Overview
The team member’s Number One job responsibility is to deliver the most remarkable patient experience, in every dimension, every time, and understands how to contribute to the health system’s vision of achieving that commitment to patients and families. At Novant Health, people are our business. We treat each other with respect and compassion. We embrace the differences in our strengths while fostering an environment of inclusion, empowerment, inspiration and courage. The team member will use Novant Health’s First Do No Harm (NHFDNH) safety behaviors/error prevention tools and high reliability strategies as appropriate to ensure a safe, remarkable patient experience.
Digital Products & Services team members are responsible for securely managing information systems throughout their lifecycle, including knowing what information systems are within their scope of responsibility, understanding what sensitive data is stored, transmitted, or processed on those information systems, enforcing the security principles of least privilege and least functionality, knowing what events may constitute a cybersecurity incident, and understanding their role in security incident response activities.
The Sr Director Cybersecurity (Sr Director) is responsible for translating the department’s vision and strategy into mission and tasks to manage cybersecurity risk to acceptable levels. The Sr Director acts as an expert advisor to the CISO as well as other customers (internal & external) by providing cybersecurity decision support for business initiatives. The team member demonstrates effective leadership, communication, relationship building, and decision making at every opportunity. The Sr Director oversees cybersecurity strategy, ensuring that its digital assets are protected from various threats and entails a mix of strategic planning, team management, and technical oversight.
Under general direction of the CISO, the Sr Director is responsible for integrating cybersecurity products and services into service lines across the organization. The Sr Director supports the CISO in development of the department’s strategy, identifies cybersecurity deficiencies and directs process improvement for cybersecurity products and service lines.
Qualifications
- Education: 4 Year / Bachelors Degree , required. Graduate Degree preferred.
- Experience: 10+ years of Information security experience required . Minimum 7 years IT related experience; Experience working in a complex healthcare environment; Experience in carrying out leadership roles and responsibilities years in a senior leadership role, required.
- Licensure/Certification: CISSP and CompTIA Security+ and ITIL Foundation (or equivalent) required. CISM, CRISC, CGEIT, CISA, CASP, COBIT Foundation (or equivalent) required.
- Additional Skills (required):
- Advanced knowledge of cybersecurity principles.
- Advanced knowledge of the NIST Cybersecurity Framework for Critical Infrastructure, NIST 800-53, HIPAA, PCI DSS, ITIL, and COBIT.
- Advanced knowledge of information security program management principles.
- Advanced knowledge of the organization's core business/mission processes.
- Advanced knowledge of resource management principles and techniques.
- Advanced knowledge of Information Technology life cycle processes.
- Advanced knowledge of security architecture concepts and enterprise architecture reference models.
- Advanced knowledge of relevant business processes and operations for customers and key cybersecurity stakeholders.
- Advanced knowledge of new and emerging Information Technology (IT) and cybersecurity technologies.
- Advanced knowledge of host, user, and network access control principles.
- Advanced knowledge of information classification concepts.
- Advanced knowledge of information assurance (IA) principles and organizational requirements to protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and data.
- Advanced knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
- Advanced knowledge of computer networking concepts and protocols, and network security methodologies.
- Advanced knowledge of server and client operating systems.
Responsibilities
- Leadership: Translate department vision and strategy into mission and tasks to deliver to operational leaders. Develop and maintain department strategy to meet organizational cybersecurity needs. Embrace and lead change. Share subject matter expertise with department and customers through documentation, consults, and meetings. Maintain and demonstrate professional competency according to department policies and procedures. Comply with organization and department policies and procedures. Lead and manage the cybersecurity team, including recruiting, training, and mentoring staff. Strong leadership skills with the ability to manage and motivate a team. Proven track record in developing and executing strategic plans.
- Communication: Collaborate with organizational leaders to support organizational objectives. Build relationships with key stakeholders and identifies and addresses barriers to success. Communicate the value of Cybersecurity Products & Services throughout all levels of the organization's stakeholders. Promote awareness of cybersecurity issues among leadership and promote the incorporation of sound cybersecurity principles into new and existing business initiatives. Ability to translate technical concepts into business terms for non-technical audiences.Communicate cybersecurity strategies and issues to executive leadership and other key stakeholders. Provide reports and updates on the state of cybersecurity within the organization.
- Business Acumen: Stay current with emerging threats, technology trends, and regulatory requirements to adapt strategies accordingly. Seeks opportunities to contain/reduce cost, increase revenue, and improve processes. Demonstrate innovation, creativity, and the ability to problem solve. Adopt new knowledge and practices that are appropriate to work. Think and plan strategically. Build relationships with key stakeholders and identify and addresses barriers to success. Recognize the interdependencies and connection between various systems and processes. Focus on long term objectives and considers future implications of near-term decisions.
- Quality Improvement: Integrate cybersecurity products and services into service lines across the organization. Identify deficiencies and direct process improvement across cybersecurity products and service lines. Demonstrate knowledge of process improvement principles and applies appropriately to improvement activities. Foster a culture of security awareness and continuous improvement within the organization.
- Human Resources: Oversee the maintenance of cybersecurity job descriptions, career ladder, and talent credit history matrix. Oversee and maintain team member personal development plans, performance management, and time & attendance. Directly manage the following Cybersecurity functional team(s): Access Security Engineering. Identify and address cybersecurity workforce planning and management issues, such as recruitment, retention, and training. Provide ongoing informal and formal feedback to direct reports, coaching them for success.
- Financial: Assist the CISO with planning and overseeing the Cybersecurity Products & Services budget, staffing, and contracting in order to maintain the appropriate people, process, and technology necessary to support the organization’s cybersecurity capabilities.
- Budget Management: Develop and manage the cybersecurity budget, ensuring that resources are allocated effectively. Evaluate and approve investments in cybersecurity technologies and services.
- Technical Expertise: In-depth knowledge of cybersecurity technologies, threat landscapes, and best practices. Experience with security frameworks and standards, such as NIST, ISO 27001, or CIS Controls.
- Project Management: Experience managing projects and initiatives related to cybersecurity.