and service providers such as Rapid7, Symantec Endpoint Protection (SEP), Data Loss Prevention, Cylance, Dell Endpoint Encryption, Cloud Security Access Brokers and Native AWS, O365, Azure security configurations
    • Provide tier 2 and escalate tier 3 level support for all day to day security operations, incident response and breach management.
    • Ensure efficacy of security processes namely ‘Threat Management’ including ‘Vulnerability/Patch Management’, ‘Security Monitoring/Incident Response’, ‘Security Deployment and Operations’. Assist with ‘Risk Management’, ‘Security Awareness’ and ‘Security Architecture’. 
    • Provide status reports on a weekly, monthly and quarterly basis to business managers and other management activities that demonstrate the health of the program. Develop board level metrics and key risk indicators on overall state of security posture and demonstrate increase in the maturity of the program
    • Recommend security improvements by assessing currents needs, evaluating trends, and anticipating future requirements for continuous improvement.
    • Maintain up-to-date knowledge of the IT security industry and healthcare vertical including awareness of new or revised security solutions, improved security processes, and the development of new attacks or threats. Represent security within HSS and on behalf of HSS within the industry.
    • Manage capital and operational budgets, including budget planning and design, 3-year forecasting, understand HSS revenue stream, capacity planning, expertise alignment, and resource optimization
    • Hire and retain security talent through engagement, mentorship and by creating a positive and rewarding work culture. Develop/hire talent to secure modern technologies and platforms including cloud, mobility, DevOps and data analytics. Manage, coach, motivate, and mentor Security engineers using feedback, coaching, delegation, and one on one meetings

     

    Qualifications

    • Bachelor’s in Information Systems required. Masters preferred.
    • 10 years of hands on information security experience with at least 5 years as a lead/manager/department head leading a multi-disciplinary security department
    • At least 3 years working in a regulated industry (healthcare preferred)
    • A broad, enterprise-wide view of businesses and understanding of security strategy
    • Experience with development of strategic IT security plan, goals and budgets
    • Directly responsible for completion of multiple multi-year enterprise wide Network, Endpoint and Application security projects involving multiple vendors and other IT departments while maintaining/managing daily operations
    • Experience using project management tools to perform functions such as tracking project status, effort reporting, resource/capacity planning and prioritization
    • Experience administering tools for services such as the following: anti-virus, vulnerability assessments and remediation, intrusion prevention system (IPS), security incident event management (SIEM), log monitoring/correlation, security incident tracking, internal and external penetration testing, advanced firewall and other network protection. end-point workstation security protection, mobile device security and encryption
    • Knowledgeable of cloud and mobile device security requirements, risks and mitigation strategies.
    • Ability to rapidly comprehend and interpret the functions and capabilities of modern technologies.
    • Thorough knowledge of SDLC, HIPAA security rule, COBIT and NIST and the ability to apply Information Security principles to business solutions.
    • Strong analytical skills and the ability to resolve complex security vulnerabilities and design compensating controls
    • Excellent written and verbal communication skills; interpersonal skills
    • Must possess a high degree of integrity and trust along with the ability to work independently as well as motivate others
    • CISSP, CISM, C-RISC, GIAC or other technical security certifications

     

    EOE

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed