Senior Director - Deputy Chief Information Security Officer

City/State

Norfolk, VA

Overview

Work Shift

First (Days) (United States of America)

Sentara Health is recruiting a Deputy Chief Information Security Officer (Deputy CISO)! This remote role is for residents of the following states:

• Alabama, Delaware, Florida, Georgia, Idaho, Indiana, Kansas, Louisiana, Maine Maryland, Minnesota, Nebraska, Nevada, New Hampshire, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington (state), West Virginia, Wisconsin, Wyoming

The Deputy Chief Information Security Officer (Deputy CISO) will be a high-energy, driven, and results oriented leader responsible for overseeing and managing critical aspects of Sentara Health cyber security program. Reporting directly to the Chief Information Security Officer (CISO), role will play a key leadership role in ensuring the confidentiality, integrity, and availability of Sentara Health technology, digital, and information assets. Further, safeguard our organization's sensitive data, systems, and networks from cyber threats while ensuring compliance with regulatory requirements and industry best practices. This leader will bring a strong combination of technical expertise, strategic thinking, and effective communication skills. Deputy CISO must be highly knowledgeable about the business environment and ensure that Sentara Health technology, systems, and data are maintained in a fully functional, secure mode.

Key Responsibilities

Security Strategy and Planning:

• Assist the Office of CISO in developing and implementing the Sentara Health cyber security strategy, imperatives, and growth playbook.

• Collaborate with senior leadership and other stakeholders to align cyber security initiatives with business objectives.

• Engage in enhancing operational excellence, rigor, and cyber security program effectiveness.

Cyber Security Operations Management:

• Own and advance both strategically and tactically Sentara Health Security Operation Center (SOC).

• Oversee the day-to-day security operations, including monitoring, threat detection, and incident response activities.

• Ensure the effectiveness of security controls and technologies to mitigate emerging threats and vulnerabilities.

• Collaborate with internal teams and external partners to enhance security posture and response capabilities.

Incident Response:

• Lead and coordinate incident response efforts to promptly identify, contain, and mitigate security incidents.

• Develop and maintain incident response plans, procedures, and playbooks to streamline response efforts.

• Conduct post-incident reviews and analysis to identify root causes and implement corrective actions.

Business Resiliency:

• Establish a technology focused business resiliency strategy and program to ensure Sentara Health's ability to withstand and recover from disruptive events.

• Coordinate business resiliency testing and exercises to validate the effectiveness of plans and procedures.

• Partner with cross-functional teams to integrate resiliency requirements into business processes and systems.

Business Line Security (BISO):

• Own, operationalize, and evolve BISO model and playbook across provider, plan, & affiliates.

• Ensure BISO's are embedded within business, markets, and regions to drive integration by enabling compliance into the business for support/action, stakeholder engagement, generate voice and cyber needs for business and mitigate business risks, GTM activities, etc.

• Provide guidance and support to BISOs in implementing security best practices and ensuring compliance with policies and standards.

• Facilitate regular communication and collaboration between BISOs and central cyber security functions.

Cyber Council & Committees:

• Chair the Cyber Council governance body to provide oversight and guidance on strategic security initiatives.

• Engage with executive leadership and key stakeholders to communicate security risks, priorities, and progress.

• Drive alignment between security objectives and business goals through effective governance and decision-making.

Board and Performance Metrics:

• Prepare and present comprehensive security metrics and reports to the Board of Directors, executive leadership, and other stakeholders.

• Provide insights and analysis on security trends, threats, and performance metrics to support informed decision-making.

• Ensure transparency and accountability by tracking key performance indicators (KPIs) and benchmarks related to security posture.

Cyber Commercial Services:

• Lead commercial cyber strategy and portfolio of best-in-class cyber services & solutions for customer segments (JV's, HDO, etc.).

• Own cyber commercial initiatives to design, build & scale innovative revenue generating solutions & services.

Compliance and Regulatory Management:

• Monitor regulatory requirements and industry standards to ensure compliance with applicable laws and regulations.

Qualifications:

• Bachelor's or master's degree in computer science, Information Security, or a related field.

• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent certifications preferred.

• Extensive experience (15+ years) in information security, with a focus on security operations, risk management, and compliance.

• Proven leadership experience managing teams and driving cross-functional collaboration.

• Strong understanding of regulatory requirements, industry standards, and best practices related to information security.

• Excellent communication skills, with the ability to articulate complex security concepts to technical and non-technical audiences.

• Strategic thinker with the ability to translate business needs into effective security solutions.

• Demonstrated ability to thrive in a fast-paced, dynamic environment and adapt to evolving threats and challenges.

• Strong leadership and management skills, with the ability to build and lead high-performing security teams.

• Excellent communication and interpersonal skills, with the ability to effectively interact with stakeholders at all levels of the organization.

• Proven track record of driving security initiatives and achieving measurable results.

• Ability to work effectively in a fast-paced and dynamic environment, with a strong sense of urgency and attention to detail.

• Agile, LEAN or Six Sigma experience.

• #LI-AR1

Job Summary

The Deputy Chief Information Security Officer (Deputy CISO) will be a high-energy, driven, and results oriented leader responsible for overseeing and managing critical aspects of Sentara Health cyber security program. Reporting directly to the Chief Information Security Officer (CISO), role will play a key leadership role in ensuring the confidentiality, integrity, and availability of Sentara Health technology, digital, and information assets. Further, safeguard our organization's sensitive data, systems, and networks from cyber threats while ensuring compliance with regulatory requirements and industry best practices. This leader will bring a strong combination of technical expertise, strategic thinking, and effective communication skills. Deputy CISO must be highly knowledgeable about the business environment and ensure that Sentara Health technology, systems, and data are maintained in a fully functional, secure mode.

Qualifications:

BLD - Bachelor's Level Degree (Required)

Data Analysis, Healthcare Management, Large Scale Project Leadership

Skills

Active Learning, Active Learning, Active Listening, Communication, Complex Problem Solving, Coordination, Critical Thinking, Judgment and Decision Making, Leadership, Learning Strategies, Mathematics, Mgmt of Financial Resources, Mgmt of Material Resources, Mgmt of Staff Resources, Microsoft Excel, Microsoft Word, Monitoring, Persuasion, Project Management, Quality Control Analysis, Reading Comprehension, Science, Service Orientation, Social Perceptiveness, Speaking {+ 5 more}

Sentara Healthcare prides itself on the diversity and inclusiveness of its close to an almost 30,000-member workforce. Diversity, inclusion, and belonging is a guiding principle of the organization to ensure its workforce reflects the communities it serves.

Per Clinical Laboratory Improvement Amendments (CLIA), some clinical environments require proof of education; these regulations are posted at ecfr.gov for further information. In an effort to expedite this verification requirement, we encourage you to upload your diploma or transcript at time of application.

In support of our mission "to improve health every day," this is a tobacco-free environment.