Job Opening: Director of Information Security
OB TITLE: Director of Information Security
REPORTS TO: Chief Information Officer
DEPARTMENT: Information Technology
JOB SUMMARY
The Director of Information Security will provide senior technical leadership, policy and corporate guidance for the company’s information and physical security program. This position will improve the stability and maintain continued growth of the company’s security infrastructure. Areas of responsibility include application security (claims/imaging), desktop/server/network/database security and user access security administration. The Information Security Director is responsible for developing, implementing and supporting the programs, policies, strategies and technologies to protect the company’s information and physical assets.
The Information Security Director will provide hands on technical guidance, lead project teams, develop comprehensive project plans and participate in IT planning initiatives to ensure adequate security protection measures are incorporated into IT strategic plans. Proven staff leadership skills, thorough documentation and presentation skills, analytical and critical thinking skills, and the ability to identify needs and take initiative are key requirements of the position.
Must be familiar with various industry security standards, concepts and best practices. Relies on technical skill, experience and judgment to plan and accomplish goals. Works autonomously with minimal supervision while implementing a high degree of creativity and resourcefulness.
ESSENTIAL DUTIES
· Security Architecture and Strategic Planning
· Partner with the Director of Infrastructure and VP of IT Business Operations in defining the appropriate architecture, technical requirements and strategies necessary to address infrastructure and application security needs for the organization.
· Maintain a broad and diverse knowledge and skill set with current state-of-the-art technology, equipment, and systems.
· Conducts research, monitors new product developments and makes recommendations regarding technologies which have the potential to benefit Information Security.
· Develop policies and procedures that conform to industry standards and best practices.
· Provide direction and guidance to staff, consultants, vendors and support personnel for implementing new information security controls and technologies.
· Establishes project priorities and coordinates the implementation of deliverables.
· Information Security Staff and Department Management
· Manage staff, supervise daily workload and provide direction regarding security projects, tasks and resolution of technical incidents as required.
· Assess and quickly resolve technical security vulnerabilities and problems related to the applications (document imaging, portal, employer CRM, customer service, HR and finance), infrastructure, network, desktop and telecom systems.
· Provide technical direction, consultation and training for information security staff and emergency after hours support as required in support of the business.
· Conduct performance reviews and provide employee mentoring and guidance as needed with minimal supervision to meet departmental strategic goals.
· Assists in the preparation of budgets and forecasts for area of responsibility.
· Project Management
· Lead projects, or delegate and supervise project leaders, for security initiatives involving the application and hardware systems.
· Work closely with other IT teams and key business areas to ensure information security requirements are defined, documented, tested and delivered on time and within budget.
· Independently develop detailed project plans and time estimates for Information Security project initiatives.
· Perform complex analytical tasks to assess risks and determine strategies required to resolve issues, correct technical security problems or mitigate risk.
· Implement standards based information security guidelines to conform with government regulations to provide a high level of policy, controls and training to the enterprise.
· Develop training and security awareness programs.
· Perform other duties and special projects as assigned.
· Manage vendor relationships in an effort to lower costs and improve service and support.
Required Knowledge, Skills and Abilities
· Must have strong background and hands on experience with applications and ancillary systems as they related to healthcare claims processing
· Must have a working knowledge of network switching and routing devices, various firewall products, Microsoft Active Directory/Exchange, Unix/Linux platforms and management tools and utilities.
· Strong and capable leader with seasoned technical background to mentor and guide organization and security team members to obtain maximum efficiency and performance
· Good organizational and project management skills. The ability to manage multiple projects, priorities and people while ensuring strategic focus is maintained in order to accomplish department goals and business objectives.
· Good presentation and interpersonal communication skills, both written and verbal.
· Ability to deal with a wide range of people including IT technical analysts and architects, IT Managers/Directors, business unit management, and senior executives.
· A highly motivated self-starter with “can do” attitude. Ability and willingness to work flexibly, under pressure and able to meet deadlines without prompting.
· A team player who understands how to build consensus and who has the ability to motivate and manage others, and ensure assigned tasks and deliverables are being accomplished, reported and completed.
· Ability to solve problems quickly and develop ways to automate processes.
QUALIFICATION STANDARDS
· Bachelor’s degree in technical, business, education or management discipline; or equivalent level of professional experience.
· A minimum of 2 or more years in a healthcare claims environment or related field with emphasis in application support and/or application development experience
· A minimum of 6 to 8 years of progressive experience working in Information Technology with at least 4 years of direct, hands on experience in systems security management, security administration, systems audit and/or security compliance.
· A minimum of 4 years experience conducting security assessments, technology reviews and application requirements analysis from a security design perspective. The ability to clearly document and present findings as well as improvement opportunities.
· CISSP (Certified Information Systems Security Practitioner), CISA (Certified Information Systems Auditor), CPP (Certified Protection Professional) or related security certification highly desired.
· A minimum of 2 years staff management, supervisor or team lead experience is required. Experience developing and mentoring junior staff, conducting performance reviews and developing staff training programs.
· Must have a detailed understanding of information security concepts, protocols, “industry best practices” and strategies. Experience with industry regulatory requirements and audit teams is required.
· Experience developing policies, procedures, standards and guidelines.
· Leadership, analytical, teamwork, organization and time management skills are critical. Must be focused, energetic, meet commitments, be willing to take ownership, have excellent judgment and integrity.
· Must have business experience, understand business drivers and be able to translate business needs into workable project plans.
PREFERRED QUALIFICATIONS
· Senior level healthcare application development or support experience with strong emphasis on application security controls.
· Familiarity with various versions of UNIX and Microsoft operating system security requirements, including auditing and security management and how each operating system interacts to provide security for applications which operate or execute on these host systems.
· PMP (Project Management Professional) certification, Six Sigma training, certification in other project management methodologies, or completion of a formal project management training program.