Executive Director IT Security & CISO
Facility: Valleywise Health Medical Center
Department: Office of the CIO
Schedule: Regular FT 40 Hours Per Week
Under the direction of the Senior Vice President (SVP) & Chief Information Officer (CIO), this position is responsible for the IT Security and Compliance functions for the organization. Responsible for developing, directing and maintaining an enterprise wide information security program to ensure that information assets are adequately protected. This position is responsible for directing the identification, evaluation and reporting on information security risks in a manner that meets industry compliance and regulatory requirements. Directly responsible for ensuring that each significant software deployment or release of our mission critical applications, including Epic and Centers of Medicare and Medicaid ("CMS") regulatory and Office of Civil Rights ("OCR") meets or exceeds the health care company's compliance requirements. Proactively work with the HIPAA Compliance Specialist, functional business areas to implement practices that meet defined policies and standards for information security and compliance arenas. Will serve as the process owner of all ongoing activities related to the availability, integrity and confidentiality of patients, customers, business partners, employees and clinical / business information, in compliance with the organization's information security policies.
- Requires a Masters' degree in Information Technology, Computer Science, Management Information Systems or related field; or an equivalent combination of training and progressively responsible experience that will result in the required specialized knowledge and abilities to perform the assigned work.
- Requires at least ten (10) years of progressively responsible experience in healthcare Information Systems software/system security and privacy that demonstrates a high level of understanding of the required knowledge, skills and abilities.
- Experience must include demonstrated leadership ability, preferably working as a Director IT or related management position in a healthcare setting.
- Advanced knowledge of the NIST Risk Management Framework and Cybersecurity Framework required.
- Preferred exposure to EMR (Epic preferred) in a large ambulatory and teaching hospital environment relative to HIPAA privacy compliance.
- Requires Certified Information Systems Security Professional (CISSP) certification. Certified Chief Information Security Officer (C|CISO) certification highly desirable.
Knowledge, Skills & Abilities:
- Requires a visionary leader with strong skills in both technology and healthcare business management.
- Must be an integrator of people and processes, a thought leader, a problem solver, an effective consultant and have advanced knowledge of information security best business practices and risk management frameworks.
- Requires a high level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
- Must have strong leadership, teambuilding, change management and motivational skills.
- Must be organizational savvy to understand differences across business areas and their unique requirements.
- Requires a high degree of initiative, dependability and ability to work with little supervision.
- Must have well-developed planning, organizational, and problem-solving skills.
- Must have analytical skills to handle complex issues requiring focus and systematic analysis.
- Requires excellent verbal and written communication skills with the ability to influence and manage conflict within and across organizations, functions and business areas.
- Must have highly developed business acumen with working knowledge/understanding of business processes.
- Must possess knowledge of security and control frameworks, such as NIST, ISO, CobiT, COSO,HITRUST CSF and ITIL.
- Requires the ability to read, write and speak effectively in English.