Orlando Health
Senior Director, Deputy Chief Information Security Officer
Orlando Health, Orlando, Florida, us, 32885
Position Summary
About Orlando Health
Founded more than 100 years ago, Orlando Health is a private, not-for-profit healthcare organization with a long tradition of serving its many and varied communities. With physicians in more than 100 specialties, the healthcare system attracts patients from across the state, region and nation.
The healthcare system encompasses award-winning hospitals, stand-alone emergency departments, behavioral health care, skilled nursing facilities, rehabilitation services and urgent care locations. Our network of primary care physicians and specialists extends from the Atlantic to Gulf coasts and spans more than a dozen counties. Orlando Health is nationally recognized for its pediatric and adult trauma programs as well as its high-performing community hospitals and specialty hospitals. Each year, we welcome more than 20,000 babies across the system and care for the most fragile in one of the nation's largest neonatal intensive care units.
The most-advanced care is offered through our specialty institutes that connect clinical excellence, education and research programs in our core services. With a robust graduate medical education program that hosts more than 350 residents and fellows each academic year, Orlando Health continues its pioneering research that includes therapies for end-stage breast cancer, identifying biomarkers to detect traumatic brain injury and offering first-in-the-world expanded access for an experimental advanced melanoma treatment.
Position Summary
The Deputy Chief Information Security Officer (CISO) will assist the Chief Security Officer (CSO) in overseeing and managing the organization's information security program. This role involves developing and implementing security policies, procedures, and protocols to protect the organization's information assets. The Deputy CISO will work closely with various departments to ensure compliance with regulatory requirements and industry standards. As a member of the office of the CSO (OCSO), collaborates and interacts with senio leaders and all council members regarding cybersecurity, operational, financial, legal, program management, audit services and special project planning. In a matrix organizational manner, reports directly to the Orlando Health Chief Security Officer working in collaboration with the Chief Privacy Officer (CPO), Emergency Preparedness, Risk, hospital, outpatient clinics and ambulatory leadership teams deliver on solutions and services and ensure the right audit, general controls, risk management, safety and compliance independence are adhered to. This position has direct leadership duties for IT Security leaders, IT Disaster Recovery, Major Incident Management and Business Continuity leaders who will be leading teams responsible for the development of security and business continuity policies and procedures, security architectures, operational support, regulatory compliance, and major incident response. The Deputy CISO will interact at the executive level with third party organizations that provide services to Orlando Health to ensure the security and IT resiliency needs of OHI are being met.
Essential Functions
Assist the CSO in developing and implementing the organization's information security strategy. Oversee the day-to-day operations of the information security program, including monitoring and responding to security incidents. Develop and maintain security policies, procedures, and protocols to ensure the protection of the organization's information assets. Conduct regular risk assessments and vulnerability assessments to identify and mitigate potential security threats. Collaborate with other departments to ensure compliance with regulatory requirements and industry standards. Provide guidance and support to the organization's staff on information security best practices. Oversee the development and delivery of information security training and awareness programs in collaboration with the office of the Chief Privacy Officer. Stay up to date with the latest trends and developments in information security and ensure the organization's security program remains current and effective. Work with executives and governing bodies to prioritize security investments based on risk analysis. Oversee teams responsible for the delivery of approved initiatives. Evaluate and improve the effectiveness of all implemented security measures and procedures. Leverage penetration and vulnerability testing and conduct internal audits. Provide support for external audits, including planning, review of findings, and assistance with remediation needs. Ensure the development and implementation of playbooks in response to Information Security and other threats to hospital personnel, facilities, and IT related disasters that could impact business operations and an Incident Handling program, including a detailed Disaster Recovery and Business Continuity Incident Response plan. Ensure that there are appropriately trained internal resources in IT forensics, as well as aligned external forensics expert resources to leverage as needed. In collaboration with the IT Business Relationship Management, and business and clinical leaders and application owners, develop appropriate program and related training material and communication to educate all associates on matters DR/BCP/BIA. Present to an update executive leadership on strategies comma successes and challenges in these areas. Provide analysis of new business / application solutions during the development or acquisition process. Provide input to business / application decision makers related to security matters document risk for awareness and decision making. Assist with contracting processes for new solutions to ensure matters of security are adequately represented in contracts. Education Requirements
Bachelor's degree in information security, Computer Science, or related field required. Master's degree preferred. Licensure/Certification Requirements
Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Healthcare Security (CHS), Certified Security Compliance Specialist (CSCS) required. Experience Requirements
Must have at least five (5) years of security leadership in a health care environment and eight (8) years of providing strategic leadership and operational oversight for an enterprise security program. Knowledge and understanding of relevant legal and regulatory requirements, including Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry/Data Security Standard (PCI), and other security frameworks and best practices. Demonstrated expertise in maturing security training and awareness programs. Working knowledge of IT operations and related technologies including information systems, enterprise applications, data center operations, network infrastructure, identity and access systems, data governance, general IT controls, vendor management, disaster recovery/business continuity and other relevant technology is required.
