Texas
Oregon
Illinois
New York
New Hampshire
Kansas
Florida
Posted: 18-Mar-23
Location: Altamonte Springs, Florida
Salary: Open
Categories:
Internal Number: 23005698
Description
All the benefits and perks you need for you and your family:
- Benefits from Day One
- Paid Days Off from Day One
- Student Loan Repayment Program
- Career Development
- Whole Person Wellbeing Resources
- Mental Health Resources and Support
Our promise to you:
Joining AdventHealth is about being part of something bigger. It’s about belonging to a community that believes in the wholeness of each person, and serves to uplift others in body, mind and spirit. AdventHealth is a place where you can thrive professionally, and grow spiritually, by Extending the Healing Ministry of Christ. Where you will be valued for who you are and the unique experiences you bring to our purpose-minded team. All while understanding that together we are even better.
Schedule: Full Time
The role you’ll contribute:
In this role, the Executive Director, Associate Chief Information Security Officer will collaborate with the CISO and the Information Security Directors in the development and implementation of the Enterprise-Wide Information Security and Compliance Program. They will assist the CISO in identifying, implementing, and maintaining all the required controls that are needed to ensure that the organization is compliant with all relevant laws and regulations, reduce IT risk to known and acceptable levels and ensure that AdventHealth can achieve and maintain certification for HITRUST and other frameworks deemed necessary for the organization.
They must communicate effectively with others to offer accurate and timely information and service reporting. Under minimal supervision of the CISO, the Executive Director, Associate Chief Information Security Office coaches, mentors and leads Information Security teams. This position will also provide strategic direction to technical security services including Security Architecture, Security Engineering, Vulnerability Management, and Information Protection to ensure these services are in alignment with the overall Information Security program.
This position demands an individual that excels in delivering high-quality results on a timely basis, good communication with project stakeholders, developing team members, and outstanding customer service that fosters positive relationships throughout the organization.
This individual must have a good understanding of Healthcare in the US including all applicable laws, regulations, and business needs, especially as they relate to a large provider organization like AdventHealth with IT operations in a hybrid of cloud and on-premises services.
The value you’ll bring to the team:
- Using industry standard frameworks such as FISMA, COBIT, ISO27001, HITRUST, NIST Cybersecurity, PCI etc. assist the CISO in developing and maintaining an Enterprise Information Security Program
- Provide strategic direction for Security Architecture, Security Engineering, Vulnerability Response and Information Protection teams
- Mentor, coach, and train members of the information security team, the broader information technology services team, and other technologists throughout AdventHealth
- Lead the team in the development and evolution of security roadmaps, execution of strategic plans, understanding controls and process gaps, providing architectural vision, and enabling the larger cyber security team
- Engage with and manage strategic vendor relationships related to Information Security products and services
- Ensure security and compliance needs are accounted for and appropriately prioritized as part of the acquisition process
- Manage large complex departmental budgets that are in excess of $20 million annually
- Analyze financials for providing direction and support, making recommendations, maximizing use of funds, and/or ensuring overall operations are within budget
- Evaluate the risk appetite of the organization and key stakeholders to ensure alignment with the Information Security program
- Help the CISO communicate and manage expectations across all levels of the organization.
- Collaborate with the various stakeholders, to develop relevant and comprehensive metrics including key performance indicators (KPIs) and key risk indicators (KRIs) that inform on organizational risk and progress towards goals
- Establish and/or maintain an information security strategy in alignment with organizational goals and objectives to guide the establishment and/or ongoing management of the Information Security Program
- Serve as subject matter expert in Information Security and brief highest levels of organization effectively
- Delivers a leadership role in providing network and system security advice and risk analysis to business units
KNOWLEDGE AND SKILLS REQUIRED:
- Extensive knowledge of Information Security Frameworks and applicable regulations i.e., HIPAA, HITECH, The HIPAA Omnibus Rule, HITRUST (Health Information Trust Alliance) and PCI (Payment Card Data Security Standard)
- Ability to translate control framework (e.g., HITRUST, PCI) requirements into understandable and actionable tasks
- Demonstrated ability to define and communicate the appropriate scope for PCI in a highly complex distributed healthcare environment
- Working knowledge of healthcare business objectives and strategies, including knowledge of federal and state regulatory requirements, legal issues, privacy, and compliance
- Possess strong technical understanding of enterprise security platforms including Security Information and Event Management (SIEM), Vulnerability Management, Data Loss Prevention (DLP) and Privileged Access Management (PAM), Endpoint Detection & Response (EDR) solutions
- Demonstrated knowledge of complex IT and Security operations in a hybrid cloud environment
- Ability to implement and assess configuration and hardening standards that can be applied in heterogenous environments.
- Experience providing strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls that mitigate identified risks
- Demonstrated ability to create and deliver presentations
- Demonstrated ability to design and implement metrics and reporting that demonstrate progress toward organizational goals
- Pragmatic understanding of security problems as a mix of technology and process issues with the ability to pursue solutions at both layers within the organization
- Project management skills
- Budget planning and management skills
- Demonstrated time management, communications, decision making and organization skills
- Demonstrated leadership skills and a proven team builder
- Must be a team-oriented, self-motivated professional
- Strong interpersonal skills with a positive and enthusiastic attitude
- The candidate must live in or around the Orlando area or must be willing to relocate to the Orlando area.
KNOWLEDGE AND SKILLS PREFERRED:
- Ability to influence management, key decision-makers, and highly technical resources
- Ability to interface effectively and collaborate with peers and management to develop solutions and ensure stakeholder buy-in
- Drive and capacity to continually expand knowledge base and apply findings to organizational mission
- Must communicate effectively with audiences having varied levels of technical knowledge and corporate position
EDUCATION AND EXPERIENCE REQUIRED:
- Bachelor of Science degree
- 20 years of Information Technology experience
- 15 years’ experience in a cyber security related role
- 10 years’ experience with a large complex healthcare organization i.e. in excess of $4 billion in annual revenues.
- 5-7 years of experience applying the PCI Data Security Standard in a highly complex distributed healthcare provider organization.
- 5 years of direct experience leading information security programs including Data Loss Prevention, Vulnerability Management and Privileged Access Management
- 5 Years of experience working as a Deputy CISO or as a CISO for a healthcare provider organization with revenues in excess of $4 billion.
- Demonstrated experience planning coordinating and facilitating remediation of findings from penetration tests and ethical hacking activities
- Experience leading high visibility/impact functions, including the development and implementation of enterprise programs and services
- Proven experience in assisting large healthcare organizations in developing HITRUST Information Security programs, in conducting HITRUST assessments and obtaining HITRUST certifications
EDUCATION AND EXPERIENCE PREFERRED:
- Master’s Degree in Cyber Security or Information Technology related field
- Experience with change management lifecycle, development and regular preparation of management status and key metrics reports
LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED:
- CISSP - Certified Information System Security Professional
- CCSFP (HITRUST) - Certified Common Security Framework Professional – Active or Previous
- ITIL Certification
