The Director, Cyber Security & Risk Management is responsible for providing managing the “Engineering & Operations” unit within the Cyber Security & Risk Management (CSRM) department. The candidate will provide oversight, and direction to ensure corporate information protection polices, processes, and safeguards are consistently applied to protect patient, employee, and proprietary confidential data. This individual will act as a liaison and subject matter expert for the business units and management on matters regarding information security and compliance with HIPAA, Joint Commission and NIST Data Security Standards. The candidate will be responsible for hiring and maintaining top notch security talent and report directly to the Chief Information Security Officer.
PRINCIPAL DUTIES AND RESPONSIBILITIES
- Support the Chief Risk & Security Officer in the development and execution of security strategy and definition, management and communication of overall business cyber risk.
- Align all activities with the HSS and department objectives, NIST Cyber Security Framework, HIPAA and organization’s risk profile.
- Foster a working relationship with various departments within and outside IT for collaborative pursuit of security objectives
- Work collaboratively with the other Directors, CMIO, CIO, Service Line Leads, Steering Committees and other key partners to determine technical information security requirements, planned remediation, and advocate for the program to gain resources/funding to implement appropriate protection technologies and processes.
- Manage all aspects of budget, team, security projects, operations and vendors for ‘Security Engineering and Operations’ unit within the security department including management of all current and future security technologies both on premises and in public/private cloud.
- Manage a team, various security technologies, and service providers such as Rapid7, Symantec Endpoint Protection (SEP), Data Loss Prevention, Cylance, Dell Endpoint Encryption, Cloud Security Access Brokers and Native AWS, O365, Azure security configurations
- Provide tier 2 and escalate tier 3 level support for all day to day security operations, incident response and breach management.
- Ensure efficacy of security processes namely ‘Threat Management’ including ‘Vulnerability/Patch Management’, ‘Security Monitoring/Incident Response’, ‘Security Deployment and Operations’. Assist with ‘Risk Management’, ‘Security Awareness’ and ‘Security Architecture’.
- Provide status reports on a weekly, monthly and quarterly basis to business managers and other management activities that demonstrate the health of the program. Develop board level metrics and key risk indicators on overall state of security posture and demonstrate increase in the maturity of the program
- Recommend security improvements by assessing currents needs, evaluating trends, and anticipating future requirements for continuous improvement.
- Maintain up-to-date knowledge of the IT security industry and healthcare vertical including awareness of new or revised security solutions, improved security processes, and the development of new attacks or threats. Represent security within HSS and on behalf of HSS within the industry.
- Manage capital and operational budgets, including budget planning and design, 3-year forecasting, understand HSS revenue stream, capacity planning, expertise alignment, and resource optimization
- Hire and retain security talent through engagement, mentorship and by creating a positive and rewarding work culture. Develop/hire talent to secure modern technologies and platforms including cloud, mobility, DevOps and data analytics. Manage, coach, motivate, and mentor Security engineers using feedback, coaching, delegation, and one on one meetings