Deputy Chief Information Security Officer

Job Description:

The Intermountain (IH) Cybersecurity Program is broken into four distinct functions: Governance Risk and Compliance, Cyber Solutions, Cyber Advisory and the Cyber Fusion Center. Cybersecurity Caregivers within Intermountain will specialize in their specific area and function.

The AVP of Cybersecurity, also referred to as the Deputy Chief Information Security Officer (DCISO), is responsible to assist and advise the CISO in the creation and maintenance of organization-wide information security strategies and helps to oversee the execution of cybersecurity plans. The DCISO is responsible for the largest part of the IH Cybersecurity Program, specifically Cyber Solutions. This function is critical to the active defense, prevention and service delivery of the highly complicated Intermountain digital ecosystem. The Deputy CISO is responsible for educating and advising Intermountain's CISO on risk and all information security matters. The Deputy CISO is responsible to oversee the strategic operations of a group of cybersecurity Directors and teams and for the planning, executing, evaluation, and implementation of enterprise cybersecurity Infrastructure Protection, Identity Protection, and Data, Endpoint and Application Security Protection. The Deputy CISO is the second in line of management of the cybersecurity organization at Intermountain and assists the CISO in all duties assigned by the CISO, CDIO or CCO. The Deputy CISO is a visionary leader with a sound knowledge of healthcare, business management and a strong knowledge of cybersecurity practices and technologies.

The Deputy CISO ensures that the directors/managers/supervisors and their teams identify and adopt best cybersecurity practice standards and that they ensure that the activities associated with the cybersecurity functions are developed and supported. This includes but is not limited to project management, technical analysis and designs, security auditing and monitoring, remediation, etc. In the absence of the CISO, this person could be designated by the CISO and becomes the acting CISO. Finally, the Deputy CISO leads strategic planning and decision-making and adopts best practice standards that are in line with global cybersecurity and business strategies.

Essential Functions

• Serves as the Deputy CISO, acting as the #2 to the Chief Information Security Officer, helping to develop and recommends for approval Cybersecurity specific policies and procedures.
• Leads the development of strategic plans for Infrastructure Protection, Identity Progration, and Data, Endpoint and Application Security Protection cybersecurity functions. Ensures that the plan is in line with global cybersecurity and Intermountain strategies.
• Mentors and coaches' managers/supervisors and other team members and ensure that there is an adequate management succession plan in place. Builds a winning culture with a repeatable, process-based approach that recognizes the interdependence of all key stakeholders in the solutions delivery process.
• Provides strategic budget oversight for multiple department/function they are responsible for and holds management team accountable for operating within the set operating and capital budget.
• Anticipates business needs and plays a collaborative role in proposing information security capabilities in support of business strategic roadmaps and creating a supporting information security strategy
• Leads the development, implementation, and quality of cybersecurity services across the organization and ensures the services are consistently applied across all regions, markets, and functions of the organization
• Leads, collaborates, facilitates and evangelizes the cybersecurity program to the whole organization, across all regions, markets, and functions.
• Continuously challenges the status quo by evaluating the current regulatory requirements, processes and practices against industry standards both inside and outside of healthcare/healthcare cybersecurity
• Responsible and accountable to deliver results for the area(s) of assigned responsibility. Regularly communicates with staff and manages projects and daily operations to ensure timely delivery within budget and according to requirements. This includes goal setting, implementation and problem/issue resolution.
• Oversees the definition of cybersecurity standards and best practices (processes, tools, monitoring, etc.). Ensures that manager/supervisors ensure their teams are compliant with these standards and that the processes are repeatable.
• Defines and measures quality and productivity associated with the services provided within the cybersecurity function; while overseeing the management of scope, risk, issues and budgets; resolves issues escalated from directors/managers/supervisors and staff at any level. Also escalates issues when necessary.
• Attracts, develops and maintains top talent to continually raise the bar on the capabilities and deliverables of the organization.
• Develops and enhances an information security management framework based on industry accepted practices (e.g., ISO 27001, NIST, COBIT)
• Understands and interacts with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management.

