Ballad Health
Director, IT Security (8a-5p) Hybrid Remote - Johnson City, TN
Ballad Health, Johnson City, Tennessee, United States, 37603
Job Description:
Summary:Plans, designs, implements and manages the enterprise-wide IS security program utilizing expert knowledge of UNIX, Novell, Windows and other applicable network operating systems and technology related systems and hardware within the IS environment. Designs and develops Computer Emergency Response Team (CERT) approach in response to advanced attack recognition protocols and corresponding response systems. Responsible for oversight of installation configuration and maintenance PC workstations and server security processes, procedures and applications. Applies knowledge of cryptographic tools, methods, systems, and protocols to develop electronic data interchange standards and procedures. Participates in selection, programming, and deployment of network analysis, LAN/WAN access, and authentication software applications in accordance with appropriate technical specifications. Develops and designs network infrastructure changes integrating system security components.Conducts reviews/evaluations to determine vulnerabilities and develop related countermeasures. Analyzes network/system infrastructure to develop and test disaster recovery scenarios and contingency plans thus identifying and improving critical points of failure. Ensures compliance with security related issues within HIPAA, JCAHO and other government / accreditation, regulation / standards. Ensures compliance with software licensure through the application of policy, procedures and management control systems.
Develops information security education and training program to include advanced operating system programming and design changes. Serves as a resource and consultant on security issues to IS directors and managers application and network/system specialists in the development of security initiatives. Creates and maintains the security management function for existing and new IS contracts, including maintaining the appropriate documentation.
Develops departmental and corporate policies, procedures, standards, and controls relating to information security. Responsible for ensuring that all users have the necessary computer security accessIt is vital that an individual in this position be capable of good oral and written communication skills.
Additional Responsibilities:• Develops patient and business information integrity, confidentiality, and security compliance program.• Serve as the Ballad IT Security Officer Partner effectively with the Ballad Audit and Compliance department. Serve as a focal point for resolving information security and privacy issues related to third party security requirements in Ballad's IT related systems and services• Coordinate response to periodic third party RFIs and participates in activity related to the Ballad's IT Governance committee including detailed electronic Technical requirements reviews via the eTAF committee.• Ensures periodic information privacy risk assessments are conducted and that related ongoing compliance monitoring activities are in place, in coordination with IT Compliance, Corporate Audit & Compliance, and other compliance and operational assessment functions.• Initiates, facilitates and promotes activities to foster information security awareness within the organization and related entities.• Maintains current knowledge of applicable federal and state privacy laws and accreditation standards, and monitors advancements in information security technologies to ensure organizational adaptation and compliance.• Review of Ballad IT Plan infrastructure protection processes, including policies, guidelines, tools, methods, and technologies• Implement architectural objectives and requirements aligned with business, technology, and security strategies• Evaluate, implement and manage new security technologies in support of Ballad's software applications• Collaborate with IT project management to ensure adequate enforcement of security controls in Ballad's software (and hardware as applicable e.g. MFD's, 3rd party bio-medical hardware EKG machines, etc) applications• Collaborate with architects to define a consistent information security and privacy architecture across the Alliance hardware and software portfolios.• Pursue IT security violations within Ballad business to a successful resolution and takes all appropriate measures to insure against similar security incidents in the future Identify and escalate any privacy security deficiencies as appropriate to ensure timely resolution.
Requirements:Bachelor's degree in Computer Science or related subject work experience required. Three years experience in direct technical security/system administration role required. Experience with the management and administration of current security-related technologies, firewalls, intrusion detection systems, and network/system audit tools required. Strong knowledge of networking, systems operations to include UNIX, Novell, Windows, LAN/WAN protocols, client/server technology, and TCP/IP required. Database experience to include Oracle, Sybase, Informix, and SQL preferred. MSCE and CNA, CISSP and/or CISM certification preferred. Must have strong analytical thinking ability; excellent communication skills; project management, and staff management/team building required. Must be able to work independently as well as part of a team, be comfortable with change and possess excellent leadership skills.
Must have experience presenting in front of board-level groups, various committees, manage the upkeep of IT policies, create meaningful data-driven security dashboards, planning capital and operating budgets, advise on cyber security strategy, experience managing various levels of team expertise and planning accordingly for education/training.
