Sr. Director & Chief Information Security Officer
Erlanger
Date: 12 hours ago
City: Chattanooga, TN
Contract type: Full time
Job Summary
The Sr. Director and Chief Information Security Officer (CISO) position reports directly to the Senior Vice President and Chief Information Officer (CIO) in Technology Management Division and with a dotted line to the Chief Legal Officer (CLO) for the Health System. The position is responsible for ensuring the evaluation, implementation, and ongoing monitoring activities across the Health System, as they relate to security of information systems and confidential or sensitive electronic records (data) held by the organization. The CISO will promote, implement, and maintain corporate-wide information security strategy providing a comprehensive and practical set of information security policies, procedures, and technology (safeguards) to help ensure the confidentiality, integrity, and availability in accordance with mission and vision of the health system and regulatory requirements.
Education:
Required:
BS in Cyber Security, Information Assurance, Information Technology, Computer Science, Computer Networking, Computer Information Systems, Information Management, or related field
Preferred:
Masters of Science Degree in Cyber Security, Information Assurance, Information Technology, Computer Science, Computer Networking, Computer Information Systems, Information Management, or related field
Experience:
Required:
10+ years of experience with Information Systems Security or combination of Information Systems experience including 5 + years of experience in a dedicated Information Security Management, or Security Operations role.
5 + years of knowledge and experience in the healthcare industry and in depth knowledge of the HIPAA Privacy & Security regulations, HITECH, NIST cybersecurity framework, and compliance with other applicable Federal, State, and local regulations.
Demonstrated organization, facilitation, communication, documentation and presentation skills
Experience in creating and managing a departmental budget
Experience and effectiveness in leading initiatives and projects
Outstanding interpersonal and communication skills
Must possess a high degree of integrity and trust along with the ability to work independently
Ability to assess and weigh current and evolving business risks and enforce appropriate information security measures
Strong technical computing and networking skills
Experienced in the management of both physical and logical information security systems
Preferred:
N/A
Position Requirement(s): License/Certification/Registration
Required:
Industry certification in information security
Preferred:
One or more Information Security Certification(s) or similar Industry security certifications (ISC2 CISSP, ISACA CISM, SANS GIAC GSEC) preferred, but not required
Department Position Summary:
The position is responsible for ensuring the planning, implementation, compliance, and ongoing activities across the Health System, as they relate to information security (cybersecurity) The CISO is the process owner of all information assurance activities related to maintaining the confidentiality, integrity, and availability of customer, business partner, employee and other sensitive business information in compliance with the organization's information security policies and regulatory requirements. The CISO will promote a corporate-wide information security philosophy supporting a comprehensive and practical set of privacy and security policies, procedures, and technology to not only protect the organization from information security-related liability, but also to use information security practices as a way to create customer goodwill, enhance the reputation of the organization, promote market returns, and to ensure HIPAA/HITECH privacy and security rule compliance.
Knows, keeps current, understands, and ensures corporate compliance with all relevant laws, regulations, and standards of any jurisdiction in which the Health System conducts business that apply to the Health System. This includes the laws of any jurisdiction in which the Health System conducts business, including local, state, federal privacy and information security related laws and accreditation standards.
Maintains knowledge of and ensures proper application of common information security management standards and frameworks, such as National Institute of Standards and Technology (NIST) cybersecurity framework.
Keeps current with privacy and information security technologies.
Responsible for implementing, managing, and enforcing information security directives as mandated by the organization, law, regulatory requirements, and policy.
Provides leadership and oversight for all information security-related activities of the Health System.
Communicates and works with Senior Management and Compliance Officer to establish, maintain, and provide leadership for the Information Security Council to ensure the consistent application of policies and standards across all technology projects, systems and services.
Coordinates the development, implementation, and maintenance of corporate information security policies, procedures, and plans with the Information Security Council.
Creates, implements, and monitors policies, procedures and practices to help prevent loss and inappropriate distribution of sensitive corporate information and protected health information.
Works with the Compliance, public relations and marketing to increase the public awareness of the Health System's information security efforts, and address information security -related issues and incidents.
Analyzes and assesses information flows across and between business units, and address the information security implications of the flows.
Investigates and handles information security-related incidents and consumer complaints related to information security.
Leads the Incident Response Team and coordinates with the Chief Privacy Officer (CPO) to contain, investigate, mitigate and work to prevent future computer security incidents or breaches.
