Responsible for developing, implementing, and directing the Information Security Program for the University of Virginia Medical Center. Accordingly, the Director is responsible for planning, directing and coordinating the implementation of strategic initiatives to preserve the availability, integrity and confidentiality of Health System information resources.
¿ Manage Information Security Administration team
¿ Identify key security program elements and involve appropriate departments in building and maintaining a comprehensive information security program
¿ Provide guidance and advocacy regarding prioritization of infrastructure investments that impact information security
¿ Lead the ongoing work of the Information Security Advisory Council (ISAC), whose oversight responsibilities include developing and recommending comprehensive organization-wide information security strategy, plans, policy, procedures, and guidelines
¿ Recommend action on risk issues that relate to information security
¿ Coordinate all information technology and information security audits
¿ Analyze security trends and make recommendations regarding potential threats/risks/exploits, vulnerabilities and control techniques
¿ Direct development and enforcement of information security and privacy policies in compliance with federal and state regulations and standards
¿ Develop and maintain extensive data breach notification plan and conduct yearly tabletop exercises
¿ Assist Medical Center units with investigating security incidents and pursue associated disciplinary and legal matters as directed
¿ Maintain relationships with local, state and federal law enforcement and other government agencies
¿ Monitor and report on Medical Center information security activities and compliance
¿ Manage fiscal/budgetary planning management for assigned areas of responsibility
EDUCATION: Bachelor's degree required, Master's degree preferred.
EXPERIENCE: 7-10 years of demonstrated experience in related area with at least 5 years of leadership preferably in information technology security within the healthcare industry.
Excellent oral and written communication skills are critical to success in this position.
Prefer experience working with legal, audit, and compliance professionals.
Thorough understanding of Federal and Commonwealth regulations including HIPAA, ARRA, HITECH, etc..
LICENSE/CERTIFICATION: One or more of the following professional certifications required: Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (SANS/GIAC), Systems Security Certified Practitioner (SSCP), Certified Information Systems Auditor (CISA).
Annual Salary Range: $102,835.20 - $164,528.00
University of Virginia Health System includes a 604-bed hospital, Level I trauma center, nationally recognized cancer and heart centers and...