Senior Director, IT Security

Job Type

Full-time

Description

Play an integral part in the development, implementation, and compliance of technical security across the enterprise. Responsible for developing the IT Security program and policies, managing risks related to information security, physical security, disaster recovery, crisis management, privacy, and compliance.

Core Security Activities

• Help maintain a successful information security program including establishing security standards, metrics, processes and procedures working with guidelines and requirements outlined/driven by HITRUST, HIPAA, NIST, SOX, etc.
• Lead internal security audits, external vendor audits and customer audits to ensure compliance with all relevant policies, procedures and regulations. Provide guidance, evaluation, and advocacy on audit responses.
• Evaluate and prioritize risk and act expeditiously in making decisions and recommendations, understanding the factors associated with decision-making in a technological environment as well as the varying needs and viewpoints of the enterprise.
• Investigate and coordinate responses to security incidents in conjunction with Compliance.
• Articulate budget requirements to address risks in a prioritized fashion
• Reports security performance against security metrics
• Coordinate risk management and incident response activities with compliance and legal as needed

Core Compliance Activities

• Primary IT liaison to Chief Compliance Officer and Legal Counsel for all IT related security and compliance activities.
• Complete and/or coordinate all IT related activity for Risk Assessment, OCR audits, or other HIPAA-required IT activity.
• Monitors and improves compliance with respect to Technology-related Administrative, Physical, and Technical Safeguards as outlined in HIPAA (hhs.gov/HIPAA).

Disaster Recovery and Business Continuity

• Together with the Chief Compliance Officer, Privacy Officer, and the SVP of Technology, create a risk-appropriate Disaster Recovery plan for the organization.
• Identify key applications for DR/BC, including Recovery Point Objectives (RPO), Recovery Time Objectives (RTO).
• Work across IT teams to institute an appropriate environment that meets business RPO, RTO objectives.

Business Communication

• Provide reports on a regular basis, including preparation of a quarterly security program report, and as directed or requested, keeps senior management informed of the operation and progress of security efforts. Ensure proper reporting of security violations as appropriate or required
• Creates an information security awareness program to ensure staff members across the organization understand the trade-off between risk and return
• Understands "voice of the customer" and develops mechanisms to proactively sense adoption and usage patterns of consumer technologies by end users so that policy can align with need
• Coordinates with technology and business groups to assess, implement, and monitor IT-related security risks/hazards

Requirements

• Bachelor's degree in computer science, information technology, or equivalent; Master's degree and/or Security-specific certifications preferred.
• Minimum 7 years' Information Security experience, with increasing levels of responsibility and oversight as a technical security professional.
• 5+ years working experience in the healthcare industry specifically in the areas of Security audit and operations.
• Must have participated in at least 1 end-to-end HiTrust certification process.
• 3+ years hands-on experience in assessing, implementing and managing technical security controls with in-depth knowledge on vulnerability management, security incident response, vendor risk management, identity and access management.
• 3+ years of experience in developing and maintaining IT Security policies, procedures, and guidelines.
• 3+ years' experience contributing to strategic security program planning, and resource allocation.
• CISSP, CISM or similar security certifications required.

The position is based in Nashville, TN and relocation is not available.

Our team members are our greatest asset. That's why you'll find that Contessa has built a culture around trust, open communication, and a unified desire to change the way healthcare is being delivered. It's important to us that you like your job, are motivated by the work you do every day and feel supported by leadership. Contessa offers a generous compensation and benefits package, a strong belief in a healthy work-life balance and great opportunities for career growth.