Senior Director Information Security Operations
Cira Centre
Children's Hospital of Philadelphia
SHIFT:
Day (United States of America)Seeking Breakthrough Makers
Children’s Hospital of Philadelphia (CHOP) offers countless ways to change lives. Our diverse community of more than 20,000 Breakthrough Makers will inspire you to pursue passions, develop expertise, and drive innovation.
At CHOP, your experience is valued; your voice is heard; and your contributions make a difference for patients and families. Join us as we build on our promise to advance pediatric care—and your career.
CHOP’s Commitment to Diversity, Equity, and Inclusion
CHOP is committed to building an inclusive culture where employees feel a sense of belonging, connection, and community within their workplace. We are a team dedicated to fostering an environment that allows for all to be their authentic selves. We are focused on attracting, cultivating, and retaining diverse talent who can help us deliver on our mission to be a world leader in the advancement of healthcare for children.
We strongly encourage all candidates of diverse backgrounds and lived experiences to apply.
A Brief Overview
The Sr. Director Security Operations is a critical leadership position and reports directly to the Chief Information Security Officer. This position has operational and strategic responsibilites for the Information Security program and oversees the management of security operations services including (but not limited to): incident response, vulnerability management, threat hunting, and overall program development in the CHOP enterprise. A critical responsibility is the continuous evaluation of evolving threats and staying abreast of security technologies.
In conjunction with the CDIO, CISO and Deputy CISO, the Sr. Director of Security Operations acts as a security liaison between technology, business, research, and clinical verticals to advance security culture and achieve alignment for strategy and security posture.
This position maintains and evolves the Hospital's Information Security Operations Center and also supports Hospital and Research operations, including compliance with all applicable laws, regulations, and accreditation standards.
This position maintains and continuously evolves the program to support the protection of information assets and identifies, evaluates, and reports on IT related risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the IT risk posture of the Hospital. Additionally, this position is required to evaluate the program and operations center services regularly and adjust as needed for continuous improvement and security protections.
What you will do
Operational Oversight: Security Operations Center
• Direct the day-to-day responsibilities for the information security and operations teams.
• Direct security program and operations center planning, implementation, and ongoing metric analysis.
• Ensure appropriate work management of design and engineering offerings.
• Develop security standards and materials as needed.
• Verify/enforce security standards and best practices are maintained across the organization.
• Verify/enforce security problems are resolved in a timely and cost-effective manner.
• Utilize metrics to measure efficiency, service levels, and other key areas.
- Oversight of other security related services as needed (account administration, engineering, etc…)
Budget Management & Optimization
• Responsible for the budget of the security team, as well as key vendor relationship management crossing various areas within the security portfolio:
- Establishing budget(s).
• Defining services.
• Managing costs.
• Establishing productivity targets.
• Managing to targets.
•
Resource Management
• Establish a high-performing team and security operations center.
• Coach, develop, and mentor team members within and outside the organization.
• Recruit and develop staff.
• Prioritize and align resources.
• Responsible for managing a portfolio of key vendors and contracts for the Technology Services organization.
•
Strategic Planning
• Provide strategic and tactical direction for security program.
• Develop and maintain service catalog for the Security Operations Center, incident response, and vulnerability management.
• Partner with the other Directors to plan lifecycle of security tools and processes.
• Understand industry direction and position CHOP optimally.
• Keep abreast of advances and changes in the field and when appropriate, adopt innovations that lead to improvement and increased efficiency of CHOP's operations.
• Plan jointly to deliver the security program and SOC (within IS, includes Core Infrastructure, Security, Business Operations, Project Management Office, Support Services, Business Applications, and Clinical Applications).
Process Participation/Ownership
• Develop process, procedures, and framework for the Security Operations Center, incident response, and vulnerability management.
• Establish requirements, document process, and manager user relationship in development process.
• Adhere to Digital and Technology Services policies and procedures (including incident, problem, and change management).
• Contribute to work plans involving Technology Services.
• Contribute to communication strategies for the department.
Standards Management
• Establish standards with security and operations.
• Enforce established standards.
• Establish metrics and performance indicators to measure service levels of both technology and processes.
• Measure service levels.
• Manage key service providers to service levels and performance on delivered services.
• Meet or exceed SLAs.
• Maintain ISSC Committee format, attendees, agenda, and meetings. Including input and output.
This department works approximately 80% remotely, 20% on site in our Philadelphia offices on an as-needed basis.
Education Qualifications
- Bachelor's Degree Required
- Master's Degree Preferred
Experience Qualifications
- At least ten (10) years experience in a combination of Information Security, Risk Management, or Information Technology, or industry focusing on control environment Required and
- At least five (5) years in a leadership role. Required and
- Experience in managing security, operations and technology teams. Required
- Security operations center development and management Preferred and
- Healthcare environment, changes and emerging trends in Healthcare industry, and understanding of Healthcare applications, systems and processes a plus. Preferred
Skills and Abilities
- Demonstrated security operations, standards, and technology life cycle knowledge and experience.
- Knowledge and high proficiency in relevant legal and regulatory requirements, including but not limited to, Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) Act, Payment Card Industry Data Security Standards (PCI DSS), Federal Information Security Management(FISMA).
- Knowledge and high proficiency with various security frameworks.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
- Information Security Requirements:
- Understand and comply with all enterprise and IS departmental information security policies, procedures and standards.
- Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store CHOP information.
- Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information.
Licenses and Certifications
- Certified Information Systems Security Professional (CISSP) - (ISC)² - upon hire - Required or
- Certified Information Security Manager (CISM) - Information Systems Audit and Control Association (ISACA) - upon hire - Required or
- Certified in Risk and Information Systems Control (CRISC) - Information Systems Audit and Control Association (ISACA) - upon hire - Required or
- HealthCare Information Security and Privacy Practitioner (HCISPP) - (ISC)² - upon hire - Required
To carry out its mission, CHOP is committed to supporting the health of our patients, families, workforce, and global community. As a condition of employment, CHOP employees who work in patient care buildings or who have patient facing responsibilities must be fully vaccinated against COVID-19 and receive an annual influenza vaccine. Learn more.
Employees may request exemptions for valid religious and medical reasons. Start dates may be delayed until candidates are immunized or exemption requests are reviewed.
EEO / VEVRAA Federal Contractor | Tobacco Statement
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CISM CISO CISSP Compliance CRISC FISMA HIPAA Incident response ISACA PCI DSS Privacy Risk management SLAs SOC Strategy Vulnerability management
Perks/benefits: Career development Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.