Demo
Salary Resume Critique Job Openings

Director of IT Security and Audit

Johns Hopkins Health Plans
Hanover, MD Full Time
POSTED ON 1/9/2025
AVAILABLE BEFORE 4/2/2025

Job Responsibilities :

Reporting to the VP of IT & Chief Information Officer (CIO), the Director, IT Security and Audit (Chief Information Security Officer, or CISO) is the senior-most IT Security leader in the organization. This position is a key part of the IT leadership team, responsible for overseeing the IT Security and Audit function for the organization. The Director & CISO is responsible for ensuring the confidentiality, integrity, and availability of all information assets, and for implementing robust security measures to protect against cyber threats. The Director & CISO applies a deep understanding of the healthcare industry, regulatory requirements (including government-sponsored lines of business), and the evolving landscape of cybersecurity to the development, implementation, and maintenance of JHHP’s comprehensive information security strategy that is aligned with business goals and regulatory requirements.

Key responsibilities include :

  • Lead and manage the information security team, providing strategic direction, mentorship, and support to ensure high performance and professional growth.
  • Oversee the development and enforcement of security policies, procedures, and standards to protect sensitive information and maintain regulatory compliance (e.g., HIPAA, HITRUST, CMMC, NIST-800-171, SOC 2 Type 2, etc.).
  • Conduct risk assessments and vulnerability analyses to identify potential security threats and develop mitigation plans.
  • Lead modern security initiatives and technologies (Security Architecture
  • Zero Trust Model
  • Cloud Security Maturity Model
  • Vulnerability Management Maturity Model
  • Security Awareness Maturity Model
  • Negotiation Strategies)
  • Implement and manage security technologies and solutions, including firewalls, intrusion detection systems, encryption, and identity and access management systems.
  • Grow IT Audit management function to ensure wider coverage.
  • Implement strong vendor security oversight model for ongoing coverage.
  • Monitor and respond to security incidents and breaches, conducting thorough investigations and implementing corrective actions.
  • Collaborate with cross-functional teams, including IT, legal, compliance, and operations, to ensure a holistic approach to information security.
  • Educate and train employees on security best practices and emerging threats to foster a culture of security awareness.
  • Stay current with industry trends, emerging threats, and best practices in information security and healthcare regulations.
  • Develop and maintain relationships with external partners, including law enforcement, regulatory bodies, and cybersecurity vendors.
  • Report regularly to executive leadership and the board of directors on the status of the information security program and key initiatives. Chair the Cybersecurity Governance Committee.
  • Collaborate with compliance and privacy organization to ensure consistent policies and enforcement.
  • Collaborate with business leaders on the development and regular testing of the organization business continuity plan.
  • Drive mock DR exercises to ensure organizational readiness.

Qualifications :

  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field required. Master’s degree preferred.
  • 10 years of experience in information security, with at least 5 years in a leadership role, preferably in the healthcare industry. Prior experience working with CMS, Defense Health Agency (DHA) is a plus. Strong security architecture background with experience building and driving a cybersecurity strategy and framework, with initiatives to secure the organization's cyber and technology assets. Proven experience in developing and implementing information security strategies and programs. Experience with incident response and crisis management.
  • Professional certifications such as CISSP, CISM, CISA, or CRISC are highly desirable
  • In-depth knowledge of healthcare regulations and standards (e.g., HIPAA, NIST 800-171, CMMC, HITRUST, SOC2) and their impact on information security. Understanding of security requirements for government sponsored healthcare programs is a plus. Strong understanding of risk management, threat analysis, and vulnerability assessment methodologies.
  • Proficiency in security technologies and solutions, including firewalls, intrusion detection systems, encryption, and identity and access management. Excellent communication and interpersonal skills, with the ability to build relationships and influence stakeholders at all levels. Ability to negotiate and manage external relationships with contracting firms, application developers, third-party vendors.
  • Requires strong analytical & problem-solving ability to assess, prioritize, & solve complex technical problems. Requires strong supervisory skills to plan & direct the work of a diverse research staff. Must be able to converse fluently in both business & technical terms.

    • If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
    Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

    What is the career path for a Director of IT Security and Audit?

    Sign up to receive alerts about other jobs on the Director of IT Security and Audit career path by checking the boxes next to the positions that interest you.
    Income Estimation: 
    $194,072 - $240,547
    Income Estimation: 
    $220,784 - $286,649
    Income Estimation: 
    $194,072 - $240,547
    Income Estimation: 
    $220,784 - $286,649
    Income Estimation: 
    $135,994 - $168,063
    Income Estimation: 
    $220,784 - $286,649
    Income Estimation: 
    $270,069 - $359,305
    Income Estimation: 
    $328,229 - $449,590
    Income Estimation: 
    $152,549 - $188,894
    Income Estimation: 
    $194,072 - $240,547
    Income Estimation: 
    $135,994 - $168,063
    Income Estimation: 
    $161,209 - $233,553
    Employees: Get a Salary Increase
    View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

    Job openings at Johns Hopkins Health Plans

    Clinical Quality Assurance Nurse Analyst
    Johns Hopkins Health Plans
    Hired Organization Address Hanover, MD Full Time
    Johns Hopkins Health Plans is a leader in provider-sponsored health plans. If you are interested in improving how health...
    Appeals and Health Benefit Analyst I
    Johns Hopkins Health Plans
    Hired Organization Address Hanover, MD Full Time
    Requisition #:645874 Location:Johns Hopkins Health Plans, Hanover, MD 21076 Category:Non-Clinical Professional Schedule:...
    Director of Managed Care Sales
    Johns Hopkins Health Plans
    Hired Organization Address Hanover, MD Full Time
    Job Responsibilities : Reporting to the Executive Director, Sales and Marketing, the Director, Sales is a pivotal leader...
    View More Jobs at Johns Hopkins Health Plans

    Not the job you're looking for? Here are some other Director of IT Security and Audit jobs in the Hanover, MD area that may be a better fit.

    Director IT Audit

    Highmark Health, Annapolis, MD

    MDL IT Assistant Director (IT Security Engineer)

    State of Maryland, Baltimore, MD

    View More Jobs

    AI Assistant is available now!

    Feel free to start your new journey!