AVP - Security Operations and Incident Response

We've made a lot of progress since opening the doors in 1942, but one thing has never changed - our commitment to serve, heal, lead, educate, and innovate.  We believe that every award earned, every record broken and every patient helped is because of the dedicated employees who fill our hallways. 

At Ochsner, whether you work with patients every day or support those who do, you are making a difference and that matters.  Come make a difference at Ochsner Health and discover your future today! 

This job assumes responsibility for establishing and maintaining an enterprise-wide information security detection and response program to assure information assets are adequately protected. Exhibits expertise incident response best practices and regulatory and of requirements that impact security for the enterprise including, but is not limited to NIST, HIPAA, HITECH, and PCI. Sets policies and standards that directs the response functions relative to information technology systems, networks, applications, voice and data communications and computing services within the enterprise; proactively works with senior leadership to assure detection and response programs controls are in compliance with policies, applicable laws and regulations. Works closely with legal and compliance offices to ensure a strong cross-functional cyber crisis management program is in place.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential duties.

This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at the company's discretion.
 

Education

Required – Bachelor’s degree in Cyber Security or Emergency Management

Preferred – Master’s degree in Information Assurance

Preferred - Additional degrees, business training experience and/or certifications may be combined to meet minimum qualifications.

Work Experience
Required - 8 years’ experience with responsibility for cyber security engineering, incident response, and defensive strategies that balance applicable federal, state and local regulations with business needs. Development of cyber response functions, ensuring alignment with NIST and other standards.  Military or law enforcement background a plus.

Knowledge Skills and Abilities (KSAs)

• Must have cyber security investigation including full understanding of reporting requirements.

• Effective verbal and written communication skills and the ability to present cyber-threat intelligence clearly and professionally translate them into understandable business risks.

• Must be proficient with cyber security defensive strategies for monitoring complex distributed environments.

• Knowledge and understanding of cyber monitoring and reporting technical subjects in order to communicate effectively at an expert level on those subjects.

• Analytical skills and logical thought processes in order to formulate mitigation solutions to business risks.

• Professional interpersonal skills to deliver results under difficult and stressful situations in cooperation with other leaders.

• Organizational skills necessary to work with frequent interruptions and frequent changes in priorities.

• Ability to move freely throughout and between facilities.

• Ability to work variable hours, including nights, evenings, weekends, as required.

• Ability for occasional out of town travel as required.

Job Duties

• Establishes and maintains an enterprise-wide information cyber security threat monitoring and response program to assure information assets, data, and staff members are adequately protected.

• Recommends Cyber threat intelligence best practices as it relates to regulatory and compliance requirements that impact security for the enterprise including, but not limited to NIST, HIPAA, HITECH, and PCI.

• Sets policies and standards that direct security functions relative to information technology systems, networks, applications, voice and data communications and computing services within the enterprise.

• Assures security programs and technical controls are in compliance with policies, applicable laws and regulations and effectively protect information and information systems.

• Communicates the technical and business aspects of Cyber security risks in a language the business understands so that the business can make educated and informed decisions regarding the appropriate levels of control.

• Implements policies and procedures to ensure that all members of its workforce have appropriate access to ePHI and other confidential or sensitive information, comply with HIPAA, and prevent those workforce members who do not have access from obtaining access to such information.

• Other related duties as required.

The above statements describe the general nature and level of work only. They are not an exhaustive list of all required responsibilities, duties, and skills. Other duties may be added, or this description amended at any time.

Remains knowledgeable on current federal, state and local laws, accreditation standards or regulatory agency requirements that apply to the assigned area of responsibility and ensures compliance with all such laws, regulations and standards.

This employer maintains and complies with its Compliance & Privacy Program and Standards of Conduct, including the immediate reporting of any known or suspected unethical or questionable behaviors or conduct; patient/employee safety, patient privacy, and/or other compliance-related concerns.

The employer is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

Physical and Environmental Demands
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Heavy Work - Exerting 50 to 100 pounds of force occasionally, and/or 25 to 50 pounds of force frequently, and/or 10 to 20 pounds of force constantly to move objects.   (Constantly: activity or condition exists 2/3 or more of the time) to move objects. Physical demand requirements are in excess of those for Sedentary Work. Even though the weight lifted may be only a negligible amount, a job should be rated Light Work: (1) when it requires walking or standing to a significant degree; or (2) when it requires sitting most of the time but entails pushing and/or pulling of arm or leg controls; and/or (3) when the job requires working at a production rate pace entailing the constant pushing and/or pulling of materials even though the weight of those materials is negligible. NOTE: The constant stress and strain of maintaining a production rate pace, especially in an industrial setting, can be and is

Normal routine involves no exposure to blood, body fluid or tissue and as part of their employment, incumbents are not called upon to perform or assist in emergency care or first aid.

The incumbent has no occupational risk for exposure to communicable diseases.

Because the incumbent works within a healthcare setting, there may be occupational risk for exposure to hazardous medications or hazardous waste within the environment through receipt, transport, storage, preparation, dispensing, administration, cleaning and/or disposal of contaminated waste. The risk level of exposure may increase depending on the essential job duties of the role.

Are you ready to make a difference? Apply Today!

Ochsner Health does not consider an individual an applicant until they have formally applied to the open position on this careers website.

Individuals who reside in and will work from the following areas are not eligible for remote work position: Colorado, California, Hawaii, Illinois, Maryland, Minnesota, New York, Washington, and Washington D.C.

Ochsner Health endeavors to make our site accessible to all users.  If you would like to contact us regarding the accessibility of our website, or if you need an accommodation to complete the application process, please contact our HR Employee Solution Center at 504-842-4748 (select option 1) or careers@ochsner.org. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

Ochsner is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to any legally protected class, including protected veterans and individuals with disabilities.