Work Requirements:Shift: DayOn Call: YesWeekends:NoTravel Required: No Travel
Location:Ballad Health Corporate
Summary:Plans, designs, implements and manages the enterprise-wide IS security program utilizing expert knowledge of UNIX, Novell, Windows and other applicable network operating systems and technology related systems and hardware within the IS environment. Designs and develops Computer Emergency Response Team (CERT) approach in response to advanced attack recognition protocols and corresponding response systems. Responsible for oversight of installation configuration and maintenance PC workstations and server security processes, procedures and applications. Applies knowledge of cryptographic tools, methods, systems, and protocols to develop electronic data interchange standards and procedures. Participates in selection, programming, and deployment of network analysis, LAN/WAN access, and authentication software applications in accordance with appropriate technical specifications. Develops and designs network infrastructure changes integrating system security components.Conducts reviews/evaluations to determine vulnerabilities and develop related countermeasures. Analyzes network/system infrastructure to develop and test disaster recovery scenarios and contingency plans thus identifying and improving critical points of failure. Ensures compliance with security related issues within HIPAA, JCAHO and other government / accreditation, regulation / standards. Ensures compliance with software licensure through the application of policy, procedures and management control systems.
Develops information security education and training program to include advanced operating system programming and design changes. Serves as a resource and consultant on security issues to IS directors and managers application and network/system specialists in the development of security initiatives. Creates and maintains the security management function for existing and new IS contracts, including maintaining the appropriate documentation.
Develops departmental and corporate policies, procedures, standards, and controls relating to information security. Responsible for ensuring that all users have the necessary computer security accessIt is vital that an individual in this position be capable of good oral and written communication skills.
Additional Responsibilities:• Develops patient and business information integrity, confidentiality, and security compliance program.• Serve as the Ballad IT Security Officer Partner effectively with the Ballad Audit and Compliance department. Serve as a focal point for resolving information security and privacy issues related to third party security requirements in Ballad's IT related systems and services• Coordinate response to periodic third party RFIs and participates in activity related to the Ballad's IT Governance committee including detailed electronic Technical requirements reviews via the eTAF committee.• Ensures periodic information privacy risk assessments are conducted and that related ongoing compliance monitoring activities are in place, in coordination with IT Compliance, Corporate Audit & Compliance, and other compliance and operational assessment functions.• Initiates, facilitates and promotes activities to foster information security awareness within the organization and related entities.• Maintains current knowledge of applicable federal and state privacy laws and accreditation standards, and monitors advancements in information security technologies to ensure organizational adaptation and compliance.• Review of Ballad IT Plan infrastructure protection processes, including policies, guidelines, tools, methods, and technologies• Implement architectural objectives and requirements aligned with business, technology, and security strategies• Evaluate, implement and manage new security technologies in support of Ballad's software applications• Collaborate with IT project management to ensure adequate enforcement of security controls in Ballad's software (and hardware as applicable e.g. MFD's, 3rd party bio-medical hardware EKG machines, etc) applications• Collaborate with architects to define a consistent information security and privacy architecture across the Alliance hardware and software portfolios.• Pursue IT security violations within Ballad business to a successful resolution and takes all appropriate measures to insure against similar security incidents in the future Identify and escalate any privacy security deficiencies as appropriate to ensure timely resolution.
Requirements:Bachelor's degree in Computer Science or related subject work experience required. Three years experience in direct technical security/system administration role required. Experience with the management and administration of current security-related technologies, firewalls, intrusion detection systems, and network/system audit tools required. Strong knowledge of networking, systems operations to include UNIX, Novell, Windows, LAN/WAN protocols, client/server technology, and TCP/IP required. Database experience to include Oracle, Sybase, Informix, and SQL preferred. MSCE and CNA, CISSP and/or CISM certification preferred. Must have strong analytical thinking ability; excellent communication skills; project management, and staff management/team building required. Must be able to work independently as well as part of a team, be comfortable with change and possess excellent leadership skills.
Must have experience presenting in front of board-level groups, various committees, manage the upkeep of IT policies, create meaningful data-driven security dashboards, planning capital and operating budgets, advise on cyber security strategy, experience managing various levels of team expertise and planning accordingly for education/training.
Work Requirements:Shift: DayOn Call: YesWeekends:NoTravel Required: No Travel
Location:Ballad Health Corporate