Director, Information Security

Our culture and people are what set us apart from other post-acute care providers. We’re dedicated to the growth and development of our team to set them up for success. We CARE for our patients like they are our own FAMILY.

Note: The Centers for Medicare & Medicaid Services (CMS), in collaboration with the Centers for Disease Control and Prevention (CDC), require COVID-19 vaccinations for all Medicare and Medicaid certified providers. Based on this regulation, all of our employees must be fully vaccinated or have a valid exemption.

The Director of Information Security is responsible for developing the companywide Information Security Program and implementing this program to ensure the safety and security of our rich data assets in support of our world class operation that serves patients in the post-acute care space. This position oversees the monitoring of all cyber/internal threats and instituting controls/technologies to minimize these threats for the safe and continuous operation of the business. The Director of Information Security will take appropriate preventive measures towards identifying, developing, implementing, and maintaining polices, processes and operating procedures across the enterprise to reduce the information security and information technology risks to the business. The Director of Information Security will partner with the Executive, Operational, Compliance, Agency and IT leaders to ensure robust privacy and security of all the medical records, IP and other data assets/information.

KEY RESPONSIBILITIES:

• Implements the InfoSec vision, strategy and programs established by the CIO while ensuring that the information services and information technology assets are protected

• Collaborates with the CIO to ensure the security, high performance and up-time of all corporate networks, applications, servers, workstations, peripherals, and mobile devices in AWS and Azure

• Develops and maintains IT security strategic and tactical plans to ensure compliance with various regulations incusing HIPPA, HITRUST, SOC2 and other standards like NIST

• Creates a compelling Information Security roadmap and then executes on it in well thought-out chunks. Develops a game plan for optimizing the current InfoSec environment by determining how best to build upon the existing polices, controls and technology capabilities

• Establishes appropriate InfoSec standards and controls and directs the establishment and implementation of all required InfoSec policies and procedures, InfoSec standards and systems

• Leads the information security programs to protect the networks, workstations, peripherals, mobile devises, end points and our Cloud Infrastructure

• Recommends Information security policies, controls and cyber incident response plans.

• Develops and with support from other IT leaders maintains the identity and access management controls. Approves identity and access management policies.

• Establishes, maintains, evaluates and tests ASHN Disaster Recovery and Business Continuity Plan(s)

• Partners with IT leaders to ensure that proper physical, technical and administrative security protocols are implemented and enforced to prevent data loss to ensure compliance with HIPAA and other regulations regarding safety of electronic data at rest and in motion

• Manage relationships with clients, partners and stakeholders for InfoSec and DR/BCP projects

• Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities

• Maintain a current understanding the IT threat landscape for the healthcare industry and ensure compliance with the changing laws and applicable regulations. Translates that knowledge to identification of risks and actionable plans to protect the business

• Communicate best practices and risks to all parts of the business or outside of IT as required.

• Ensures that cyber security policies and procedures are communicated to all personnel

• Engage with senior stakeholders and external providers to develop and agree on key InfoSec department projects, budgets, timelines, and deliverables

• Responsible for delivery and oversight of InfoSec projects, budgets and risk management

• Manage all employees, contractors, and vendors within the IT information security team

• Negotiate InfoSec contracts, including setting operating performance standards and administers contracts to ensure compliance with operating performance standards

MANAGEMENT RESPONSIBILITIES:

• Managing the daily operation and implementation of the IT security roadmap

• Conducting a continuous assessment of IT security practices and systems towards improvement

• Leading annual, quarterly or other recurring information security audits and risk assessments

• Delivering new information security approaches and implementing next generation solutions

• Ensuring IT / IS security compliance and governance

• Instituting controls and technologies that safeguard ASHN intellectual property

• Devising strategies and implementing IT solutions to prevent/minimize the risk of cyber-attacks

• Interviewing, hiring, training and termination of department personnel as required

• Works with direct reports to ensure employee satisfaction and resolution of issues/concerns

• Projects the number, type, and use of personnel for current/future needs of the department

• Fosters a culture to mirror ASHN’s processes, policies and culture of excellence, integrity, employee engagement, and continuous improvement

QUALIFICATIONS:

• 12-15 years of demonstrated technical experience in IT overseeing all aspects of an Information Security program including physical and cyber security, policies and controls internal audits, business continuity planning, disaster recovery planning and security standards compliance

• Prior experience in IT/IS systems hardening and defending against outsider / insider threats and data exfiltration, advanced persistent bad actor threats, advanced malware vulnerabilities / vectors, incidence response, vulnerability assessments, penetration testing and digital forensics

• 5-7 years of experience leading InfoSec teams and managing technical SMEs

• 3-5 years of hands-on experience with InfoSec controls and technologies to securing structured and unstructured data in a healthcare environment

• 2-4 years of experience leading InfoSec compliance initiatives with HITRUST, HIPPA and SOC2

EDUCATION AND CREDENTIALS:

• Bachelor’s Degree in Management Information Systems, Computer Science, Engineering or Math/Statistics. Graduate degree is highly preferred

We’ll help you put your passion for patient care to work. Apply today!

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities and activities may change or new ones may be assigned at any time with or without notice.

We are an Equal Opportunity Employer.