The Director Information Security Risk Management is responsible for the development and delivery of a comprehensive information security program and for the oversight and management of: PHI; information security risk assessments; vendor security contract reviews; information security governance; information security control testing; interaction with auditors and regulators; and company-wide information security training and awareness initiatives. The Director will manage a team of analysts that will be focused on coordinating the information security efforts across that company.
Responsible for developing and maintaining information security policies, standards, processes, guidelines and procedures.
Responsible for monitoring and auditing specific information security related controls and processes throughout the organization.
Responsible for ensuring vendors and service providers comply with required security standards as set forth in contracts and the organization's policies.
Responsible for developing and working with training to maintain an education, compliance and awareness program on information security for the employees.
Keeps abreast of regulatory and legal requirements, and industry best practices in order to maintain acceptable risk management levels and minimize the risk of security breaches.
Manages a comprehensive Security Risk Management program that involves development and implementation of an ongoing risk assessment program targeting information security and privacy risks, as well as direct and indirect senior management and board reporting.
Develop and implement an incident reporting and response program to address security incidents, respond to policy violations and complaints from internal or external parties.
Develops and executes program for vulnerability detection, testing and remediation.
Manages select IT Governance audits and examinations, as well as tracking the disposition and status of all identified control items.
Assists Compliance Officer and Operational Risk teams in complying with SOX, the FACT Act, HIPPA, High Impact Trust, Identity Theft Red Flag programs and all regulatory controls involving Information Technology and Information Security.
Perform duties & responsibilities specific to department functions & activities.
Human Resource Management
Supervision of staff, set goals and holds people accountable for results.
Ensures that the group provides outstanding customer service.
Coordinates activities to maximize the efficiency of all processes.
Develops team and is focused on succession plan within the group.
Ensures that employees all have goals and receive regular feedback on their performance.
Performance management of personnel including, reviews, corrective action, mentoring, development plans and performance improvement plans.
Creates and implements performance metrics.
Assesses training needs and selects training tools for team members.
Mentors staff to overcome limitations and achieve maximum potential.
Completes/presents performance reviews to assess employees’ skill sets, provide feedback on progress, and identify goals.
Creates improvement plans for those personnel not meeting expectations.
Handles difficult personnel situations directly, using appropriate discretion, HR advice, and respect for the individual.
Plans, organizes and implements team goals and objectives designed to provide a single point of contact for first and second level application problem resolution, management reporting, and change control verification.
Reviews paperwork for accuracy and correct process.
Must participate in scheduled and unscheduled onsite compliance audits.
Implements corrective/preventive measures as determined by the Corporate Compliance/Audit Committee.
Cooperates with Internal Audit, Compliance and HR on any recommendations and changes to compliance and legal information security and privacy issues.
Takes swift and immediate action in accordance with Internal Audit and Corporate Compliance on any areas of concern.
Complies and enforces all policies and procedures.
Has successfully completed all required Compliance Training within the required time period.
Has had no compliance related corrective action during the current review period.
Requires hands-on experience with security management products.
CISSP, CHPS and CISM/CISA certifications preferred.
Requires working knowledge of IP routing and networks, encryption, firewalls, intrusion detection systems, VPN’s, UNIX, Linux, and Windows operating systems and identification, authentication and authorization systems and accounting policies.
Must possess excellent written and oral communications skills and the ability to problem-solve technical issues.
Requires the application of compliance and risk management efforts within a highly regulated environment.
Must be able to clearly define and present ideas, and effectively communicate with all levels of management.
Requires the flexibility to act in both a strategic management role as well in a technical leader capacity when required.
Requires proficiency with varied types of computer hardware and software and with varied computer and network operating systems.
Must possess a general knowledge of all operations.
Must exercise a reasonable amount of independent judgment under a minimum of supervision.
Requires strong interpersonal and organizational skills, including the ability to meet deadlines.
Requires analytical abilities to weigh each identified security risk against the expense of enforcing and monitoring its mitigating security control.
Requires the ability to lead a strong team and achieve results in a challenging environment.
Working knowledge of and experience in the healthcare provider information security policy and regulatory environment.
Bachelor’s degree with emphasis in a computer related field or the equivalent skills, knowledge and mental development.
A minimum of seven years background in Information Security and Risk Management with prior experience in a security management leadership position managing a security and governance program.
This brief summary is not an all-inclusive description of job duties. Other job duties and responsibilities may also be assigned by the incumbent’s supervisor at any time based upon Company need.
Rural/Metro is a proud Equal Opportunity employer, m/f/d/v.