Information Security Director

Facility: Ardent Corporate OfficeRequired Education: Not SpecifiedJob Description:
Position Summary
Key responsibilities include assessment of information security exposures, installation and management of an enterprise information security program, the completion of compliance reviews, and coordination with investigations and audit of security breaches. Takes direction from the Security Governance committee and CIO. The Information Security Director is responsible for determining appropriate security measures, creating policies and procedures that support strategic, tactical and operational objectives on a cost-effective basis. Investigates and recommends secure solutions that implement information security policy and standards. Coordinates Office of Information Security activities and manages staff. Oversees, implements and monitors any special security requirements levied by government agencies in the performance of funded research, clinical trials and other activities.Primary Duties and Responsibilities
Validate and updated (as required) previous risk assessments, perform risk assessment and mitigation planning for new systems, facilities, vendors, etc. when they are added or proposed
Work with executive management, business owners, and resource owners to determine appropriate security policies, processes and procedures for securable resources.
Consult with technical staff to evaluate, select, install, and configure hardware and software systems that provide appropriate security functions.
Direct InfoSec team members in assisting resource owners and staff in understanding and responding to security audit failures reported by internal and external auditing departments.
Direct work by InfoSec team members with system administration staff to review operation logs and event console activity to determine causes of security-related events or to identify potential security-related events.
Manage and direct the execution of physical security programs and tools as assigned
Manage security project implementations and provide security expertise to non-security focused
Present information on security status, project status, and security training to audiences from top executive level to field staff as appropriate.
Consult with management to ensure selection and use of realistic enforcement mechanisms.
Research, evaluate, design, test, recommend, and plan implementation of new or improved information security software or devices.
Analyze new or enhanced software application or tool implementation for implications to existing security software and devices
Maintain technical reference library; develop technical information materials and workshops on these new areas for as appropriate.
Develop and implement information security educational programs, conducting awareness seminars and workshops as needed to deploy the Information Security program.
Train, evaluate and manage Local Security Coordinators (LSC’s) for each Ardent location/facility
Approve changes to Information Security assignments including LSC’s and application access approvers
Maintain Intranet site/pages with all public Information Security documentation (e.g. policies, procedures, training material, etc.)
Maintain and execute and Information Security measurement program (Key Performance Indicators) including adjustments to the KPI’s as needed, supervision and approval of the collection, and reporting to the Security Governance Committee and the CIO
Manages the Information Security Agreement signature program for all computer users
Oversees the investigation of security breaches
Monitor changes in the threat environment and technological advances, and recommends security program adjustments as needed
Monitor changes in legislative and accreditation standards that impact information security programs
Ensure organizational compliance with key government regulations including HIPAA and Sarbanes Oxley
Manage the budget and schedules for Ardent’s information security program
REQUIREMENTS
Education/Experience:
B.S. in a technical concentration and MBA (or equivalent work experience) required
4 years experience as a full time information security manager, or
8 years of experience with a broad range of exposure to all aspects of systems analysis and application development + 5 years of Information Security experience required.
Security certifications (i.e. CISM, CISSP) a plusAdditional Requirements:
Demonstrated information security program/personnel management skills
A working knowledge of all aspects of information security (including HIPAA and Sarbanes-Oxley requirements) is essential
Ability to apply this knowledge in a healthcare environment
Knowledge of systems software, operations, capacity management, large and mid-range computers, PC’s and client-server computing in a networked environment.
Demonstrated competency in strategic thinking with strong abilities in relationship management.
Successfully developed and implemented new technology.
Demonstrated competency in project management in a cross-functional environment and experience in managing resources to meet goals on multiple projects.
Demonstrated competency in developing effective solutions to diverse and complex business problems.Ardent is an EOE.