Community Health Network of Connecticut, Inc.
Director, Information Security
Community Health Network of Connecticut, Inc., Wallingford, Connecticut, us, 06495
Community Health Network of Connecticut, Inc. (CHNCT) is currently seeking a Director, Information Security.
Primary Responsibilities:
Under the direction of the CISO and VP of Information Security, responsible for implementing CHNCT’s information security program, including information risk management, third party risk assurance, and security operations.
Manages the Information Security operational staff and assigned contract employees and services.
Ensures that security operations enable the organization to remain compliant with HIPAA security regulations, CT security regulations, HITRUST Common Security Framework (CSF), and other applicable security regulations and standards, including NIST CSF, to ensure the confidentiality, integrity, and availability of CHNCT’s data and systems.
Administers an incident reporting and tracking process along with action plans for mitigating security incidents.
Participates in the development, implementation and monitoring of a strategic, comprehensive enterprise information security and risk management program providing input on system security strategies, policies, procedures, and related infrastructure.
Works directly with the business units to facilitate information security and information technology risk assessments and risk management processes, requests for change (RFC), service requests, and approvals.
Tasks Performed:
Supervises staff including time and attendance, performance management, salary and merit management, discipline, and work assignments.
Responsible for acting independently, in conjunction with the CISO and senior OISR staff, and through management of the team, to perform the following activities: Maintains CHNCT’s Security Risk Management Program and Risk Register. Provides regular and comprehensive written security status reports and risk mitigation recommendations to the CISO; Performs and directs security auditing/monitoring, testing, and reporting; Contributes to the development and implementation of security architecture, standards, procedures, and guidelines for multiple platforms in diverse system environments; Leads or participates in incident response teams as necessary; Oversees the Business Continuity Plan (BCP) including updates, business impact analysis (BIA), and plan testing; Reviews the development, testing and implementation of security plans, products, and control techniques; Consults with CISO, Information Security Architect, Information Security Assurance Program Manager and staff in the design and implementation of new or modified information security processes; Recommends new security tools to management, and reports and provides guidance and expertise in their implementation; Identifies, leads, investigates, and recommends appropriate corrective actions for information security incidents and is knowledgeable in forensic investigations, data recovery and the handling of digital evidence; Conducts third party and application security assessments; Oversees and advises on access control and account administration of critical information resources and key users; Acts as a liaison to IT and product groups and assists them in the implementation of security technologies and applications security. Works in conjunction with technical counterparts to remediate audit and security findings; Oversees operational activities including exceptions to security controls, data loss prevention (DLP) rules management and investigations, email phishing analysis and response, vulnerability management, threat intelligence, and system review board analysis and processing; Participates in developing and managing the department budgets; and Performs related duties as assigned or requested.
Essential Functions:
Directs the team to design, implement and maintain information security systems to support the Information Security Management Program (ISMP).
Ensures compliance with established policies and procedures and security standards under HIPAA/HITECH, HITRUST, and other applicable frameworks and regulations.
Monitors, assesses, and audits, per policy, all aspects of the ISMP, including security systems and infrastructure, endpoints, servers, network infrastructure, and identity and access.
Desired Education:
4 years post-secondary schooling or equivalent experience and professional training
Desired Degree:
Bachelor’s degree preferred, Master’s desirable
Desired Major:
Cybersecurity, Information Assurance, Computer Technology or Computer Science
Desired Job Experience:
Ten plus years of solid progressive work experience, including at least 5 years in management in Information Security as a primary job or an equivalent combination of education and work experience in a Healthcare Information Security environment. Familiar with local and federal laws concerning Information Security and relevant specific security guidelines such as HIPAA/HITECH, HITRUST, and NIST. Knowledge of the healthcare industry and operations.
Other Qualifications:
Current CISSP or other equivalent/approved information security certification required. Knowledgeable in the management and setup of security related software and hardware. Excellent analytical ability, strong judgment and problem analysis and a broad knowledge of business function(s), information technologies and Information Security best practices. Knowledgeable in risk assessment and threat modeling. Highly developed communication, negotiation, presentation, and consensus building skills. Knowledge of new and trending technology including Artificial Intelligence, layered security principles, tactics, and techniques. Familiarity with many of the following:
Modem WAN/LAN Networking
SaaS, Cloud services and delivery models
Network monitoring utilities, patch management, VMware, Citrix, Windows Servers and OS
Virtualization
Operating systems and associated security and access control models
Proper dev/test/prod practices
Modern coding languages and APIs
Security Service Edge (SSE aka SASE)
Databases and practices for working with and manipulating data structures
Web technologies and frameworks
CHNCT Offers Great Benefits:
Medical, dental and vision coverage options
Flexible spending and health savings accounts
Group term life insurance
A 401(k) plan with company-match and immediate vesting
Voluntary accidental injury coverage
Tuition reimbursement and continuing education opportunities
A generous paid-leave bank and company holidays
Wellness program
CHNCT is an equal opportunity, affirmative action employer m/f/d/v and proud of the diversity of our workforce.
Important Note to Applicants:
CHNCT as a company feels very strongly that we need to do what we can to help control the spread of COVID-19 infections. Therefore, all employees, contractors, consultants and agency temporary staff are required to be fully vaccinated to work at CHNCT. Reasonable accommodations for medical or religious exemptions will be provided with appropriate documentation for positions that do not have in-person/member visitation requirements.
