System Director Information Security Architecture

Description

Job Description

PeaceHealth is seeking a System Director Information Security Architecture in Vancouver, WA...

The System Director Information Security Architecture is Responsible for overseeing and enhancing the organization's information security strategy, policies, and programs. Tasked with ensuring the confidentiality, integrity, and availability of PeaceHealth's information assets across all systems and platforms. Leads the InfoSec teams, collaborating with various departments to assess risks, develop security protocols, and implement best practices in compliance with regulatory standards, including HIPAA and other applicable frameworks. Drives initiatives aimed at improving the organization's security posture, responding to emerging threats, and fostering a culture of security awareness and resilience amongst the organization. Develops and executes on comprehensive information security strategies, incident response management, secure architecture design, security audits, and assessments, as well as reporting on security metrics to executive leadership. The System Director will also engage in strategic planning to align security initiatives with business objectives, ensuring that PeaceHealth's mission of promoting health and wellness is supported by robust and resilient information systems.

Essential Functions

• Provides overall leadership and direction in the design, implementation, and oversight of a system-wide, comprehensive information security program. Establishes, maintains, and leads the development and adoption of Information security standards, best practices and measures in collaboration with our IT services team and other key leaders across PeaceHealth.
• Enhance and implement the enterprise security framework for people, process, and technology to ensure proper protection of all PeaceHealth digital assets. Leads enforcement of security program to drive compliance with security standards.
• Design and implement security architectures for cloud and hybrid environments to ensure secure deployment of systems across a variety of environments and embedded in IT projects, applications and system designs.
• Serves as an integral member of the Information Security Governance Committee and drives senior executive level engagement, support and decision making regarding key cybersecurity issues. At the direction of the SVP OI (Chair), prepares agenda and facilitates committee meetings.
• Provides leadership, vision and management for assigned staff. Analyzes resource requirements of the department, hiring, coaching and developing staff. In consultation and coordination with of the SVP, OI, prepares and manages the department budget, tracking expenditures, with budget authority as delegated for assigned areas.
• Facilitates the cyber risk management program to ensure capabilities of security program and controls are commensurate with risk to PeaceHealth mission and business objectives. Provides leadership, direction and guidance in assessing and evaluating information security risks and monitors compliance with security standards and appropriate policies.
• Prepares presentations for the SVP OI and the board to communicate the status of PeaceHealth’s information security program, including regular dashboard metrics for monitoring the success of the program, an analysis of cyber risks, and evaluation of opportunities for program enhancement. Oversees the development of a comprehensive program description and regular annual work plans.
• Leverages available threat intelligence and information sharing program to ensure timely identification, assessment, protections and response to burgeoning threats.
• Actively participates in the organizational Disaster Preparedness program as the primary advisor on cybersecurity matters. Ensures solutions, capabilities and costs are aligned with business objectives.
• Oversees the enterprise Cyber Incident Response program ensuring incidents are responded to in a coordinated, timely and effective fashion to reduce impact of such events. Engages stakeholders, partners, vendors, law enforcement and others as necessary to design and execute program.
• Oversees security awareness program to ensure proper engagement of all caregivers. Produces, executes and publishes an annual plan and metrics.
• Stays on the forefront of cyber tooling and understands the application of those tools to enable the cybersecurity programs in an efficient manner that serves in the best interest of PeaceHealth.
• Performs security risk assessments on systems throughout lifecycle. Scope of assessments to include supply chain, partners and vendors as appropriate. Conducts internal security and confidential information investigations and information usage security audits.
• Establishes annual and long-range security and compliance goals; and creates maturity models and a roadmap for continual program improvements.
• Demonstrated ability to manage a cyber program that effectively balances internal resources and external partners to manage risk to PH digital assets to ensure all PeaceHealth digital assets, regardless of location or management obligations, are protected in adherence with corporate policy.
• Performs other duties as assigned.
  
  

Qualifications

EDUCATION

• Bachelor's Degree Required: Information Systems, Computer Science or related field.
• Master's Degree Preferred: Computer Science or related field.
  
  

Required Experience

• Minimum of 10 years’ experience managing information system access, security and risk assessment.
• Information security experience in a healthcare setting.
• Experience in the use of on-line/real-time mid-range, server, or personal computers; and the applications, tools and equipment associated with their installation, modification and support.
• Preferred: Knowledge and experience of Health Level 7 (HL7), ANSO, other healthcare system standards, HIPAA, JCAHO or other healthcare regulatory compliance standards and clinical applications/technology.
• Preferred: Experience working in cybersecurity within large healthcare organizations that span a collection of clinics, hospitals, surgery centers, partners and affiliates.
  
  

CREDENTIALS

• Preferred Upon Hire: Certified Information Systems Security Professional or Certified Information Security Manager
  
  

Required Skills

• Excellent written, oral and presentation communication skills.
• Outstanding interpersonal and conflict resolution skills.
• Strong analytical and problem-solving skills.
• Collaborative leader with a demonstrated track record of working with all levels of management and across various functional organizations.
• Ability to manage complex matters and deal with highly sensitive issues and maintain confidentiality.
• Able to work independently and consultatively.
• Ability to exercise strong judgment in analyzing, appraising, evaluating and solving problems of a difficult procedural, organizational, administrative or technical nature.
  
  

The salary range for this job opening at PeaceHealth is $179,558 – $229,037. The hiring rate is dependent upon several factors, including but not limited to education, training, work experience, seniority, etc.

PeaceHealth is committed to the overall wellbeing of our caregivers: physical, emotional, financial, social, and spiritual. We offer a strong total rewards package. Benefits include 403b retirement plans with employer base and matching contributions, 457 plans, medical/dental/vision coverage, unlimited time off, employer-paid life and disability with buy-up options, wellness benefits and expanded EAP and mental health programs.

See How PeaceHealth Is Committed To

For full consideration of your skills and abilities, please attach a current resume with your application. EEO Affirmative Action Employer/Vets/Disabled in accordance with applicable local, state, or federal laws.

WORKING CONDITIONS

Lifting

• Consistently operates computer and other office equipment.
• Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects.
• Sedentary work.
  
  

Environmental Conditions

• Predominantly operates in an office environment.
  
  

Mental/Visual

• Ability to communicate and exchange accurate information.
• The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading.