Job Title: Director of Information Security
Job Type: Full-Time
Department: Compliance
Reports To: Chief Compliance Officer
Company Overview:
Exceed Healthcare is a leading medical management company dedicated to transforming healthcare through innovative solutions. Our commitment to excellence through strategic management and innovative technology solutions make us a driving force in the industry.
Summary:
The Director of Information Security is responsible for developing and implementing a comprehensive information security strategy aligned with the organization’s business goals. This role ensures the confidentiality, integrity, and availability of all digital and physical information assets in a healthcare management setting. The Director will collaborate with legal, compliance, operations, and IT teams to manage risks, ensure regulatory compliance, and protect sensitive patient and business data.
Key Responsibilities: Strategic Leadership:
- Develop and implement security strategies that align with business goals, technology advances, and healthcare regulations (e.g. HIPAA, HITECH and state specific privacy rules).
- Build and manage the information security team.
- Lead IT and third-party vendors in executing IT strategies that enhance security, streamline processes, reduce costs, and improve patient care.
- Act as the subject matter expert on emerging threats affecting healthcare systems, including EHR, telemedicine platforms and cloud-based services.
- Develop and oversee security policies, standards, and guidelines.
- Collaborate with senior leadership to ensure security strategies support business priorities and innovation goals.
Risk Management & Compliance:
- Lead risk assessments and develop mitigation strategies for protecting sensitive data such as PHI, PII, and trade secrets.
- Ensure compliance with healthcare regulations and enforce data protection protocols.
- Conduct regular risk assessments to identify vulnerabilities in IT infrastructure.
- Establish and enforce security policies, procedures, and protocols to ensure data protection, access control, and secure handling of all sensitive information.
IT Technology Integration & Security Architecture:
- Oversee IT infrastructure design and management, ensuring scalability, security, and reliability.
- Manage cloud services, data centers, networks, and cybersecurity measures.
- Lead teams to integrate security into technology solutions and ensure secure network and system architecture.
- Stay informed on healthcare technologies such as AI, telehealth, and mobile health, assessing their security risks.
- Design and implement secure architecture for networks, applications, and systems.
- Ensure security considerations are integrated into the software development lifecycle (SDLC).
Incident Response & Threat Management:
- Lead and coordinate incident response efforts for security breaches or cyberattacks.
- Develop and manage the organization’s incident response plan and ensure compliance with legal and regulatory requirements.
- Conduct regular risk assessments and implement a vendor risk management process.
Team Leadership & Development:
- Ensure the efficient operation of IT services, including EHR and clinical systems.
- Manage IT budgets, optimizing cost-efficiency and ROI.
- Develop security metrics and reporting systems to track program effectiveness.
- Promote security awareness and foster innovation in security practices.
- Supervise and lead IT and software development teams to integrate security into the design and deployment of new technology solutions, applications, and services.
Qualifications: Education:
- Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field. A Master’s degree or certifications (CISSP, CISM, CISA, HCISPP) is preferred.
Experience:
- Minimum of 10 years in information security, with at least 3 years in a leadership role.
- At least 3 years of experience working for a healthcare organization.
- Extensive knowledge of healthcare regulations including but not limited to, HIPAA, HITECH, and ONC regulations and experience in securing healthcare systems.
- Proven experience managing security technologies, risk assessments, and incident response.
Skills & Competencies:
- Strong understanding of cybersecurity threats, risks, and best practices, including cloud and on-premises security.
- Leadership skills to manage cross-functional teams and communicate effectively with stakeholders at all levels.
- A basic understanding of coding principles, which includes familiarity with basic programming concepts such as variables, control structures (loops and conditionals), data types, and basic algorithms.
- Strong communication skills for translating complex technical concepts to non-technical audiences.
Other Requirements:
- Ability to handle sensitive and confidential information with discretion.
- Willingness to stay updated on emerging technologies and security trends.
- Availability for on-call incident response as needed.
Benefits:
Exceed Healthcare offers competitive compensation, health benefits, paid time off, and opportunities for professional growth.
Exceed Healthcare is an equal opportunity employer committed to diversity and inclusion.