MS Dir IT Security

Profile

What You Will Do:
General Summary
Responsible for planning, coordinating, monitoring and implementing complex IT Security Programs, , as well as providing security governance and alignment of security resources in support of UMMS projects and programs, to meet organizational goals. Oversees and provides guidance to the staff responsible for UMMS projects and related workflows. Supervises activities of a small department, major projects, and several smaller projects. Manages project management workflows within the department. Makes recommendations on personnel actions (hiring, terminations and promotions). Controls expenses within an operating unit and responsible for meeting budget goals and objectives. Provides input and leadership on policy level direction regarding standards, budget constraints, and risks posed by project architectures and deliveries.
Principal Responsibilities and Tasks
The following statements are intended to describe the general nature and level of work being performed by people assigned to this classification. These are not to be construed as an exhaustive list of all job duties performed by personnel so classified.
Partner with clinical, administrative, and IS&T teams during project planning and execution to ensure reasonable and appropriate security control implementation in accordance with UMMS policy and/or applicable regulations including HIPAA and HIPAA Security Rule;
Partner with Manager IT Security Risk and Governance to ensure alignment between UMMS organizational risk management goals and project portfolio implementation plans;
Manage the operation, monitoring, maintenance, development, upgrade and support of information security applications and control systems.
Manage the deployment, implementation, and operational administration of network and computing devices/systems that enforce security policies and audit controls including Windows, UNIX, Cisco, and other environments.
Lead formulation of security architecture recommendations and design of security services and defensive controls.
Implement technical solutions to contractual and regulatory requirements supporting NIST Cybersecurity Framework, CIS 20 Critical Controls, HIPAA, and SOC-2 audit standards.
Lead assessment and corrective action planning in response to external audits, penetration tests, and vulnerability assessments.
Recommend and coordinate the implementation of fixes, security patches, and corrective actions in the event of a security incident/ or in response to Common Vulnerability Exposure (CVE) and other vulnerability notifications.
Research emerging technologies in support of security enhancement and development efforts.
Perform project leadership tasks on select security projects, manage engagements with Project Management Office (PMO)
Responsible for and oversees day-to-day tracking and follow-up on security issues and questions regarding IT Security project tasks and service requests.
Performs and coordinates application analysis and architectural risk analysis of new or different applications, processes, services, or changes.
Coordinates development of security application testing scripts and conversion plans. Participates in testing as required to ensure secure delivery without exposing UMMS to new vulnerabilities or threats.
Makes recommendations and provide alternatives with regards to various security-related development and support initiatives as a member of the IT Security leadership team.
Makes recommendations regarding the integration/relationship between and among organizational applications with Internet interdependency in partnership with IT Security team members.
Prepares written security documentation of appropriate types; application documentation, analytical reports, functional specifications, training manuals, status reports, and others as required.
Participates in and/or leads security projects, estimates costs, time frames, staffing requirements and prepares cost justifications for assigned project. Uses status reports for project oversight.
Validates the designing for each application assigned, under the control of the change management application and user development request.
Prepares, validates, and updates security specifications for Extranet, Cloud, and other externally-hosted information systems to ensure confidentiality, integrity, and availability of services and data to ensure UMMS policies and regulatory requirements are met.
Provide Information Services and Technology guidance and assistance to customer base and ensure process/policies are maintained in accordance with established UMMS standards.
Participates in change management responsibilities in partnership with Information Services & Technology leadership and team members.
Participates in Portfolio Management Office (PMO) processes and meetings, providing IT Security review and inputs to ensure compliance with UMMS policies and applicable regulatory requirements, as well as reasonable and appropriate risk management for new information systems and services and/or changes to existing infrastructure and services
What You Need to Be Successful:
Education and Experience
Bachelor's Degree in Information Security Technology, Health, Science, Business or an equivalent level of professional experience required. Master's Degree preferred.
Eight years progressively responsible experience in information technology, including one year performing application and/or programming analysis, or equivalent, such as business analysis, is required. Two years experience in managing projects and resources.
One or more industry certifications are required such as CISSP, HCSPP, CISM, CISA.
Three (3) years in a system administration role (e.g., Network, Windows).
Solid familiarity with application software, server/desktop operating systems, and network security.
Five (5) or more years' experience in IT security.
Experience working in a healthcare environment is preferred.
Knowledge, Skills and Abilities
Effective verbal and written communication skills are necessary to advise and consult with user personnel and make formal presentations of project findings and recommendations.
Excellent organization skills: demonstrates confidence, creativity.
Demonstrated leadership ability, effectiveness in supervising, evaluating, training, discipline and motivating management and technical staff successfully is required.
Demonstrates ability to maintain professional growth and business affiliations to keep abreast of technical advances.
High level of proficiency and demonstrated effectiveness in problem-solving and to implementing new programs related to increased departmental and organizational operating efficiency.
Highly effective oral and written communication skills are required to train and supervise employees, and to work closely with Senior Information Systems management, hospital administration, and end user personnel effectively.
Ability to understand and adhere to systems security and control procedures in accordance with departmental, vendor standards and regulatory bodies. Supervise, teach and monitor compliance.
Ability to organize and lead projects.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.

Company info

Sign Up Now - ProjectManagementCrossing.com