Division Director of Information Security Operations
Field IT&S - East Florida Division - Fort Lauderdale, FL

This job posting is no longer available on HCA Inc. Find similar jobs:Field IT&S jobs

GENERAL SUMMARY OF DUTIES – Responsible for leading and driving all information security activities at the hospitals, physician offices, CSCs, ASD facilities, and other facilities within a Division, as a component of the enterprise-wide Information Security (IS) program. This includes the management of multiple projects and initiatives for the deployment of technology, implementation of processes, and delivery of services. Depending on the IT model of the Division, the DISO may supervise 2-4 staff members in Facility Information Security Official (FISO) roles. In all divisions, the FISOs have at least a dotted-line relationship where the DISO oversees and directs security work they perform. The enterprise IS program is led by the VP and CISO and IT&S IS department in Nashville. DISOs are the “face” of the program to our operators in the field, responsible for implementing HCA’s organizational agenda for IS, championing improvements to reduce risks to patients and HCA’s business at hospitals, and serving as a bridge between the facility/division and enterprise side of IS. This role requires extensive focus on building and expanding relationships with key stakeholders such as physicians, hospital leadership, Division leadership, the Division IT team, other DISOs, the IS department, and others supporting IS objectives. DISOs drive the results HCA wants by extending the reach of the enterprise IS program into divisions and facilities and developing security processes, building staff awareness and competencies for security, and effectively collaborating across boundaries to ensure enterprise IS goals and HCA priorities are met and business value is realized. Relationships, collaboration, and communication are all keys to DISO success. HCA seeks to maximize efficiency and effectiveness in its IS investment; DISOs drive consistency and efficiency in IS activities at facilities through alignment with IS program action plans, taking advantage of shared tools and resources, and working with a common focus. This individual is the bridge between the corporate , division, and facility levels for the implementation of Information Security in the Division, including— • Drive key elements in the HCA-wide information security program (30% of time) o Represent facility and division needs in strategic planning, budgeting, and work prioritization for the enterprise IS program o Drive prioritization of day-to-day activities in the IT&S information security department o Identify development in the IT&S IS department’s services and operations needed to resolve operational issues at facilities o Maximize value of shared tools and approaches to drive consistency across the company o Support the enterprise information security program in their division team and with their facilities.
      • Lead Division and facility level information security (20% of time):
      o Serve as advocate for information security in division and facility strategic planning
      o Work with Division leadership, Division IT&S, Facility leadership, HDISs, FISOs, LSCs, and Division and facility staff; as well as other DISOs and the IS department to drive the accomplishment of company information security goals
      o Provide leadership and coordination of compliance activities related to information security policies and standards, HIPAA Security activities, and Internal Audit issues in the Division
      o Lead risk management decision-making and processes involving each facility, within the framework established in the enterprise IS program
      o Lead and coordinate implementation of Information Security technologies and projects
      o Lead Division communications and actions relating to information security

      • Support the Division CIO and IT&S team (20% of time):
      o Lead the management and coordination of Division information security activities, in support of overall Division IT&S activities
      o Track and drive resolution of information security issues
      o Provide technical expertise to resolution of information security issues in the Division
      o Provide leadership and support in other (non-information security) areas as needed.

      • Drive consistency and economies of scale in Division information security activities (10% of time):
      o Coordinate a centralized approach to regulatory compliance activities, within the framework established in the enterprise IS program
      o Facilitate a Division-wide program for IS communications and awareness training
      o Coordinate a Division approach to facility risk management decision-making, within the framework established in the enterprise IS program
      o Coordinate information security activities with vendors within the Division
      o Lead Division Information Security activities by leveraging existing IT division resources by coordinating work across all Division IT staff
      o Coordinate FISO and LSC assignments, training, and activities at facilities across the Division

      • Support and extend the reach of the HCA Information Security group (10% of time):
      o Serve as primary liaison and point of collaboration for HCA Information Security at the Division.
      o Manage division-wide implementation of HCA Information Security programs and objectives.
      o Coordinate troubleshooting of issues and questions with HCA Information Security.
      o Support and coordinate incident response activities involving facilities in the Division with HCA Information Security
      o Bridge the distance between the HCA information security group and facilities through collaboration, coordination, communication, and operating as part of each.
      • (In some divisions ) Manage Division security staff and operations (10% of time):
      o Manage and direct daily actions of Zone FISOs at the Division
      o Manage human resource and administrative activities for staff, including career development, training, and performance management.
      SUPERVISOR – Division CIO, with dotted line (indirect) reporting to the HCA Vice President and Chief Information Security Officer (CISO), within IT&S.