About Orlando Health
Founded more than 100 years ago, Orlando Health is a private, not-for-profit healthcare organization with a long tradition of serving its many and varied communities. With physicians in more than 100 specialties, the healthcare system attracts patients from across the state, region and nation.
The healthcare system encompasses award-winning hospitals, stand-alone emergency departments, behavioral health care, skilled nursing facilities, rehabilitation services and urgent care locations. Our network of primary care physicians and specialists extends from the Atlantic to Gulf coasts and spans more than a dozen counties. Orlando Health is nationally recognized for its pediatric and adult trauma programs as well as its high-performing community hospitals and specialty hospitals. Each year, we welcome more than 20,000 babies across the system and care for the most fragile in one of the nation's largest neonatal intensive care units.
The most-advanced care is offered through our specialty institutes that connect clinical excellence, education and research programs in our core services. With a robust graduate medical education program that hosts more than 350 residents and fellows each academic year, Orlando Health continues its pioneering research that includes therapies for end-stage breast cancer, identifying biomarkers to detect traumatic brain injury and offering first-in-the-world expanded access for an experimental advanced melanoma treatment.
Position Summary
The Deputy Chief Information Security Officer (CISO) will assist the Chief Security Officer (CSO) in overseeing and managing the organization's information security program. This role involves developing and implementing security policies, procedures, and protocols to protect the organization's information assets. The Deputy CISO will work closely with various departments to ensure compliance with regulatory requirements and industry standards. As a member of the office of the CSO (OCSO), collaborates and interacts with senio leaders and all council members regarding cybersecurity, operational, financial, legal, program management, audit services and special project planning. In a matrix organizational manner, reports directly to the Orlando Health Chief Security Officer working in collaboration with the Chief Privacy Officer (CPO), Emergency Preparedness, Risk, hospital, outpatient clinics and ambulatory leadership teams deliver on solutions and services and ensure the right audit, general controls, risk management, safety and compliance independence are adhered to. This position has direct leadership duties for IT Security leaders, IT Disaster Recovery, Major Incident Management and Business Continuity leaders who will be leading teams responsible for the development of security and business continuity policies and procedures, security architectures, operational support, regulatory compliance, and major incident response. The Deputy CISO will interact at the executive level with third party organizations that provide services to Orlando Health to ensure the security and IT resiliency needs of OHI are being met.
Essential Functions
Assist the CSO in developing and implementing the organization's information security strategy. Oversee the day-to-day operations of the information security program, including monitoring and responding to security incidents. Develop and maintain security policies, procedures, and protocols to ensure the protection of the organization's information assets. Conduct regular risk assessments and vulnerability assessments to identify and mitigate potential security threats. Collaborate with other departments to ensure compliance with regulatory requirements and industry standards. Provide guidance and support to the organization's staff on information security best practices. Oversee the development and delivery of information security training and awareness programs in collaboration with the office of the Chief Privacy Officer. Stay up to date with the latest trends and developments in information security and ensure the organization's security program remains current and effective. Work with executives and governing bodies to prioritize security investments based on risk analysis. Oversee teams responsible for the delivery of approved initiatives. Evaluate and improve the effectiveness of all implemented security measures and procedures. Leverage penetration and vulnerability testing and conduct internal audits. Provide support for external audits, including planning, review of findings, and assistance with remediation needs. Ensure the development and implementation of playbooks in response to Information Security and other threats to hospital personnel, facilities, and IT related disasters that could impact business operations and an Incident Handling program, including a detailed Disaster Recovery and Business Continuity Incident Response plan. Ensure that there are appropriately trained internal resources in IT forensics, as well as aligned external forensics expert resources to leverage as needed. In collaboration with the IT Business Relationship Management, and business and clinical leaders and application owners, develop appropriate program and related training material and communication to educate all associates on matters DR/BCP/BIA. Present to an update executive leadership on strategies comma successes and challenges in these areas. Provide analysis of new business / application solutions during the development or acquisition process. Provide input to business / application decision makers related to security matters document risk for awareness and decision making. Assist with contracting processes for new solutions to ensure matters of security are adequately represented in contracts. Education Requirements
Bachelor's degree in information security, Computer Science, or related field required. Master's degree preferred. Licensure/Certification Requirements
Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Healthcare Security (CHS), Certified Security Compliance Specialist (CSCS) required. Experience Requirements
Must have at least five (5) years of security leadership in a health care environment and eight (8) years of providing strategic leadership and operational oversight for an enterprise security program. Knowledge and understanding of relevant legal and regulatory requirements, including Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry/Data Security Standard (PCI), and other security frameworks and best practices. Demonstrated expertise in maturing security training and awareness programs. Working knowledge of IT operations and related technologies including information systems, enterprise applications, data center operations, network infrastructure, identity and access systems, data governance, general IT controls, vendor management, disaster recovery/business continuity and other relevant technology is required.