IT Cybersecurity Associate Director

Primary City/State:

Phoenix, Arizona

Department Name:

IT Incident Mgmt & Forensics

Work Shift:

Day

Job Category:

Information Technology

Help lead health care into the future. Make real change in health care with the freedom to innovate and highly trained staff to execute your vision. Apply today to join the Banner Health leadership team.  

The Cyber Security Operations Center (CSOC) is responsible for monitoring and responding to cyber security threats targeting Banner Health and their patients.  The Red Team Engineering Manager is responsible for leading Red Team efforts as part of the CSOC's strategic plan.

As the Red Team Associate Director, you will be on the frontlines of this effort, performing the work and leading others as part of our Cyber Operations team. Daily responsibilities include conducting comprehensive security assessments, penetration tests, and extended threat actor emulations. By employing real-world tactics, techniques, and procedures, the aim is to target systems and users to uncover threats and vulnerabilities in Banners’ business processes and technical controls.  Through documented and repeatable processes, you will identify specific attack vectors ahead of the malicious actors and remediate them prior to exploit.  The location for this role will be remote, with occasional travel up to 10%.  
 

What You’ll Do:
•    Lead and conduct penetration tests (network, application, mobile) and threat analysis.
•    Coordinate vendor-led penetration testing.
•    Facilitate secure design reviews (threat modeling).
•    Assess adherence to firm policies and standards, providing oversight and challenge.
•    Write clear assessment reports for technical and executive audiences.
•    Coordinate test findings with relevant technology, security, and business groups.
•    Analyze trends in security assessment findings.
•    Perform remediation testing and provide evidence of results.
•    Prepare reports for management and risk committees.
•    Stay proficient in network and application exploitation, tools, and trends.
•    Participate in strategic planning to enhance Cyber Resilience.
•    Provides technical expertise and support to penetration testers and the greater CSOC team.
•    Define management reporting requirements and metrics.
 

What You Have:
•    3 years of penetration testing experience.
•    Knowledge of adversarial tactics, techniques, and procedures (TTPs) and MITRE ATT&CK® framework
•    Experience with penetration testing tools, manual testing, and vulnerability analysis.
•    Proficiency with multiple OS (Windows, Linux, Mac OSX, iOS, Android).
•    Experience with scripting languages and various programming languages (C/C++, Python, Java).
•    Familiarity with OWASP Top-10
•    Ability to communicate findings and control issues to executive and business leadership.
•    Preferred certifications: OSCP, OSWE, GPEN
•    BS in Computer Science or equivalent experience.

The typical schedule for this role is Monday-Friday 8AM-5PM with limited schedule flexibility and on-call rotation.

The location for this role will be hybrid/remote, with occasional travel up to 10%.  

Within Banner Health Corporate, you will have the opportunity to apply your unique experience and expertise in support of a nationally-recognized healthcare leader. We offer stimulating and rewarding careers in a wide array of disciplines. Whether your background is in Human Resources, Finance, Information Technology, Legal, Managed Care Programs or Public Relations, you'll find many options for contributing to our award-winning patient care.

POSITION SUMMARY
This position is responsible for planning, organizing and day to day management of cybersecurity systems, applications, projects and professionals. Incumbent participates in the development and implementation of cybersecurity strategies to achieve desired outcomes. Responsibilities also include participation in the management of the cybersecurity financial plans, budgets, performance, and other operational activities for Banner Health’s Cybersecurity organization. This position is responsible for the operational oversight of a functional team, including direct HR management responsibilities, within Banner Health. The Incumbent is expected to work with management across diverse areas and multiple states to effectively and efficiently operate the Cybersecurity Department and partner with other parts of Banner’s organization.

CORE FUNCTIONS
1. Establish priorities, workloads, controls and work procedures, as well as determine resourcing needs. Hire, train, conduct performance evaluations, and supervises the workflow for designated staff. This includes initiating promotions, transfers, disciplinary actions and development planning and management.

2. Lead and manage teams to deliver business outcomes, manage quality of delivered services, and mentor Cybersecurity team members.

3. Translates Cybersecurity Strategic Goals into team specific processes and activities. Establish team objectives and develop effective tools to measure and report performance against these objectives.

4. Assists Cybersecurity leadership in developing annual operational budgets. Assists leadership in ensuring budgetary goals are met on an annual basis.

5. Assist cybersecurity leadership in establishing and maintaining meaningful measurable metrics and reporting. Track to resolution customer problems ensuring the solution is timely and of acceptable quality while effectively communicating with all levels of the organization.

6. Provides leadership with support in establishing and delivering the Cybersecurity strategy and leads or participates in the design, direction, and coordination of cybersecurity projects, systems or applications.

7. Provides expertise and direction while participating in the planning of cybersecurity systems and application strategic objectives and goals. Establish and maintain meaningful measurable metrics and reporting.

8. Provides guidance, direction, and oversight for compliance with all federal, state, and local mandated information security laws, rules, and guidelines. Remain current with the latest industry information.

9. Under general direction, this position is responsible for information security across multiple departments system-wide and requires interaction at all levels of staff and management.

MINIMUM QUALIFICATIONS

Must possess strong knowledge of business, cybersecurity, information technology and/or computer science as normally obtained through the completion of a bachelor's degree.

Certification may be required in at least one of the following areas within one year of entering the position. Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Systems Security Certified Practitioner (SSCP), Payment Card Industry - Internal Security Assessor (PCI-ISA), Certified in Risk and Information Systems Control (CRISC), HealthCare Information Security & Privacy Practitioner (HCISSP), CompTIA Security+ or other certification designated by the Information Security Leader.

Must also possess seven plus years of experience, two of which with supervisory experience, in a healthcare or related environment or an equivalent combination of relevant education, technical, business and healthcare experience. Must demonstrate expertise in information technology and healthcare. Needs experience in medium to large scale project planning and reporting either individually or in a team. Requires communication and presentation skills to engage technical and non-technical audiences. Requires ability to communicate and interact across facilities and at various levels. Ability to balance project workloads with customer support and on-call demands. As is typical in this industry, variable shifts and hours and carrying/responding to a pager may be required.

Demonstrate proficiency with the Microsoft Suite of products and other tools depending on position requirements.

PREFERRED QUALIFICATIONS

Advanced degree may substitute for work experience.

Additional related education and/or experience preferred.

EEO Statement:

EEO/Female/Minority/Disability/Veterans

Our organization supports a drug-free work environment.

Privacy Policy:

Privacy Policy