Skills

• Communication
• Time management
• Accountability
• Reliability
• Professionalism
• Collaboration
• Critical thinking
• Problem solving
• Executive Leadership
• Project Management and Prioritization
• Budget Management
• Experienced in cybersecurity technologies and information systems

Physical Requirements:

Qualifications

Minimum Qualifications

• Bachelor’s degree through an accredited institution, with advanced cybersecurity certification(s), such as the CISSP, CISM, CISA or SANS 700+ Series, with strong experience in Cybersecurity Leadership.
• Leadership and effective communication skills, with a strong ability to analyze and problem resolution; while also being self-motivated and results driven.
• Superior ability to effectively prioritize and execute tasks in a high-pressure environment, with a strong focus on Customer/Client Services.
• Demonstrated effectiveness as a leader for staff management, development, and mentorship.
• Excellent written, verbal and presentation communication skills.

Preferred Qualifications

• Master’s degree through an accredited institution. A degree must be obtained through an accredited institution. Education is verified.
• Expert working experience with Security and Privacy regulations and the cybersecurity aspects of other regulations including HIPAA/HITECH, PCI DSS, SOX (MAR FRC), FRCP, JCAHO and JCAHO Alert 42, GLBA, State Breach, FERPA, and FCRA, etc.; with a background in Cybersecurity management, project management, and execution and delivery oversight, with attention to detail around metrics, accountability, and operational excellence
• ITIL certified.
• Proven experience in Information Systems, Security Technologies and Systems.
• Experience working in a healthcare or healthcare insurance environment.
• Project Management experience, with proven negotiation and influencing skills.
• Risk-based approach to implementing cybersecurity best practices and safeguards that support the mission of Intermountain Healthcare.

Additional Information

• This position can be performed remotely with expectations to be in-office for key meetings, rounding with team members and internal customers, and as-needed. Candidates who live in, or are willing to relocate to, Utah, Idaho, Nevada, Colorado, Wyoming, or Montana and are within a reasonable commuting distance to an Intermountain Health care site are preferred.​ Currently, we are not hiring remote workers in the following states: CA, CT, HI, IL, NY, RI, VT, and WA.
• This is an exempt, full-time position with an estimated pay range of $242,000-279,000 annually and as determined by prior years of relevant experience. 
  In addition to the annual salary, to show our commitment to you and assist with your transition,, we may offer a sign-on and relocation bonus when applicable. With this position, you are eligible to participate in the Annual Pay for Performance (AP4P) Plan. This plan enables Intermountain Health to provide leaders with an additional performance compensation opportunity. The AP4P award opportunities are calculated as a percentage of your base salary. Awards are paid out based on attainment of selected Board-approved goals. 

Physical Requirements

• Ongoing need for this leader to see and read information, documents, monitors, identify equipment and supplies, and be able to assess customer needs.
• Frequent interactions with providers, colleagues, customers, patients/clients, and visitors require this leader to verbally communicate as well as hear and understand spoken information, needs, and issues quickly and accurately.
• Manual dexterity of hands and fingers to manipulate complex and delicate equipment with precision and accuracy. This includes frequent computer use for typing, accessing needed information, etc.

Location:

Lake Park Building

Work City:

West Valley City

Work State:

Utah

Scheduled Weekly Hours:

40

The hourly range for this position is listed below. Actual hourly rate dependent upon experience. 

$102.53 - $158.26

We care about your well-being – mind, body, and spirit – which is why we provide our caregivers a generous benefits package that covers a wide range of programs to foster a sustainable culture of wellness that encompasses living healthy, happy, secure, connected, and engaged.

Learn more about our comprehensive benefits package here.

Intermountain Health is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

At Intermountain Health, we use the artificial intelligence ("AI") platform, HiredScore to improve your job application experience. HiredScore helps match your skills and experiences to the best jobs for you. While HiredScore assists in reviewing applications, all final decisions are made by Intermountain personnel to ensure fairness. We protect your privacy and follow strict data protection rules. Your information is safe and used only for recruitment. Thank you for considering a career with us and experiencing our AI-enhanced recruitment process.

All positions subject to close without notice.