VP, Chief Information Security Officer (CISO)
Company: Sentara Healthcare
Location: Virginia Beach
Posted on: June 24, 2022
|
|
|
Job Description:
Under the guidance of the Senior Vice President & Chief
Information Officer, the Vice President, Chief Information Security
Officer will provide the leadership for planning, developing,
directing, and operating an innovative, trusted, and reliable IT
Security Program to support Sentara in areas of confidentiality,
integrity, and availability of electronic institutional
information. Electronic information includes PHI, PII and
confidential intellectual property. The scope of infrastructure
includes EMRs and other institutional information systems, that may
be in local infrastructure, in public cloud, or in a hybrid model.
The organization has over 100,000 computing devices owned by
Sentara, and by vendors - with associated infrastructure
components. Along with providing security of Sentara's data, the
security program must be compliant with Sentara policies,
applicable laws and regulations, and multiple contractual
obligations requiring SOC 2 and/or HITRUST certifications. These
may include, but are not limited to HIPAA, PCI, and state privacy
laws for each of the 50 states.The position will be responsible for
the direction of staff and activities which is in support of
Sentara's strategic/operational direction of security resources and
business activities. Also responsible for developing annual
operating and capital budgets for all Sentara Security Programs.The
position works closely and collaboratively with the IT department
as well as other departments and internal Sentara groups- including
Legal, Compliance, Audit, Privacy, Risk Management, Brand
Engagement, and HR.The position will direct a team of IT security
professionals and analysts knowledgeable in clinical and business
activities to meet user information needs and the strategic goals
of the organization.The position will exercise substantial
discretion, independent judgment and decision-making authority to
design, prioritize, implement, and measure Security benchmarks and
metrics that will be reported up to the BOD level.The VP/CISO will
collaborate with other senior leadership departments to assess
risks, coordinate mitigation efforts, establish internal controls,
respond to incidents, and manage shared concerns. The VP/CISO
should demonstrate sound judgement and analysis of threat,
vulnerabilities, probability of exploitation, and business impact.
The VP/CISO will partner closely with the CIO, CTO and business
leaders to determine how incidents will be detected what
appropriate near and long term response and recovery scenarios may
be.The VP/CISO will have external responsibilities as well to
attend and represent Sentara at major IT and Security conferences
and events.The position has three direct reports: Director of
Enterprise Cyber Risk, Director of Enterprise Cyber Security, and
Director of Enterprise Identity Services. The total team make-up is
approximately 32 full-time positions, 8-10 part-time positions, and
outsourced services that are equivalent to approximately 20
full-time positions. will have leadership oversight for IT Security
Operations, Policy Development and Implementation, Vulnerability
Management, IT support for Audits and monitoring, Incident Response
and Handling, Education and Outreach and Reporting. Specifically -
These duties include: Management and Leadership Hiring, evaluating,
training, performance management, salary administration, staff
mentorship, development & retention. Participate and perform
continuous quality improvement activities in security. Review and
evaluate technology and incoming new vendors for future risks and
opportunities to improve IT Security. Oversee the security
requirements in system development life cycle, business continuity
planning and disaster recovery. Liaison with the enterprise
architecture review board to ensure alignment between the security
and enterprise architectures, thus coordinating the strategic
planning implicit in these architectures. Policy Development and
Implementation Implement Sentara information security policies,
standards, and procedures for Sentara core assets: including EMR
system, data warehouses, computing devices used for access to these
systems and for patient data collection, security systems used to
monitor these activities, and business systems, including those
supporting all administrative functions and business activities in
the Sentara healthcare system. Vulnerability Management
Continuously improve a VM program which includes: Automated
vulnerability scanning customized vulnerability assessment and
penetration testing. Create, communicate a risk-based process for
vendor risk management, including the assessment and treatment for
risks that may result from partners, consultants, and other service
providers. Provide strategic risk guidance for Sentara IT Projects,
including the evaluation and recommendation of technical controls.
In collaboration with Compliance, identify IT Service tools and
activities for managing the risks of electronic sharing of
information in medical records with patient and other providers. IT
Auditing and Monitoring Monitor the external threat environment for
emerging threats and advise relevant stakeholders on the
appropriate course of action. Provide audit response management and
ongoing guidance on solutions to achieve and maintain security
compliance, to mitigate information security risks and to correct
compliance exposures and gaps. Incident Response and Handling
Manage the timely response and investigation efforts for security
incidents, breaches, and forensics to meet all regulatory and
business requirements and minimize their impact. Ensure that
information security strategies and processes meet all regulatory
and business requirements so that the impacts of incidents are
minimized. Liaise with external agencies, such as law enforcement
and other advisory bodies as necessary to ensure that the
organization maintains strong security posture. Education and
Outreach Partner with IT department heads, Compliance, Legal,
Privacy and Audit groups to assess education and outreach needs,
develop related strategies, develop training content, and
lead/participate in outreach activities. Reporting Provide regular
reporting on the status of information security efforts to senior
IT Leadership and enterprise risk teams, senior business leaders
and as required to the CEO and BOD committees. Facilitate a metrics
and reporting framework to measure the efficiency and effectiveness
of the security program, facilitate appropriate resource
allocation, and increase the maturity of the security.The Vice
President, Chief Information Security Officer (VP/CISO) position is
an exceptional opportunity for a dynamic IT security leader to join
an innovative, progressive, multi-billion-dollar health system that
is experiencing tremendous growth through mergers and acquisitions.
As a financially successful organization, Sentara is an integrated
delivery system which includes 12 hospitals, a clinically
integrated network and a health plan.Sentara is supported by a
mission driven, team-based culture that is focused on quality,
efficiency, and service. The VP/CISO will have the opportunity to
make a significant impact and represent one of the top health
systems in the country on a national level regarding information
security.The VP/CISO will report to the Senior Vice President &
Chief Information Officer (CVP/CIO) and will serve as an active
member of the IT leadership team. Advancing information security is
continually one of the top goals of the Sentara Executive
Leadership Team, and a key area of focus for the Board of Directors
of Sentara Healthcare. As such, the VP/CISO is a critical hire and
will have broad exposure and support across the health system to
build out a robust information security environment.The VP/CISO is
a senior level position responsible for leading and managing
information security at Sentara Healthcare and majority owned
affiliates. This leader will fully evaluate the existing
environment and provide the leadership to sustain, strengthen and
adapt information security solutions to meet the needs of the
health system. An Information Security Oversight Committee, and the
Board Audit and Compliance Committee provide input and support to
the VP/CISO's strategy and success.Sentara Healthcare has invested
in IT and possesses a complex technology environment. The health
system has an integrated EMR with the Epic system live in both
inpatient and outpatient settings.. In addition to information
security and under the leadership of the CIO, the IT organization
will be focused on supporting enterprise digital solutions, data
analytics and preparation for significant growth through mergers
and affiliations.The ideal candidate for the VP/CISO position will
be a polished executive with a track record of success in
information security. The VP/CISO will be viewed as a trusted
advisor who is collaborative, transparent and solutions driven.
He/she will be able to build the business case and garner consensus
with leaders across Sentara. This position requires a strong leader
who can communicate effectively and develop trusting relationships
at all levels. The VP/CISO will have the ability to develop a plan
and execute in a large and growing health system.
Keywords: Sentara Healthcare, Virginia Beach , VP, Chief Information Security Officer (CISO), Executive , Virginia Beach, Virginia
|
Click
here to apply!
|
