Director of Information Security
The Director of Information Security will be responsible for developing, implementing and monitoring a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed ChenMed.
ESSENTIAL JOB DUTIES/RESPONSIBILITIES:
- Develops corporate security strategy, security architecture, and security incident response.
- Manages the company security organization, consisting of possible direct and indirect reports, to include hiring, training, staff development, performance management and annual performance review.
- Develops and manages budgets and monitors for variances.
- Works with business units to facilitate IT risk assessment and risk management processes, and works with stakeholders through the company on identifying acceptable levels of residual risk. Oversees and conducts periodic security risk assessments in accordance with the HIPAA Security Rule and ChenMed policies.
- Provides strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
- Educates IT and Business leaders on appropriate security risk and mitigation strategies and approaches.
Other responsibilities may include:
- Manages security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
- Collaborates with ChenMed CIO, Corporate Compliance and Legal Departments as needed, and coordinates the IT component of both internal and external audits, federal and state examinations to ensure security programs are in compliance with relevant laws, regulations and policies.
- Works with business, clinical, and compliance leaders to ensure security programs are in compliance with HIPAA Security Rule and other relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
- Develops, maintains and publishes up-to-date security policies, standards and guidelines. Oversees training and dissemination of security policies and practices.
- Evaluates new security threats and healthcare IT trends and develops effective security controls.
- Oversees development of ChenMed security awareness programs.
- Develops and oversees effective disaster recovery policies and standards to align with company business continuity management program goals. Coordinates development of implementation plans and procedures to ensure business critical services are recovered in the event of disasters or other incidents, and provides direction, support and in-house consulting in these areas.
- Oversees continuous monitoring and protection of ChenMed information systems, facilities, data centers, and cloud services.
- Evaluates potential security breaches, coordinates response, and recommend corrective actions.
Other duties as assigned and modified at manager’s discretion.
KNOWLEDGE, SKILLS AND ABILITIES:
- Certified Information System Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Healthcare Privacy & Security (CHPS).
- Current knowledge of federal and state privacy and security laws and regulations, as well as industry best practices.
- Ability to serve as a security resource to all levels including executive management, department staff, and external bodies, such as state agencies.
- Demonstrate competence in the areas of the critical thinking and problem solving, interpersonal relationships, and technical skills.
- Fluent in English.
Additional Job Description
EDUCATION AND EXPERIENCE CRITERIA:
- Master's degree in Information Systems, Business, Computer Science, or related field.
- Five (5) years management experience in Information Technology OR
- Bachelor's degree in Information Systems, Computer Science or related field with seven (7) years management experience in Information Technology.
- Directly related experience may be considered in lieu of educational requirements.
- Healthcare management experience is preferred.