Director of Information Services Security - Administration
and Specific Duties:
Manages the configuration, support, and evaluation of security tools.
Manages oversight of SIEM as it relates to
cybersecurity metrics and deliverables.
Leads internal and external security audits and provides organizational recommendations to mitigate risks.
This includes third party and vendor driven audit activities. Follows up on all
audit action items in collaboration with Director of Information Services (IS).
Responsible for proposing,
establishing, and enforcing baseline computer related security practices within
the organization. This includes system
rights, data security such as Data Loss Prevention (DLP) strategies, access control to sensitive information and encryption
of sensitive data both at rest
and in motion.
Ongoing oversight of the Corporate Security Risk Analysis Plan.
Responsible for the disaster recovery plan, planning process, and
working with business owners to ensure items related to the plan are
Responsible for the oversight of Security Analyst position and the various security monitoring systems which include: Audit log management, AI based alerting, AV alert response, and other
computer-based security events.
Responsible for Corporate communication and training, including
the creation of education materials as it relates to cybersecurity initiatives
(phishing campaigns, phish alert, CHC News Now Updates).
Initiates cybersecurity drills and audits to
test internal and external controls, reviewing quarterly and following up with business owners to
ensure state of readiness across the organization for any unplanned
Responsible for the
routine analysis of the
vulnerability assessments completed against
the IT infrastructure.
Analyzes and provides recommendations on new and existing technological
solutions based upon organizational
needs and objectives.
Manages project life cycle related to corporate and departmental deliverables of projected
and emerging initiatives.
Reviews required security documentation provided by vendors
related to vendor partnerships.
In collaboration with Director of IS, reviews all Information
Services policies and procedures on an annual basis and in line with corporate
review policies. Works with business
owners to establish new or modify existing policies and procedures.
Lead facilitator of the Information
Security Operations Team (ISOT).
Leads breach response activities
in collaboration with CIO and Director
Leads Business Continuity Planning (BCP/COOP)
in collaboration with the Director of IS.
Assumes management of Information Services department
in the absence of the Director of Information Services
Provides guidance to other IS staff.
Works well with others providing
administrative support and information
pertaining to department operations.
Completes work requests and projects as assigned by the VP/CIO.
May be required to provide guidance to external vendors.
Develops presentations for Executive level
review to include data and graphics.
Performs other duties as assigned.
Bachelor's Degree required.
Project Management experience preferred.
Management experience in the field of
At least 7 years direct
experience within a business environment and information systems.
Experience in the Healthcare industry preferred.
Experience with Windows environments required
Experience with Linux environments preferred
with MS office suite, Remote Administration Suites, anti-virus programs, and
terminal emulation software required
Certification in Security , CISSP required
Security auditing, review, and response.
Knowledge of HIPAA, HITECH and NIST
Knowledge of pen
Must have advanced working
knowledge of network architecture, topology, and usage
Workstation knowledge must include hardware configuration, software installation and usage,
and network security
Ability to read, understand and follow oral and written instructions