Director of Information Services Security - Administration

Primary Responsibilities and Specific Duties:

  • Manages the configuration, support, and evaluation of security tools.
  • Manages oversight of SIEM as it relates to cybersecurity metrics and deliverables.
  • Leads internal and external security audits and provides organizational recommendations to mitigate risks. This includes third party and vendor driven audit activities. Follows up on all audit action items in collaboration with Director of Information Services (IS).
  • Responsible for proposing, establishing, and enforcing baseline computer related security practices within the organization. This includes system rights, data security such as Data Loss Prevention (DLP) strategies, access control to sensitive information and encryption of sensitive data both at rest and in motion.
  • Ongoing oversight of the Corporate Security Risk Analysis Plan.
  • Responsible for the disaster recovery plan, planning process, and working with business owners to ensure items related to the plan are implemented.
  • Responsible for the oversight of Security Analyst position and the various security monitoring systems which include: Audit log management, AI based alerting, AV alert response, and other computer-based security events.
  • Responsible for Corporate communication and training, including the creation of education materials as it relates to cybersecurity initiatives (phishing campaigns, phish alert, CHC News Now Updates).
  • Initiates cybersecurity drills and audits to test internal and external controls, reviewing quarterly and following up with business owners to ensure state of readiness across the organization for any unplanned threats.
  • Responsible for the routine analysis of the vulnerability assessments completed against the IT infrastructure.
  • Analyzes and provides recommendations on new and existing technological solutions based upon organizational needs and objectives.
  • Manages project life cycle related to corporate and departmental deliverables of projected and emerging initiatives.
  • Reviews required security documentation provided by vendors related to vendor partnerships.
  • In collaboration with Director of IS, reviews all Information Services policies and procedures on an annual basis and in line with corporate review policies.  Works with business owners to establish new or modify existing policies and procedures.
  • Lead facilitator of the Information Security Operations Team (ISOT).
  • Leads breach response activities in collaboration with CIO and Director of IS.
  • Leads Business Continuity Planning (BCP/COOP) in collaboration with the Director of IS.
  • Assumes management of Information Services department in the absence of the Director of Information Services and/or CIO.
  • Provides guidance to other IS staff.
  • Works well with others providing administrative support and information pertaining to department operations.
  • Completes work requests and projects as assigned by the VP/CIO.
  • May be required to provide guidance to external vendors.
  • Develops presentations for Executive level review to include data and graphics.
  • Performs other duties as assigned.


Qualifications:

Education:

  • Bachelor's Degree required.
  • Project Management experience preferred.
  • Management experience in the field of IS required.

Experience:

  • At least 7 years direct experience within a business environment and information systems.  
  • Experience in the Healthcare industry preferred.
  • Experience with Windows environments required
  • Experience with Linux environments preferred
  • Experience with MS office suite, Remote Administration Suites, anti-virus programs, and terminal emulation software required

Certification:

  • Certification in Security , CISSP required

Special Skills:

  • Security auditing, review, and response.
  • Knowledge of HIPAA, HITECH and NIST Standards
  • Knowledge of pen testing methodologies.
  • Must have advanced working knowledge of network architecture, topology, and usage
  • Workstation knowledge must include hardware configuration, software installation and usage, and network security
  • Ability to read, understand and follow oral and written instructions