Deputy Chief Information Security Officer

If you are looking to make an impact on a meaningful scale, come join us as we embrace the Power of One!
 

We strive to be an employer of choice and establish a reputation for being a talent rich organization where Associates can grow their career caring for others. For over a century, we’ve served the health care needs of the people of Memphis and the Mid-South.
 

The Deputy Chief Information Security Officer (CISO) reports to the VP/CISO and is responsible for day-to-day operations to support and augment the VP/CISO's overall responsibilities. The Deputy CISO is an advanced role supporting the entire cybersecurity program. This role provides leadership, executive support, strategic and tactical guidance, and complete execution for a world-class cybersecurity program supporting enterprise security initiatives. The Deputy CISO supports and reports on strategic planning and execution of enterprise security systems, applications and operations. The Deputy CISO will lead an adaptable and secure business-supporting cybersecurity team, in addition to influencing and executing with technical team members such as software developers, system engineers, cybersecurity engineers and systems administrators. Models appropriate behavior as exemplified in MLH Mission, Vision and Values.

 

Working at MLH means carrying the mission forward of caring for our community and impacting the lives of patients in every way through compassion, a deliberate focus on service expectations and a consistent thriving for excellence.

A Brief Overview
The Deputy Chief Information Security Officer (CISO) reports to the VP/CISO and is responsible for day-to-day operations to support and augment the VP/CISO's overall responsibilities. The Deputy CISO is an advanced role supporting the entire cybersecurity program. This role provides leadership, executive support, strategic and tactical guidance, and complete execution for a world-class cybersecurity program supporting enterprise security initiatives. The Deputy CISO supports and reports on strategic planning and execution of enterprise security systems, applications and operations. The Deputy CISO will lead an adaptable and secure business-supporting cybersecurity team, in addition to influencing and executing with technical team members such as software developers, system engineers, cybersecurity engineers and systems administrators. Models appropriate behavior as exemplified in MLH Mission, Vision and Values.

What you will do

• Works closely with security leadership overseeing security operations, incident response, application security and infrastructure.
• Actively informed and engaged in daily security operations.
• Enforces a strong security culture, ensuring uniformity across security leadership, business units and Associates.
• Fosters strong relationships with internal business units and external entities to maintain a strong network.
• In tandem with the VP/CISO, manages the security budget and additional fiduciary responsibilities.
• Advises on enterprise-wide people, process and technology security recommendations.
• Maintains an up-to-date level of knowledge relating to security threats, vulnerabilities and mitigations set forth to reduce the corporate attack surface.
• Ensures security projects are delivered on time and within budget.
• Implements a continuous vulnerability assessment and exposure analysis process and aligns technical teams to address a timeline for remediation and validation across applications and infrastructure.
• Sponsors vendor and technology solution selection, as well as third-party consulting services as needed.
• Requires and supports independent verification and validation testing of the company networks and data protection through internal team resources and independent consulting engagements.
• In conjunction with security leadership, defines key performance indicators (KPIs) and metrics aligning with business initiatives and delivers to non-technical teams in terms that are readily comprehensible.
• Provides motivation to security teams and Associates to maximize rigorous system security controls.
• Removes complexities and obstacles that hinder efficient security controls enterprise-wide.
• Builds relationships with technical and compliance teams to deliver security-by-design controls that are incorporated into projects, architecture, infrastructure and applications.
• Works closely with operational risk, compliance, legal and audit teams.
• Stays abreast of new laws, regulations and standards, and assesses their impacts to the business.
• Verifies security content training initiatives, as well as internal and external communication are conducted regularly.
• Oversees testing and validation of security controls across projects.
• Openly supports the VP/CISO, management team and executive leadership, even during tumultuous times.

Education Qualifications

• Bachelor's Degree Information Systems
• Bachelor's Degree Business
• Bachelor's Degree Computer sciences
• Master's Degree Information Systems preferre
• Master's Degree Business preferred
• Master's Degree Computer sciences preferred

Experience Qualifications

• 5-7 years experience in risk management and information security fields required

Skills and Abilities

• Strong written and verbal communication skills across all levels of the organization.
• Ability to effectively manage stress in a constantly changing environment.
• Driven to build a strong, cohesive team and positive enterprise-wide security culture.
• Proven high level of integrity, trustworthiness and confidence, as well as ability to represent the company and security leadership with the highest level of professionalism.
• Strategic vision and ability to influence others.
• Strong project management and organizational skills.
• Ability to work effectively with diverse teams and varying personalities, and adapt management style to effectively reach and develop the team.
• Ability to gain and preserve credibility with the team through sustained industry knowledge.
• Ability to motivate the team to achieve excellence, while giving credit and recognition where it is due.

Licenses and Certifications

• Certified Information Systems Security Professional - International Information System Security Certification Consortium preferred
• Certified Information Security Manager - Information Systems Audit and Control Association preferred
• Certified in Healthcare Privacy & Security (CHPS) American Health Information Management Association preferred

Supervision Provided by this Position

• Manages Associates within the IS Security Team, contractors and vendors.

Physical Demands

• The physical activities of this position may include climbing, pushing, standing, hearing, walking, reaching, grasping, kneeling, stooping, and repetitive motion.
• Must have good balance and coordination.
• The physical requirements of this position are: light work - exerting up to 25 lbs. of force occasionally and/or up to 10 lbs. of force frequently.
• The Associate is required to have close visual acuity to perform an activity, such as preparing and analyzing data and figures; transcribing; viewing a computer terminal; or extensive reading.
• The conditions to which the Associate will be subject in this position: The Associate is not substantially exposed to adverse environmental conditions; job functions are typically performed under conditions such as those found in general office or administrative work.
• The Associate is subject to call back at all times.
• The Associate is required to travel occasionally.

Our Associates are passionate about what they do, the service they provide and the patients they serve. We value family, team and a Power of One culture that requires commitment to the highest standards of care and unity.

Education:

Bachelor's Degree: Business, Bachelor's Degree: Computer sciences, Bachelor's Degree: Information Systems (Required)

Work Experience:

Risk management

Certifications:

AHIMA Certified in Healthcare Privacy and Security - American Health Information Management Association, Certified Information Security Manager - Information Systems Audit and Control Association, Certified Information Systems Security Professional - International Information System Security Certification Consortium

Boasting one of the South's largest medical centers, Memphis blends a friendly community, a thriving and growing downtown, and a low cost of living. We see each day as a new opportunity to make a difference in the lives of the people in our community.