Corporate Director of Security and Resiliency
Orlando Health (OHi) is seeking a Corporate Director of IT Resiliency and Chief Information Security Officer (CISO) who will be responsible for the establishing and maintaining the vision, strategy and program to ensure information assets and technologies are adequately protected across the entire OHi organizations.
This position has direct leadership duties for Security leaders, IT Disaster Recovery, Major Incident Management and Business Continuity leaders who will be leading teams responsible for the development of security and business continuity policies and procedures, security architectures, operational support, regulatory compliance and major incident response. The CISO will interact at the executive level with third party organizations that provide services to Orlando Health to ensure the security and IT resiliency needs of OHI are being met.
Orlando Health is a $3.4 billion not-for-profit healthcare organization and a community-based network of hospitals, physician practices and outpatient care centers across Central Florida. The organization is home to the areas only Level One Trauma Centers for adults and pediatrics, and is a statutory teaching hospital system that offers both specialty and community hospitals. More than 2,900 physicians have privileges across the system, which is also one of the areas largest employers with more than 20,000 employees who serve more than 112,000 inpatients, more than 2.4 million outpatients, and more than 10,000 international patients each year. Additionally, Orlando Health provides more than $450 million in total value to the community in the form of charity care, community benefit programs and services, community building activities and more. Please visit Orlando Health www.orlandohealth.com for more information.
As a member of the office of the CIO (OCIO), collaborates and interacts with all OCIO council members regarding operational, financial, legal, program management, audit services and special project planning. In a matrix organizational manner, reports directly to the Orlando Health Chief Information Officer, and indirectly to the Chief Compliance and Ethics Officer, working in collaboration with the Chief Privacy Officer (CPO) and Corporate Manager of Emergency Preparedness to ensure the right audit and general controls, risk management and compliance independence are adhered to.
Bachelors Degree required.
Masters degree in Business (MBA), Healthcare Management (MHA), or other related field preferred.
Certified Information Systems Security Professional (CISSP),
Certified Information Systems Auditor (CISA),
Certified in Healthcare Security (CHS),
Certified Security Compliance Specialist (CSCS) required
Must have at least three (3) years of security leadership in a health care environment and seven (7) years of full-time experience in information systems security planning, auditing, design, testing, implementation and maintenance.
Working knowledge of information systems and related technologies such as data networking, end-user applications, data center operations, customer support, general IT controls and processes, server and PC hardware, operating systems, monitoring tools, encryption, and wireless networking is required.
Thorough knowledge of healthcare privacy and information security policies, procedures, regulations, and laws is required.
Develop Security Program. Provide leadership in the development and implementation of a complete information technology security program for Orlando Health. The security program will encompass the protection of data and technology assets internal to the Orlando Health enterprise as well as with third party services providers.
Polices and Procedure. Oversee the development, implementation and maintenance of policies and procedures across the organization to reduce information and information technology risk. Such policies and procedures will include security access and controls, data management, and incident handling and reporting.
Security Initiatives. Work with executives and governing bodies to prioritize security investments based on risk analysis. Oversee teams responsible for the delivery of approved initiatives
Security Test / Audit. Evaluate and improve the effectiveness of all implemented security measures and procedures. Leverage penetration and vulnerability testing and conduct internal audits.
Risk Assessments. Develop and implement a Risk Assessment Program which will define, identify and classify critical assets, assess threats and vulnerabilities regarding those assets and implement safeguard recommendations.
Audit Support. Provide support for external audits, including planning, review of findings, and assistance with remediation needs.
Incident Response. Ensure the development and implementation of Information Security and other IT related disasters that could impact business operations and an Incident Handling program, including a detailed Security, Disaster Recovery and Business Continuity Incident Response plan.
Forensics. Ensure that there are appropriately trained internal resources in the field of IT forensics, as well as aligned external forensics expert resources to leverage as needed.
Security Standards. Oversee the development of identification, authentication and access control standards balancing operational needs with regulatory requirements and data protection best practices.
Regulatory Compliance. Consistently keep aware of IT security regulatory requirements and changes impacting our organization. Ensure that the Security Program keeps Orlando Health in a compliant state. Monitor and report on compliance status.
Education / Security Awareness. In collaboration with the CPO, develop training materials and communications to educate all associates on matters of Information Security. Present to and update executive leadership on strategies, successes and challenges in the area of Information Security.
Education / Disaster Recovery (DR), Business Continuity and Business Impact Assessment (BCP/BIA). In collaboration with the IT Business Relationship Management, and business and clinical leaders and application owners, develop appropriate programs and related training materials and communications to educate all associates on matters DR/BCP/BIA. Present to and update executive leadership on strategies, successes and challenges in these areas.
Security Review of Proposed Solutions. Provide analysis of new business / application solutions during the development or acquisition process. Provide input to business / application decision makers related to security matters. Document risks for awareness and decision making. Assist with contracting processes for new solutions to ensure matters of security are adequately represented in contracts.
Operational Support. Develop and oversee teams that provide day to day security support including provisioning, patching, tool administration and project support.
Advise Leadership. Advise Orlando Health leadership regarding any legal, regulatory or accreditation compliance concerns identified as a result of advances in IT risk management practices or technologies.