Ensures the application and assessment of information security compliance benchmarks and ensures regularly scheduled information security risk assessments and compliance-monitoring activities occur.
Develop, implement and monitor a comprehensive strategic enterprise information systems security risk management program.
Partner with business leadership and stakeholders across the enterprise to raise awareness of risk management concerns and promote essential information security policy elements organization-wide.
Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems as related to information security.
Coordinates with the Chief Privacy Officer (CPO) the development and implementation of ongoing corporate information security orientation, training, and awareness activities and communications for business partners and personnel at all levels. Leads information security awareness and training initiatives to educate workforce about information risks.
Contributes to a review process that ensures all trading partner and business associate agreements and contracts include information security requirements and responsibilities, and addresses all related information security concerns.
Ensures procedures and technology are implemented to monitor and track access to information systems and sensitive or confidential data as required.
Coordinates with the CPO and works with the Privacy Council to create, implement, and maintain procedures for receiving, documenting, tracking, investigating and addressing complaints or concerns regarding the Health System's information security.
Coordinates with the CPO to ensure compliance with corporate privacy policies and procedures.
Understands the organization's technical infrastructure, and promotes the use of privacy and information security enhancing practices, procedures, and technologies.
Advises and works with corporate personnel involved with any aspect of access to personally identifiable information, or any other type of sensitive data.
Ensures the ongoing oversight and integration of information security with health-care system business operations, strategies, and requirements.
Ensures that the access control, disaster recovery, business continuity, and incident response needs of the organization are properly addressed and raised to management.
Performs and coordinates ongoing information risk analysis and risk management activities related to information security as required to meet regulatory requirements and works with Executive Leadership to determine acceptable levels of risk for the organization.
Works with vendors, outside consultants, and other third parties to evaluate and improve information security across the organization.
Holds everyone, including self, accountable for established information security policies and procedures.
Organizes and leads an Information Security Oversight Council.
Consistently reviews the organization's information security practices.
Updates information security policies on an ongoing and as needed basis.
Erlanger Baroness Hospital Chattanooga, TN
Sr. Director & Chief Information Security Officer
Standard Hours
Regular
The Sr. Director and Chief Information Security Officer (CISO) position reports directly to the Senior Vice President and Chief Information Officer (CIO) in Technology Management Division and with a dotted line to the Chief Legal Officer (CLO) for the Health System. The position is responsible for ensuring the evaluation, implementation, and ongoing monitoring activities across the Health System, as they relate to security of information systems and confidential or sensitive electronic records (data) held by the organization. The CISO will promote, implement, and maintain corporate-wide information security strategy providing a comprehensive and practical set of information security policies, procedures, and technology (safeguards) to help ensure the confidentiality, integrity, and availability in accordance with mission and vision of the health system and regulatory requirements.
Education:
Required:
BS in Cyber Security, Information Assurance, Information Technology, Computer Science, Computer Networking, Computer Information Systems, Information Management, or related field
Preferred:
Masters of Science Degree in Cyber Security, Information Assurance, Information Technology, Computer Science, Computer Networking, Computer Information Systems, Information Management, or related field
Experience:
Required:
10+ years of experience with Information Systems Security or combination of Information Systems experience including 5 + years of experience in a dedicated Information Security Management, or Security Operations role.
5 + years of knowledge and experience in the healthcare industry and in depth knowledge of the HIPAA Privacy & Security regulations, HITECH, NIST cybersecurity framework, and compliance with other applicable Federal, State, and local regulations.
Demonstrated organization, facilitation, communication, documentation and presentation skills
Experience in creating and managing a departmental budget
Experience and effectiveness in leading initiatives and projects
Outstanding interpersonal and communication skills
Must possess a high degree of integrity and trust along with the ability to work independently
Ability to assess and weigh current and evolving business risks and enforce appropriate information security measures
Strong technical computing and networking skills
Experienced in the management of both physical and logical information security systems
Preferred:
N/A
Position Requirement(s): License/Certification/Registration
Required:
Industry certification in information security
Preferred:
One or more Information Security Certification(s) or similar Industry security certifications (ISC2 CISSP, ISACA CISM, SANS GIAC GSEC) preferred, but not required
Department Position Summary:
The position is responsible for ensuring the planning, implementation, compliance, and ongoing activities across the Health System, as they relate to information security (cybersecurity) The CISO is the process owner of all information assurance activities related to maintaining the confidentiality, integrity, and availability of customer, business partner, employee and other sensitive business information in compliance with the organization's information security policies and regulatory requirements. The CISO will promote a corporate-wide information security philosophy supporting a comprehensive and practical set of privacy and security policies, procedures, and technology to not only protect the organization from information security-related liability, but also to use information security practices as a way to create customer goodwill, enhance the reputation of the organization, promote market returns, and to ensure HIPAA/HITECH privacy and security rule compliance.
Knows, keeps current, understands, and ensures corporate compliance with all relevant laws, regulations, and standards of any jurisdiction in which the Health System conducts business that apply to the Health System. This includes the laws of any jurisdiction in which the Health System conducts business, including local, state, federal privacy and information security related laws and accreditation standards.
Maintains knowledge of and ensures proper application of common information security management standards and frameworks, such as National Institute of Standards and Technology (NIST) cybersecurity framework.
Keeps current with privacy and information security technologies.
Responsible for implementing, managing, and enforcing information security directives as mandated by the organization, law, regulatory requirements, and policy.
Provides leadership and oversight for all information security-related activities of the Health System.
Communicates and works with Senior Management and Compliance Officer to establish, maintain, and provide leadership for the Information Security Council to ensure the consistent application of policies and standards across all technology projects, systems and services.
Coordinates the development, implementation, and maintenance of corporate information security policies, procedures, and plans with the Information Security Council.
Creates, implements, and monitors policies, procedures and practices to help prevent loss and inappropriate distribution of sensitive corporate information and protected health information.
Works with the Compliance, public relations and marketing to increase the public awareness of the Health System's information security efforts, and address information security -related issues and incidents.
Analyzes and assesses information flows across and between business units, and address the information security implications of the flows.
Investigates and handles information security-related incidents and consumer complaints related to information security.
Leads the Incident Response Team and coordinates with the Chief Privacy Officer (CPO) to contain, investigate, mitigate and work to prevent future computer security incidents or breaches.
Ensures the application and assessment of information security compliance benchmarks and ensures regularly scheduled information security risk assessments and compliance-monitoring activities occur.
Develop, implement and monitor a comprehensive strategic enterprise information systems security risk management program.
Partner with business leadership and stakeholders across the enterprise to raise awareness of risk management concerns and promote essential information security policy elements organization-wide.
Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems as related to information security.
Coordinates with the Chief Privacy Officer (CPO) the development and implementation of ongoing corporate information security orientation, training, and awareness activities and communications for business partners and personnel at all levels. Leads information security awareness and training initiatives to educate workforce about information risks.
Contributes to a review process that ensures all trading partner and business associate agreements and contracts include information security requirements and responsibilities, and addresses all related information security concerns.
Ensures procedures and technology are implemented to monitor and track access to information systems and sensitive or confidential data as required.
Coordinates with the CPO and works with the Privacy Council to create, implement, and maintain procedures for receiving, documenting, tracking, investigating and addressing complaints or concerns regarding the Health System's information security.
Coordinates with the CPO to ensure compliance with corporate privacy policies and procedures.
Understands the organization's technical infrastructure, and promotes the use of privacy and information security enhancing practices, procedures, and technologies.
Advises and works with corporate personnel involved with any aspect of access to personally identifiable information, or any other type of sensitive data.
Ensures the ongoing oversight and integration of information security with health-care system business operations, strategies, and requirements.
Ensures that the access control, disaster recovery, business continuity, and incident response needs of the organization are properly addressed and raised to management.
Performs and coordinates ongoing information risk analysis and risk management activities related to information security as required to meet regulatory requirements and works with Executive Leadership to determine acceptable levels of risk for the organization.
Works with vendors, outside consultants, and other third parties to evaluate and improve information security across the organization.
Holds everyone, including self, accountable for established information security policies and procedures.
Organizes and leads an Information Security Oversight Council.
Consistently reviews the organization's information security practices.
Updates information security policies on an ongoing and as needed basis.
Erlanger Baroness Hospital Chattanooga, TN
Sr. Director & Chief Information Security Officer
Standard Hours
Regular
How to apply
To apply for this job you need to authorize on our website. If you don't have an account yet, please register.
Post a resume