#J-18808-Ljbffr
Primary Responsibilities:
Under the direction of the CISO and VP of Information Security, responsible for implementing CHNCT’s information security program, including information risk management, third party risk assurance, and security operations.
Manages the Information Security operational staff and assigned contract employees and services.
Ensures that security operations enable the organization to remain compliant with HIPAA security regulations, CT security regulations, HITRUST Common Security Framework (CSF), and other applicable security regulations and standards, including NIST CSF, to ensure the confidentiality, integrity, and availability of CHNCT’s data and systems.
Administers an incident reporting and tracking process along with action plans for mitigating security incidents.
Participates in the development, implementation and monitoring of a strategic, comprehensive enterprise information security and risk management program providing input on system security strategies, policies, procedures, and related infrastructure.
Works directly with the business units to facilitate information security and information technology risk assessments and risk management processes, requests for change (RFC), service requests, and approvals.
Tasks Performed:
Supervises staff including time and attendance, performance management, salary and merit management, discipline, and work assignments.
Responsible for acting independently, in conjunction with the CISO and senior OISR staff, and through management of the team, to perform the following activities: Maintains CHNCT’s Security Risk Management Program and Risk Register. Provides regular and comprehensive written security status reports and risk mitigation recommendations to the CISO; Performs and directs security auditing/monitoring, testing, and reporting; Contributes to the development and implementation of security architecture, standards, procedures, and guidelines for multiple platforms in diverse system environments; Leads or participates in incident response teams as necessary; Oversees the Business Continuity Plan (BCP) including updates, business impact analysis (BIA), and plan testing; Reviews the development, testing and implementation of security plans, products, and control techniques; Consults with CISO, Information Security Architect, Information Security Assurance Program Manager and staff in the design and implementation of new or modified information security processes; Recommends new security tools to management, and reports and provides guidance and expertise in their implementation; Identifies, leads, investigates, and recommends appropriate corrective actions for information security incidents and is knowledgeable in forensic investigations, data recovery and the handling of digital evidence; Conducts third party and application security assessments; Oversees and advises on access control and account administration of critical information resources and key users; Acts as a liaison to IT and product groups and assists them in the implementation of security technologies and applications security. Works in conjunction with technical counterparts to remediate audit and security findings; Oversees operational activities including exceptions to security controls, data loss prevention (DLP) rules management and investigations, email phishing analysis and response, vulnerability management, threat intelligence, and system review board analysis and processing; Participates in developing and managing the department budgets; and Performs related duties as assigned or requested.
Essential Functions:
Directs the team to design, implement and maintain information security systems to support the Information Security Management Program (ISMP).
Ensures compliance with established policies and procedures and security standards under HIPAA/HITECH, HITRUST, and other applicable frameworks and regulations.
Monitors, assesses, and audits, per policy, all aspects of the ISMP, including security systems and infrastructure, endpoints, servers, network infrastructure, and identity and access.
Desired Education:
4 years post-secondary schooling or equivalent experience and professional training
Desired Degree:
Bachelor’s degree preferred, Master’s desirable
Desired Major:
Cybersecurity, Information Assurance, Computer Technology or Computer Science
Desired Job Experience:
Ten plus years of solid progressive work experience, including at least 5 years in management in Information Security as a primary job or an equivalent combination of education and work experience in a Healthcare Information Security environment. Familiar with local and federal laws concerning Information Security and relevant specific security guidelines such as HIPAA/HITECH, HITRUST, and NIST. Knowledge of the healthcare industry and operations.
Other Qualifications:
Current CISSP or other equivalent/approved information security certification required. Knowledgeable in the management and setup of security related software and hardware. Excellent analytical ability, strong judgment and problem analysis and a broad knowledge of business function(s), information technologies and Information Security best practices. Knowledgeable in risk assessment and threat modeling. Highly developed communication, negotiation, presentation, and consensus building skills. Knowledge of new and trending technology including Artificial Intelligence, layered security principles, tactics, and techniques. Familiarity with many of the following:
Modem WAN/LAN Networking
SaaS, Cloud services and delivery models
Network monitoring utilities, patch management, VMware, Citrix, Windows Servers and OS
Virtualization
Operating systems and associated security and access control models
Proper dev/test/prod practices
Modern coding languages and APIs
Security Service Edge (SSE aka SASE)
Databases and practices for working with and manipulating data structures
Web technologies and frameworks
CHNCT Offers Great Benefits:
Medical, dental and vision coverage options
Flexible spending and health savings accounts
Group term life insurance
A 401(k) plan with company-match and immediate vesting
Voluntary accidental injury coverage
Tuition reimbursement and continuing education opportunities
A generous paid-leave bank and company holidays
Wellness program
CHNCT is an equal opportunity, affirmative action employer m/f/d/v and proud of the diversity of our workforce.
Important Note to Applicants:
CHNCT as a company feels very strongly that we need to do what we can to help control the spread of COVID-19 infections. Therefore, all employees, contractors, consultants and agency temporary staff are required to be fully vaccinated to work at CHNCT. Reasonable accommodations for medical or religious exemptions will be provided with appropriate documentation for positions that do not have in-person/member visitation requirements.
#J-18808-Ljbffr