VP, Chief Information Security Officer

The VP of I&T Infrastructure and Operations & Chief Information Security Officer (CISO) reports to the Senior Vice President , Chief Information & Digital Officer of Baystate Health.

The VP of I&O is responsible for the implementing and running next-generation information technology infrastructure and for world class delivery of all third-party and internally managed information technology infrastructure used for all clinical, research and business process across the enterprise. This position oversees day-to-day infrastructure activities and is responsible for the long-term strategic initiatives, budgeting, and Infrastructure project execution to align with the Enterprise goals and objectives. This position will continually improve IT Infrastructure standards, policies, processes, and procedures for the Enterprise and ensuring the availability, integrity and security for all servers and networking resources that the Enterprise relies on. This individual will be an inspirational leader with deep technical infrastructure experience, strong project management acumen, excellent vendor management skills, plus a superior, service-first-oriented approach to infrastructure operations. This individual is also responsible for operational and service management processes to ensure quality, efficiency and agility goals are achieved. As a member of the I&T senior leadership team, the role will contribute to the development and execution of the enterprise-wide IT strategy, and ensure it aligns with Baystate Health’s strategy and delivery capabilities.

CISO is responsible for establishing the strategic direction and multi-year and multi-disciplinary road map for corporate-wide information and cyber security programs at Baystate Health. The CISO focuses on Baystate Health's security posture and includes strategy development, policy development and enforcement, risk mitigation, enterprise education and awareness, and numerous departments across the enterprise. The CISO serves as the primary leader of all information and cyber security activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the organization's information security policies. Additionally, the CISO is focused on the cyber security aspects of the enterprise which includes network, biomedical devices, and other infrastructure components of enterprise technology platform. A key element of this role is working with executive management, the Audit and Compliance Board, and the Board of Trustees to determine acceptable levels of risk for the organization. The CISO must be highly knowledgeable about healthcare policies and mandates and how technology and internal business practices and policies can uphold such regulatory requirements.

The VP of I&T Infrastructure and Operations, Chief Information Security Officer will report directly to the SVP and Chief Information and Digital Officer.

Job Responsibilities and Essential Functions:

• Drive the I&O department to embrace next generation technology that supports the innovative and foundational elements of Baystate Health.
• Works with HR and the IT leadership team to develop an I&O "people strategy" that aligns with the enterprise and IT strategy. Continually looks for leading-edge and innovative solutions to the recruitment, development, and retention of the I&O workforce.
• Forecasts future skill needs to acquire and develop an IT workforce with the appropriate mix of business knowledge, technical skills and competencies and ensuring the core IT functions are reliable, stable, and efficient.
• Sets the mission and vision of the I&O department to foster a service-oriented culture and mindset driven by continual service improvement techniques.
• Leads the development of the I&O roadmap and ensures its integration with the overall IT and enterprise strategic plans.
• Works with the IT senior leadership team on the service portfolio and governance required to prioritize resources.
• Acts as a trusted advisor and builds and maintains relationships with other IT leaders and Baystate Health executives to develop a clear understanding of enterprise needs; ensures cost-effective delivery of IT services to meet those needs and can respond with agility to changing industry priorities.
• Develops the annual operating and capital expenditure budget for I&O to ensure it is consistent with overall strategic objectives of IT and the enterprise and is within plan.
• Develops long term refresh infrastructure budget plan to address end of life equipment.
• Participates in the assessment of external and internal technology capabilities required to achieve desired competitive positioning.
• Maintains currency on new technologies and platforms and provides direction on what emerging technologies should be assimilated, integrated, and introduced within I&O to ensure IT capabilities respond to the needs of the enterprise's strategy.
• Maintains an active I&O sunset strategy for outmoded technology.
• Champions I&O involvement in the IT organization's innovation efforts and its role in experimenting with new solutions to take advantage of industry opportunities.
• Provides strategic direction and oversight for the operation and support of IT systems that fulfill the needs of the enterprise, including the full life cycle of infrastructure operations and IT service support.
• Directs the development of I&O sourcing strategy and provides executive participation in strategic vendor and partner relationship management.
• Serves on IT planning and policymaking committees; drives the development of enterprise technology standards, governance processes and performance metrics to ensure I&O delivers value to the enterprise.
• Provides leadership, coaching and direction to the I&O leadership team and staff.
• Develop and implement a sustainable and long-term information and cyber security strategy for Baystate Health that is based on a comprehensive enterprise information and cyber security management program derived from national best practices that include but not limited to HITRUST, NIST, and HIPAA.
• Lead the operations for Baystate Health's Information Security Office, which consists of a matrixed reporting structure of direct reports and indirect reports (individuals across BH business divisions, IT operations, and application administrators).
• Chairs the information security governance board, known as the Information Security & Compliance Council (ISCC). This board reviews and ratifies Baystate Health's information and cyber security policies, procedures, and projects that ensure the continued maturation and strength of BH's security platform.
• Lead the development of or authorship of up-to-date information security policies, standards, and guidelines. Oversee the approval, dissemination, and maintenance of security policies and practices. Responsible for the enterprise-wide information security training program for all employees, contractors, and approved system users.
• Responsible for ensuring that the BH IT Application Inventory is compliant with ISO protocols and procedures.
• Oversee and lead the creation, communication, and implementation of a risk-based process for vendor risk management, including the assessment and mitigation of risks that may result from partners, consultants, and other service providers.
• Work directly with the business leaders to initiate the development of IT risk assessment and risk management processes, and work with leaders throughout the enterprise on identifying acceptable levels of residual risk.
• Present to senior leadership and board members on a regular basis the status of the information security program, including an update on BH's performance on strategic security initiatives, current regulatory requirements and mandates for security, and comparative benchmarks to other security programs.
• Oversee the development of a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations. Evaluate and ensure that security controls and programs are effective and are following relevant laws, regulations, and policies.
• Co-manage the IT Incident Response Team, security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation. Member of the Corporate (enterprise-wide) Incident Response Team.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action and consult with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.     
• Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required.
• Consult with the Department of Homeland Security for cyber-security.
• Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.
   

Required qualifications:
 

The VP of I&O and CISO is a leadership role and must demonstrate the following leadership attributes:

• High levels of personal integrity when conducting the professional affairs of the organization and dealing with sensitive and confidential data relating to risks and costs.
• Calmness and clarity of thought while under pressure.
• The ability to uphold the goals and culture of the organization.
• The ability to lead, enable and motivate teams by providing advice and guidance in a nonjudgmental fashion.
• An understanding of strategic organization objectives and the ability to drive results toward those objectives.
• Openness to, and the ability to deal with, rapid change in needs, processes, and technologies.

Required Work Experience:

Bachelor’s degree required, preferably in engineering, computer science, or healthcare related degree, Bachelor of Arts, Information Technology

MBA or equivalent master’s degree plus IT experience preferred.

Must have at least 10+ years of IT experience and 5+ years of senior leader experience.

Experience in technology and infrastructure which must include Network, Data Centers, Telephony, Service delivery.

Certified Information System Security Professional – Other

You Belong At Baystate

At Baystate Health we know that treating one another with dignity and equity is what elevates respect for our patients and staff. It makes us not just an organization, but also a community where you belong. It is how we advance the care and enhance the lives of all people.

DIVERSE TEAMS. DIVERSE PATIENTS. DIVERSE LOCATIONS.

Education:

Bachelors Degree (Required)

Certifications:

Certified Information System Security Professional - OtherOther

Equal Employment Opportunity Employer

Baystate Health is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, ancestry, age, genetic information, disability, or protected veteran status.