      SUPERVISES –
      • Manage Division security staff and operations
      • Manage and direct daily actions of the Division LSCs (security help desk)
      • Manage and direct daily actions of Zone FISOs at the Division

      Duties Include But Are Not Limited To:
      This individual is the bridge between the corporate , division, and facility levels for the implementation of Information Security in the Division, including—
      • Drive key elements in the HCA-wide information security program (30% of time)
      o Represent facility and division needs in strategic planning, budgeting, and work prioritization for the enterprise IS program
      o Drive prioritization of day-to-day activities in the IT&S information security department
      o Identify development in the IT&S IS department’s services and operations needed to resolve operational issues at facilities
      o Maximize value of shared tools and approaches to drive consistency across the company
      o Support the enterprise information security program in their division team and with their facilities.
      • Lead Division and facility level information security (20% of time):
      o Serve as advocate for information security in division and facility strategic planning
      o Work with Division leadership, Division IT&S, Facility leadership, HDISs, FISOs, LSCs, and Division and facility staff; as well as other DISOs and the IS department to drive the accomplishment of company information security goals
      o Provide leadership and coordination of compliance activities related to information security policies and standards, HIPAA Security activities, and Internal Audit issues in the Division
      o Lead risk management decision-making and processes involving each facility, within the framework established in the enterprise IS program
      o Lead and coordinate implementation of Information Security technologies and projects
      o Lead Division communications and actions relating to information security

      • Support the Division CIO and IT&S team (20% of time):
      o Lead the management and coordination of Division information security activities, in support of overall Division IT&S activities
      o Track and drive resolution of information security issues
      o Provide technical expertise to resolution of information security issues in the Division
      o Provide leadership and support in other (non-information security) areas as needed.

      • Drive consistency and economies of scale in Division information security activities (10% of time):
      o Coordinate a centralized approach to regulatory compliance activities, within the framework established in the enterprise IS program
      o Facilitate a Division-wide program for IS communications and awareness training
      o Coordinate a Division approach to facility risk management decision-making, within the framework established in the enterprise IS program
      o Coordinate information security activities with vendors within the Division
      o Lead Division Information Security activities by leveraging existing IT division resources by coordinating work across all Division IT staff
      o Coordinate FISO and LSC assignments, training, and activities at facilities across the Division

      • Support and extend the reach of the HCA Information Security group (10% of time):
      o Serve as primary liaison and point of collaboration for HCA Information Security at the Division.
      o Manage division-wide implementation of HCA Information Security programs and objectives.
      o Coordinate troubleshooting of issues and questions with HCA Information Security.
      o Support and coordinate incident response activities involving facilities in the Division with HCA Information Security
      o Bridge the distance between the HCA information security group and facilities through collaboration, coordination, communication, and operating as part of each.
      • (In some divisions ) Manage Division security staff and operations (10% of time):
      o Manage and direct daily actions of Zone FISOs at the Division
      o Manage human resource and administrative activities for staff, including career development, training, and performance management.
      Qualifications
      KNOWLEDGE, SKILLS & ABILITIES
      • Bachelor’s degree in IT, Health Information Management, or related field.
      • Six to ten years of related work experience in Information Security and/or IT focused Health Information Management
      • Knowledge of HIPAA Privacy/Security Regulations and Sarbanes-Oxley IT control standards.
      • Strong understanding of Information Security processes, technologies, and practices.
      • Hospital, Meditech System, HDIS, LSC, IT Audit, and project management experience desired.
      • Management experience desired.
      • Information Security Certification(s) with demonstrated work experience is preferred. Desired certifications include: CISSP, CISA, CISM, GSEC, GCIH, GCNT, GCFW, GCUX, GCIA.
      • Must possess excellent written and verbal communication, organization, decision-making, advanced problem solving, and presentation/training skills; as well as initiative, adaptability, and customer focus.
      • Must possess the ability to build positive team relationships with all levels of individuals at the facility/market/division; corporate level.

      EDUCATION
      • College Graduate Required
      • Bachelor’s degree in IT, Health Information Management, or related field.

      EXPERIENCE
      • More than 7 – 10 Years.
      • 1 – 3 Years Management work experience

      CERTIFICATE/LICENSE – N/A

      PHYSICAL DEMANDS/WORKING CONDITIONS - This position will primarily be light work requiring the ability to lift up to 50 pounds maximum with infrequent lifting and/or carrying of objects weighing up to 40 pounds. The ability to push or pull carts weighing up to 50 pounds is required. Occasional stooping, kneeling, reaching and fingering is required. Expressing or exchanging ideas by means of the spoken word is required. Perceiving the nature of sound by the ear required. The ability to see and obtain impressions through the eyes of shape, size, distance motions, or other characteristics of objects is required. This requires a seeing acuity of near : with clarity of vision at 20 inches or less, depth perception, four-way field or vision, sharp eye focus and ability to identify and distinguish colors. This job requires 75% sitting and 25% standing or walking.

      Must have a willingness to travel in the local region.