Director Of Information Security

Job Summary:

The Director of Information Security is responsible for overseeing the company's information security strategy and implementation to ensure the protection of the organization's data and IT infrastructure. This role involves developing and enforcing security policies, managing security operations, leading incident response efforts, and performing duties typically associated with an IT Security Analyst. The ideal candidate will have a strong background in information security, risk management, and IT systems, with a proven ability to lead and inspire a security team. Expertise in Cisco technologies is essential for this role.

ESSENTIAL FUNCTIONS:

• Develop and Implement Security Policies:

• Design and enforce comprehensive security policies, standards, and procedures to protect the organization's digital assets.

• Ensure compliance with relevant laws, regulations, and industry standards.

• Risk Management:

• Conduct risk assessments and vulnerability assessments to identify security gaps and implement mitigation strategies.

• Monitor and evaluate emerging security threats and vulnerabilities and adjust security protocols as needed.

• Incident Response:

• Lead the incident response team in the event of a security breach or cyber-attack.

• Develop and maintain an incident response plan, including conducting regular drills and post-incident reviews.

• Security Operations:

• Oversee the management and monitoring of security systems, including firewalls, intrusion detection systems, and antivirus solutions.

• Ensure the effective implementation and management of security controls across the IT infrastructure.

• Cisco Technologies:

• Utilize advanced knowledge of Cisco technologies, including firewalls, routers, switches, and security appliances.

• Implement and manage Cisco security solutions such as Cisco ASA, Cisco Firepower, and Cisco Umbrella.

• Stay updated with the latest developments and best practices in Cisco security technologies.

• IT Security Analyst Responsibilities:

• Monitor network traffic for security events and anomalies.

• Investigate security incidents using various tools and techniques.

• Perform regular security audits and compliance checks.

• Develop and implement security training programs for staff.

• Maintain and update security documentation and procedures.

• Collaborate with IT teams to ensure secure deployment of systems and applications.

• Leadership and Team Management:

• Lead, mentor, and develop the information security team, fostering a culture of continuous improvement and professional growth.

• Collaborate with other departments to promote security awareness and best practices across the organization.

• Strategic Planning:

• Develop and execute a strategic information security plan aligned with the organization's goals and objectives.

• Provide regular updates to the executive team on the status of the information security program and relevant security issues.

ADDITIONAL RESPONSIBILITIES:

• As Assigned

KNOWLEDGE/SKILL/ABILITIES:

• Experience working in a large, complex organization with wide variety of IT systems and processes.

• Must have in depth knowledge of and experience with a broad variety of technologies, software and hardware systems including, but not limited to, Microsoft Windows Server and Microsoft Windows Workstation, Microsoft Windows operating systems, Linux, Microsoft Exchange Server, Microsoft SQL Server, Microsoft Office (including Word, Excel, PowerPoint, Access, SharePoint, and Outlook), understanding of server and workstation hardware, SCSI controllers, RAID controllers, VMware, ESX, vSphere, Windows Hyper-V, DNS, Active Directory, DHCP, storage area networks (SAN), database administration, and private/public cloud solutions.

• Should also have demonstrated experience working with information security management frameworks such as the National Institute of Standards and Technology (NIST) and Health Information Technology for Economic and Clinical Health Act (HITECH).

• In-depth knowledge of information security frameworks and best practices (e.g., ISO 27001, NIST).

• Strong analytical and problem-solving skills.

• Excellent communication and interpersonal skills.

• Ability to manage multiple projects and priorities in a fast-paced environment.

• Proficiency in Cisco security technologies and solutions.

AGE-RELATED COMPETENCIES: Demonstrates the basic knowledge and skills necessary to identify age-specific patient needs appropriate for this position.

Information Management: Treats all information and data within the scope of the position with appropriate confidentiality and security.

Risk Management/Quality Management/Safety: Cooperates fully in all Risk Management, Quality Management, and Safety Activities and Investigations.

MINIMUM POSITION QUALIFICATIONS:

• Education:

• Bachelor's degree in computer science, Information Technology, or a related field. Master's degree preferred.

• Experience:

• Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.

• Proven track record of managing and implementing information security programs and initiatives.

• Extensive experience with Cisco technologies and solutions.

• Certifications:

• Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CCNA Security (Cisco Certified Network Associate Security), CCNP Security (Cisco Certified Network Professional Security), or equivalent.

ENVIROMENTAL CONDITIONS: Work environment consists of daily patient contact, which may include exposure to blood, or other body fluids.

PHYSICAL REQUIREMENTS: Physical Demand Analysis attached.