Director of I.T. Security Information (Healthcare)

REMOTE OPPORTUNITY
Director of I.T. Security Information (Healthcare)
Position Overview
The Director of Information Security is a senior leadership position responsible for leading and overseeing The Company's information security function. This role is critical in safeguarding the confidentiality, integrity, and availability of our organization's information assets and technology products. The director develops and implements comprehensive strategies, policies, and procedures to identify and mitigate risks, ensure compliance with industry regulations, and responds effectively to security incidents.
Duties and Responsibilities
1. Strategic Planning:
Develop and implement the organization's information security strategy, aligning it with business objectives and risk tolerance.
Identify and prioritize security initiatives, establish security goals, and create a roadmap for their implementation.
2. Risk Management:
Conduct regular risk assessments to identify and evaluate potential security threats and vulnerabilities.
Develop and implement risk mitigation strategies, including security controls, policies, and procedures.
Monitor and manage security risks through ongoing assessments and the implementation of appropriate safeguards.
Foster a culture of security awareness through formal and informal training.
3. Policy and Procedure Development:
Establish and enforce information security policies, standards, guidelines, and procedures.
Ensure compliance with relevant laws, regulations, and industry best practices.
4. Incident Response and Management:
Lead incident response efforts during security breaches or incidents.
Coordinate with relevant teams to investigate, contain, and remediate security issues promptly.
5. Governance and Compliance:
Establish governance frameworks for information security.
Ensure compliance with legal and regulatory requirements (e.g., HIPAA, PCI, HITRUST).
6. Stakeholder Collaboration:
Collaborate with stakeholders across the organization to promote a culture of security.
Align information security practices with business objectives and work with executive leadership.
Develop your team to provide high-quality support for all stakeholders.
7. Technical Controls:
Manage technical safeguards to ensure they perform as required.
Review emerging technologies for fit and update the information security roadmap accordingly.
8. External Relations:
Build and maintain relationships with external partners, such as security vendors, service providers, auditors, and industry peers.
Stay informed about emerging threats, best practices, and regulatory changes.
9. Resource Advocacy:
Provide guidance and direction on security matters to executive leadership and board members.
Advocate for the necessary resources and support to maintain a strong security posture.
Secondary Duties and Responsibilities
Support Information Security Incident Response, System Recovery, Disaster Recovery, and Business Continuity processes and procedures as needed.
Perform other duties and tasks as assigned.
Education/Training and Certification, Licensure, Registration Requirements
Bachelor's degree strongly preferred in Information Technology or equivalent work experience.
An advanced degree in Information Systems, Business, Planning, or a related field is a plus.
Experience
5+ years of leadership experience in building and leading Information Security teams and programs in mid to large healthcare delivery systems.
Proven experience in managing healthcare GRC programs, including HITRUST policy & technical control management and security risk assessment.
Environment and/or Physical Factors
Prolonged periods sitting at a desk and working on a computer.
Must be able to lift up to 15 pounds at a time.
Desired Qualifications
Bachelor's degree in a relevant field (e.g., Computer Science, Information Systems, Cybersecurity).
Proven experience in information security leadership roles.
Industry certifications (e.g., CISSP, CISM, CRISC) are highly desirable.
Strong knowledge of HIPAA, HITRUST, CIS, and NIST security frameworks, risk management, and compliance.
Excellent communication and leadership skills.