This position is responsible for understanding and communicating the external threat paradigm to the Chief Information Security Officer (CISO) and executive leadership. The Senior Director will help establish Threat and Vulnerability Management Services, Data Protection practices, lead the strategy for Incident Management and Forensics, and serve as the deputy CISO for the enterprise.
Plans, develops and oversees threat and vulnerability identification, verification, and management services program. Establishes leading protocols for data protection practices, leverages forensic investigations and monitors the Banner environment for potential breach scenarios.
Manages information security leaders who are assigned to stand up the Threat and Vulnerability Management Services, Incident Management, Forensics and Data Protection practices, leverage specialized business and/or technical resources as appropriate, and mitigate issues as they arise.
Collaborates with business, third party and technology stakeholders to make enterprise technology purchasing decisions identify assets and processes for routine vulnerability scanning. Oversees vulnerability scanning activities using automated tools.
Evaluates new technologies and processes that enhance security capabilities.
Develops and implements structured processes to measure the effectiveness of vulnerability assessment and threat intelligence activities.
Oversees threat intelligence and coordinate communication to business and technology stakeholders. Regularly reviews, prepares, analyzes and presents metric reports to the CISO and executive management team. Develops and prepares reports for the Banner Board and may attend Banner Board meetings if needed.
Ensures service improvement by providing leadership to managers and staff that update processes and activities in response to feedback from customers, internal reviews, and assessments and the changing threat and vulnerability environment.
Develops and oversees the department budget in conjunction with corporate goals and objectives. This position is accountable for meeting annual budgetary goals. Identifies and prioritizes security program expenditures in coordination with Information Technology, Audit, Compliance, and Legal.
Requires a Bachelors degree in Computer Science, Information Systems, Engineering, Business Administration or a related field.
Depending upon assigned area of responsibility, position may require applicable certifications and/or licensures, including but not limited to: RN; MD or DO; Drivers License; Certified Healthcare Protection Administrator (CHPA); Certified Protection Professional (CPP); Chartered Property Casualty Underwriter (CPCU); Associate in Risk Management (ARM); CPA; SPHR; Registered Health Information Administrator (RHIA); Registered Health Information Technologist (RHIT); Certified Healthcare Facility Manager (CHFM); Certified Facility Manager (CFM); Certified Coding Specialist (CCS); Certified Professional Coder (CPC); JD from an American Bar Association accredited school; admission to a State Bar Association.
Requires proficiency level typically attained with 10 or more years of experience in information security experience in positions of increasing responsibility including 7 or more years of threat and vulnerability and incident management and 5 years of leadership experience. Demonstrated experience in implementing and managing core TVM, forensics and Data Protection systems and processes such as Security Incident and Event Management (SIEM), vulnerability scanners, endpoint security technologies (e.g., anti-virus), continuous monitoring, advanced malware identification (e.g., FireEye), DLP tools and forensic toolsets. Extensive experience configuring and utilizing security detection systems, logs and other sources of information to identify and address security events. Extensive knowledge of network and host-based security tools to include penetration testing and ethical hacking products. Extensive knowledge of system security vulnerabilities and remediation techniques. Strong understanding of the cyber kill chain and threat intelligence lifecycle. Experience with various incident ticketing systems. Understanding of complex networking technology including firewalls, VPN, routing, switching, load balancers, monitoring, security and DNS. Extensive experience with authoring, implementing and maintaining incident response plans. Strong understanding of cyber tactics and procedures to counter threats. Demonstrated awareness of the latest cybersecurity trends and developments. Experience strategizing with cross-functional business partners on information security solutions. Strong understanding of risk-based decision-making (i.e. risk analysis, mitigation, resolution, acceptance, etc.). Demonstrated organizational and leadership skills with the ability to lead, build, and develop a team of senior IT professionals through formal and informal reporting relationships. Demonstrated communication skills with the ability to build relationship and influence others to get results. Extensive knowledge in governance frameworks including: ISO 27001, NIST, COBIT, ITIL. Extensive knowledge in regulations and/or contractual obligations including: HIPAA, PCI, Sarbanes Oxley, GLBA, SOC /SSAE16.
Advanced Degree in Computer Science, Information Systems, Engineering, Business Administration, or a related field.Industry certifications: CISSP, CISA, CISM, CRISC, EAP, etc.
Additional related education and/or experience preferred.
Internal Number: 258912
About Banner Health
You want to change the health care industry – one life at a time. You belong here. You’re excited to be part of the dramatic changes happening in the health care field. In fact, you thrive on change. But you also understand that excellent, compassionate patient care is the true measure of the success of these changes. You belong at Banner Health. Our award-winning, comprehensive health system includes 23 hospitals in seven western states, primary care health centers, research centers, labs, a network of physician practices and much more. Throughout our system, skilled, compassionate professionals use the latest technology to change the way care is provided. If you’re looking to be a key contributor to a forward-looking organization, you’ll experience a wide variety of professional advantages: •Our vision for changing the future of health care gives you the opportunity to leverage your abilities to achieve something historic. •Our expansive system offers you an unmatched variety of clinical settings – from large urban trauma center to small rural hospital, ambulatory to home health. Our system also includes hospitals specializing in cancer, heart health and pediatrics. •Our many loc...ations also translate into a broad selection of exciting and rewarding lifestyle options – from the big city to the wide-open spaces. •Our commitment to healthcare innovation means you always have the latest technologies at your fingertips to help you provide the finest care possible. •The size, success and growth of our system provide you with the stability and options to pursue your desired career path. •Our competitive compensation and comprehensive benefits offer you options to complement your unique needs.