Director of Information Security

As Director of Information Security you will:

• Security of Data Assets: Oversee security and risk practices to ensure the organization is as protected against internal and external threats to the extent possible.
• Security Risk Management: Manage the ongoing risk assessment function to identify the greatest threats to the organization and recommend approaches. Oversee strategies to assess, prioritize, and mitigate risks to physical and virtual assets.
• Vendor Management: Assess and manage the security risks associated with third-party SAAS vendors. Establish security requirements and standards for vendor contracts, conduct security assessments of vendors, and monitor ongoing compliance.
• Growth: Assess language in contracts with insurance company and proactively flag particularly arduous requirements.
• Incident Management: Supervise incident investigations and disposition.
• Security Controls: Develop and implement security controls, policies & procedures, and enforcement.
• Compliance: Working with legal, ensure the company complies with local, state, and national regulations in areas of security and privacy.
• Innovation: Continually research best practices, industry trends, and vendor solutions to ensure the organization is functioning with an optimal approach, knowledge, and toolsets.
• Documentation & Knowledge Sharing: Maintain appropriate documentation of incidents, risk assessments, and education. Must be intimately familiar with, and author of company policies and procedures related to technology and security.
• Disclosures: Assist in the analysis and reporting of Privacy and Security disclosures.
• Budgeting: Provide input into annual organizational budget planning and manage the execution of approved security department budget, for the technologies, contracts, and professional services required each year.

You will be a good fit if you have:

• A combination of technical expertise, leadership skills, business and industry knowledge, and soft skills to effectively manage the security function for our customer.
• Legal & Regulatory: Knowledge and strong understanding of relevant legal and regulatory requirements, such as Health Insurance Portability and Accountability Act (HIPAA), Service Organization Control (SOC) standards, NIST, and HITRUST.
• Security Management: Knowledge and experience in information security management frameworks, policy and procedure development, information security assessments, audits, threat and detection.
• Risk Management: Knowledge of risk analysis methodologies and how to apply them.
• Infrastructure: Strong working knowledge of virtual infrastructures to understand and identify cybersecurity threats and how to mitigate them.
• Controls: Knowledge of technology as it relates to privacy and security controls.
• Balance: Knowledge of how to balance the needs of security with the workflow and needs of company employees, customers, and vendor partners.
• Strategic Thinking: The ability to align security efforts with the organization’s strategic goals and objectives.

The experience you bring to this role includes:

• Information Security Experience: Minimum of seven years of experience in information security, quality control, risk management, regulatory compliance, corporate compliance, healthcare compliance, privacy compliance or workplace safety compliance roles. Employment history must demonstrate increasing levels of responsibility.
• Leadership Experience: At least 2 years of experience leading projects, and/or providing strategic guidance.
• Industry Experience: A minimum of 5 years’ experience in healthcare
• Certification in one or more of the following is required: CISSP, CISA, CISM, CRISC or comparable. If not currently held, the candidate must successfully complete certification within the first year of employment.